#38056 closed enhancement (fixed)
Allow custom authentication checks for post passwords
Reported by: | rmccue | Owned by: | jorbin |
---|---|---|---|
Milestone: | 4.7 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Posts, Post Types | Keywords: | |
Focuses: | Cc: |
Description
In order to implement post passwords for non-web contexts (such as a REST API), it'd be really nice to allow custom authentication checks for whether a post password is required.
All of the password checking is abstracted nicely away into post_password_required()
, but this checks the cookie and is not filterable at all. By making this filterable, we can allow custom handling in the REST API.
As a side-effect, this can make it easier to implement custom access controls for post content. For example, a filter on post_password_required
could check if the user has paid for the content. get_the_password_form
is already filterable, and these two could be combined nicely. This brings the advantage of working with other parts of core without needing a tonne of filters everywhere. It also allows more custom access controls, such as allowing super admins access to passworded posts.
Attachments (1)
Change History (9)
This ticket was mentioned in Slack in #core by kadamwhite. View the logs.
8 years ago
#3
@
8 years ago
- Owner set to jorbin
- Resolution set to fixed
- Status changed from new to closed
In 38603:
This ticket was mentioned in Slack in #core by rmccue. View the logs.
8 years ago
#6
@
8 years ago
- Keywords needs-dev-note added
Would like to see a dev note on how this is used in the REST API, and how it can be used to implement true per-post passwords (or, if #16483 ends up going in, how to get back that old behavior).
Filter the return value of post_password_required