From 4a75ee62741808e8b4ba3f68c1d62fa65d0e5e1d Mon Sep 17 00:00:00 2001
From: Rebecca Hum <16962021+rebeccahum@users.noreply.github.com>
Date: Tue, 8 Nov 2022 17:06:30 -0700
Subject: [PATCH] Pull in https://github.com/10up/ElasticPress/pull/3004

---
 .../Feature/SearchOrdering/SearchOrdering.php     | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/includes/classes/Feature/SearchOrdering/SearchOrdering.php b/includes/classes/Feature/SearchOrdering/SearchOrdering.php
index 5b5d419a24..eeb13855f3 100644
--- a/includes/classes/Feature/SearchOrdering/SearchOrdering.php
+++ b/includes/classes/Feature/SearchOrdering/SearchOrdering.php
@@ -35,6 +35,11 @@ class SearchOrdering extends Feature {
 	 */
 	const TAXONOMY_NAME = 'ep_custom_result';
 
+	/**
+	 * Capability required to manage.
+	 */
+	const CAPABILITY = 'manage_options';
+
 	/**
 	 * Initialize feature setting it's config
 	 *
@@ -210,7 +215,7 @@ public function admin_menu() {
 			'elasticpress',
 			esc_html__( 'Custom Results', 'elasticpress' ),
 			esc_html__( 'Custom Results', 'elasticpress' ),
-			'manage_options',
+			self::CAPABILITY,
 			'edit.php?post_type=' . self::POST_TYPE_NAME
 		);
 	}
@@ -685,7 +690,9 @@ public function rest_api_init() {
 			[
 				'methods'             => 'GET',
 				'callback'            => [ $this, 'handle_pointer_search' ],
-				'permission_callback' => '__return_true',
+				'permission_callback' => function() {
+					return current_user_can( self::CAPABILITY );
+				},
 				'args'                => [
 					's' => [
 						'validate_callback' => function ( $param ) {
@@ -703,7 +710,9 @@ public function rest_api_init() {
 			[
 				'methods'             => 'GET',
 				'callback'            => [ $this, 'handle_pointer_preview' ],
-				'permission_callback' => '__return_true',
+				'permission_callback' => function() {
+					return current_user_can( self::CAPABILITY );
+				},
 				'args'                => [
 					's' => [
 						'validate_callback' => function ( $param ) {