REST API: Support password on non-post post types.

The password field was incorrectly only added to "post" post types, but is supported for all post types in the Dashboard UI. Props jnylen0. Fixes #38582. git-svn-id: https://develop.svn.wordpress.org/trunk@39047 602fd350-edb4-49c9-b593-d223f7449a82
2016-10-31 03:52:08 +00:00 · 2016-10-31 03:52:08 +00:00 · 4f9bc7535d
commit 4f9bc7535d
parent a86bc6f565
4 changed files with 81 additions and 8 deletions
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
@ -419,6 +419,8 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller {
 			'readonly'        => true,
 		);

+		unset( $schema['properties']['password'] );
+
 		return $schema;
 	}

--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
@ -1747,6 +1747,11 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
 					'context'     => array( 'view', 'edit', 'embed' ),
 					'readonly'    => true,
 				),
+				'password'        => array(
+					'description' => __( 'A password to protect access to the content and excerpt.' ),
+					'type'        => 'string',
+					'context'     => array( 'edit' ),
+				),
 			),
 		);

@ -1948,12 +1953,6 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
 				'type'        => 'boolean',
 				'context'     => array( 'view', 'edit' ),
 			);
-
-			$schema['properties']['password'] = array(
-				'description' => __( 'A password to protect access to the content and excerpt.' ),
-				'type'        => 'string',
-				'context'     => array( 'edit' ),
-			);
 		}

 		if ( 'page' === $this->post_type ) {
--- a/tests/phpunit/tests/rest-api/rest-pages-controller.php
+++ b/tests/phpunit/tests/rest-api/rest-pages-controller.php
@ -358,12 +358,78 @@ class WP_Test_REST_Pages_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$this->assertEquals( 0, $new_data['menu_order'] );
 	}

+	public function test_get_page_with_password() {
+		$page_id = $this->factory->post->create( array(
+			'post_type'     => 'page',
+			'post_password' => '$inthebananastand',
+		) );
+
+		$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) );
+		$response = $this->server->dispatch( $request );
+
+		$data = $response->get_data();
+		$this->assertEquals( '', $data['content']['rendered'] );
+		$this->assertTrue( $data['content']['protected'] );
+		$this->assertEquals( '', $data['excerpt']['rendered'] );
+		$this->assertTrue( $data['excerpt']['protected'] );
+	}
+
+	public function test_get_page_with_password_using_password() {
+		$page_id = $this->factory->post->create( array(
+			'post_type'     => 'page',
+			'post_password' => '$inthebananastand',
+			'post_content'  => 'Some secret content.',
+			'post_excerpt'  => 'Some secret excerpt.',
+		) );
+
+		$page = get_post( $page_id );
+		$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) );
+		$request->set_param( 'password', '$inthebananastand' );
+		$response = $this->server->dispatch( $request );
+
+		$data = $response->get_data();
+		$this->assertEquals( wpautop( $page->post_content ), $data['content']['rendered'] );
+		$this->assertTrue( $data['content']['protected'] );
+		$this->assertEquals( wpautop( $page->post_excerpt ), $data['excerpt']['rendered'] );
+		$this->assertTrue( $data['excerpt']['protected'] );
+	}
+
+	public function test_get_page_with_password_using_incorrect_password() {
+		$page_id = $this->factory->post->create( array(
+			'post_type'     => 'page',
+			'post_password' => '$inthebananastand',
+		) );
+
+		$page = get_post( $page_id );
+		$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) );
+		$request->set_param( 'password', 'wrongpassword' );
+		$response = $this->server->dispatch( $request );
+
+		$this->assertErrorResponse( 'rest_post_incorrect_password', $response, 403 );
+	}
+
+	public function test_get_page_with_password_without_permission() {
+		$page_id = $this->factory->post->create( array(
+			'post_type'     => 'page',
+			'post_password' => '$inthebananastand',
+			'post_content'  => 'Some secret content.',
+			'post_excerpt'  => 'Some secret excerpt.',
+		) );
+		$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) );
+		$response = $this->server->dispatch( $request );
+		$data = $response->get_data();
+		$this->assertEquals( '', $data['content']['rendered'] );
+		$this->assertTrue( $data['content']['protected'] );
+		$this->assertEquals( '', $data['excerpt']['rendered'] );
+		$this->assertTrue( $data['excerpt']['protected'] );
+	}
+
 	public function test_get_item_schema() {
 		$request = new WP_REST_Request( 'OPTIONS', '/wp/v2/pages' );
 		$response = $this->server->dispatch( $request );
 		$data = $response->get_data();
 		$properties = $data['schema']['properties'];
-		$this->assertEquals( 21, count( $properties ) );
+		$this->assertEquals( 22, count( $properties ) );
 		$this->assertArrayHasKey( 'author', $properties );
 		$this->assertArrayHasKey( 'comment_status', $properties );
 		$this->assertArrayHasKey( 'content', $properties );
@ -379,6 +445,7 @@ class WP_Test_REST_Pages_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$this->assertArrayHasKey( 'modified', $properties );
 		$this->assertArrayHasKey( 'modified_gmt', $properties );
 		$this->assertArrayHasKey( 'parent', $properties );
+		$this->assertArrayHasKey( 'password', $properties );
 		$this->assertArrayHasKey( 'ping_status', $properties );
 		$this->assertArrayHasKey( 'slug', $properties );
 		$this->assertArrayHasKey( 'status', $properties );
--- a/tests/phpunit/tests/rest-api/rest-posts-controller.php
+++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php
@ -770,7 +770,9 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$this->check_get_post_response( $response, 'view' );

 		$data = $response->get_data();
+		$this->assertEquals( '', $data['content']['rendered'] );
 		$this->assertTrue( $data['content']['protected'] );
+		$this->assertEquals( '', $data['excerpt']['rendered'] );
 		$this->assertTrue( $data['excerpt']['protected'] );
 	}

@ -790,7 +792,9 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te

 		$data = $response->get_data();
 		$this->assertEquals( wpautop( $post->post_content ), $data['content']['rendered'] );
+		$this->assertTrue( $data['content']['protected'] );
 		$this->assertEquals( wpautop( $post->post_excerpt ), $data['excerpt']['rendered'] );
+		$this->assertTrue( $data['excerpt']['protected'] );
 	}

 	public function test_get_post_with_password_using_incorrect_password() {
@ -817,8 +821,9 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$data = $response->get_data();
 		$this->check_get_post_response( $response, 'view' );
 		$this->assertEquals( '', $data['content']['rendered'] );
+		$this->assertTrue( $data['content']['protected'] );
 		$this->assertEquals( '', $data['excerpt']['rendered'] );
-
+		$this->assertTrue( $data['excerpt']['protected'] );
 	}

 	public function test_get_item_read_permission_custom_post_status() {