REST API: Allow authors to read their own password protected posts.

Allow authenticated users to read the contents of password protected posts if they have the `edit_post` meta capability for the post.

Props xknown, zieladam, peterwilsoncc, swissspidy, timothyblynjacobs.

git-svn-id: https://develop.svn.wordpress.org/trunk@50717 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jonathan Desrosiers
2021-04-14 23:22:07 +00:00
parent 60fa61de5b
commit 312b67e82a
2 changed files with 80 additions and 7 deletions

View File

@@ -1820,6 +1820,32 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
$this->assertErrorResponse( 'rest_forbidden', $response, 401 );
}
public function test_get_post_draft_edit_context() {
$post_content = 'Hello World!';
$this->factory->post->create(
array(
'post_title' => 'Hola',
'post_password' => 'password',
'post_content' => $post_content,
'post_excerpt' => $post_content,
'post_author' => self::$editor_id,
)
);
$draft_id = $this->factory->post->create(
array(
'post_status' => 'draft',
'post_author' => self::$contributor_id,
'post_content' => '<!-- wp:latest-posts {"displayPostContent":true} /--> <!-- wp:latest-posts {"displayPostContent":true,"displayPostContentRadio":"full_post"} /-->',
)
);
wp_set_current_user( self::$contributor_id );
$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', $draft_id ) );
$request->set_param( 'context', 'edit' );
$response = rest_get_server()->dispatch( $request );
$data = $response->get_data();
$this->assertNotContains( $post_content, $data['content']['rendered'] );
}
public function test_get_post_invalid_id() {
$request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER );
$response = rest_get_server()->dispatch( $request );