Allow custom authentication checks for post passwords
|Reported by:||rmccue||Owned by:||jorbin|
|Component:||Posts, Post Types||Keywords:||needs-dev-note|
In order to implement post passwords for non-web contexts (such as a REST API), it'd be really nice to allow custom authentication checks for whether a post password is required.
All of the password checking is abstracted nicely away into post_password_required(), but this checks the cookie and is not filterable at all. By making this filterable, we can allow custom handling in the REST API.
As a side-effect, this can make it easier to implement custom access controls for post content. For example, a filter on post_password_required could check if the user has paid for the content. get_the_password_form is already filterable, and these two could be combined nicely. This brings the advantage of working with other parts of core without needing a tonne of filters everywhere. It also allows more custom access controls, such as allowing super admins access to passworded posts.
Change History (7)
- Owner set to jorbin
- Resolution set to fixed
- Status changed from new to closed