Make WordPress Core


Ignore:
Timestamp:
04/14/2021 11:25:28 PM (4 years ago)
Author:
desrosj
Message:

REST API: Allow authors to read their own password protected posts.

Allow authenticated users to read the contents of password protected posts if they have the edit_post meta capability for the post.

Merges [50717] to the 5.7 branch.
Props xknown, zieladam, peterwilsoncc, swissspidy, timothyblynjacobs.

Location:
branches/5.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.7

  • branches/5.7/tests/phpunit/tests/rest-api/rest-posts-controller.php

    r50284 r50718  
    18191819
    18201820        $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
     1821    }
     1822
     1823    public function test_get_post_draft_edit_context() {
     1824        $post_content = 'Hello World!';
     1825        $this->factory->post->create(
     1826            array(
     1827                'post_title'    => 'Hola',
     1828                'post_password' => 'password',
     1829                'post_content'  => $post_content,
     1830                'post_excerpt'  => $post_content,
     1831                'post_author'   => self::$editor_id,
     1832            )
     1833        );
     1834        $draft_id = $this->factory->post->create(
     1835            array(
     1836                'post_status'  => 'draft',
     1837                'post_author'  => self::$contributor_id,
     1838                'post_content' => '<!-- wp:latest-posts {"displayPostContent":true} /--> <!-- wp:latest-posts {"displayPostContent":true,"displayPostContentRadio":"full_post"} /-->',
     1839            )
     1840        );
     1841        wp_set_current_user( self::$contributor_id );
     1842        $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', $draft_id ) );
     1843        $request->set_param( 'context', 'edit' );
     1844        $response = rest_get_server()->dispatch( $request );
     1845        $data     = $response->get_data();
     1846        $this->assertNotContains( $post_content, $data['content']['rendered'] );
    18211847    }
    18221848
Note: See TracChangeset for help on using the changeset viewer.