From 4f9bc7535d39c9057ced91dc07271a2b592cd02d Mon Sep 17 00:00:00 2001 From: Ryan McCue Date: Mon, 31 Oct 2016 03:52:08 +0000 Subject: [PATCH] REST API: Support password on non-post post types. The password field was incorrectly only added to "post" post types, but is supported for all post types in the Dashboard UI. Props jnylen0. Fixes #38582. git-svn-id: https://develop.svn.wordpress.org/trunk@39047 602fd350-edb4-49c9-b593-d223f7449a82 --- .../class-wp-rest-attachments-controller.php | 2 + .../class-wp-rest-posts-controller.php | 11 ++- .../tests/rest-api/rest-pages-controller.php | 69 ++++++++++++++++++- .../tests/rest-api/rest-posts-controller.php | 7 +- 4 files changed, 81 insertions(+), 8 deletions(-) diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php index 52c84e15a6..2749b12d22 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php @@ -419,6 +419,8 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 'readonly' => true, ); + unset( $schema['properties']['password'] ); + return $schema; } diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index 49d030bad7..b36ba66654 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php @@ -1747,6 +1747,11 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), + 'password' => array( + 'description' => __( 'A password to protect access to the content and excerpt.' ), + 'type' => 'string', + 'context' => array( 'edit' ), + ), ), ); @@ -1948,12 +1953,6 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { 'type' => 'boolean', 'context' => array( 'view', 'edit' ), ); - - $schema['properties']['password'] = array( - 'description' => __( 'A password to protect access to the content and excerpt.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - ); } if ( 'page' === $this->post_type ) { diff --git a/tests/phpunit/tests/rest-api/rest-pages-controller.php b/tests/phpunit/tests/rest-api/rest-pages-controller.php index 29f050faf3..2ce9afe394 100644 --- a/tests/phpunit/tests/rest-api/rest-pages-controller.php +++ b/tests/phpunit/tests/rest-api/rest-pages-controller.php @@ -358,12 +358,78 @@ class WP_Test_REST_Pages_Controller extends WP_Test_REST_Post_Type_Controller_Te $this->assertEquals( 0, $new_data['menu_order'] ); } + public function test_get_page_with_password() { + $page_id = $this->factory->post->create( array( + 'post_type' => 'page', + 'post_password' => '$inthebananastand', + ) ); + + $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) ); + $response = $this->server->dispatch( $request ); + + $data = $response->get_data(); + $this->assertEquals( '', $data['content']['rendered'] ); + $this->assertTrue( $data['content']['protected'] ); + $this->assertEquals( '', $data['excerpt']['rendered'] ); + $this->assertTrue( $data['excerpt']['protected'] ); + } + + public function test_get_page_with_password_using_password() { + $page_id = $this->factory->post->create( array( + 'post_type' => 'page', + 'post_password' => '$inthebananastand', + 'post_content' => 'Some secret content.', + 'post_excerpt' => 'Some secret excerpt.', + ) ); + + $page = get_post( $page_id ); + $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) ); + $request->set_param( 'password', '$inthebananastand' ); + $response = $this->server->dispatch( $request ); + + $data = $response->get_data(); + $this->assertEquals( wpautop( $page->post_content ), $data['content']['rendered'] ); + $this->assertTrue( $data['content']['protected'] ); + $this->assertEquals( wpautop( $page->post_excerpt ), $data['excerpt']['rendered'] ); + $this->assertTrue( $data['excerpt']['protected'] ); + } + + public function test_get_page_with_password_using_incorrect_password() { + $page_id = $this->factory->post->create( array( + 'post_type' => 'page', + 'post_password' => '$inthebananastand', + ) ); + + $page = get_post( $page_id ); + $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) ); + $request->set_param( 'password', 'wrongpassword' ); + $response = $this->server->dispatch( $request ); + + $this->assertErrorResponse( 'rest_post_incorrect_password', $response, 403 ); + } + + public function test_get_page_with_password_without_permission() { + $page_id = $this->factory->post->create( array( + 'post_type' => 'page', + 'post_password' => '$inthebananastand', + 'post_content' => 'Some secret content.', + 'post_excerpt' => 'Some secret excerpt.', + ) ); + $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/pages/%d', $page_id ) ); + $response = $this->server->dispatch( $request ); + $data = $response->get_data(); + $this->assertEquals( '', $data['content']['rendered'] ); + $this->assertTrue( $data['content']['protected'] ); + $this->assertEquals( '', $data['excerpt']['rendered'] ); + $this->assertTrue( $data['excerpt']['protected'] ); + } + public function test_get_item_schema() { $request = new WP_REST_Request( 'OPTIONS', '/wp/v2/pages' ); $response = $this->server->dispatch( $request ); $data = $response->get_data(); $properties = $data['schema']['properties']; - $this->assertEquals( 21, count( $properties ) ); + $this->assertEquals( 22, count( $properties ) ); $this->assertArrayHasKey( 'author', $properties ); $this->assertArrayHasKey( 'comment_status', $properties ); $this->assertArrayHasKey( 'content', $properties ); @@ -379,6 +445,7 @@ class WP_Test_REST_Pages_Controller extends WP_Test_REST_Post_Type_Controller_Te $this->assertArrayHasKey( 'modified', $properties ); $this->assertArrayHasKey( 'modified_gmt', $properties ); $this->assertArrayHasKey( 'parent', $properties ); + $this->assertArrayHasKey( 'password', $properties ); $this->assertArrayHasKey( 'ping_status', $properties ); $this->assertArrayHasKey( 'slug', $properties ); $this->assertArrayHasKey( 'status', $properties ); diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index 3365f7767c..1a8545b522 100644 --- a/tests/phpunit/tests/rest-api/rest-posts-controller.php +++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php @@ -770,7 +770,9 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $this->check_get_post_response( $response, 'view' ); $data = $response->get_data(); + $this->assertEquals( '', $data['content']['rendered'] ); $this->assertTrue( $data['content']['protected'] ); + $this->assertEquals( '', $data['excerpt']['rendered'] ); $this->assertTrue( $data['excerpt']['protected'] ); } @@ -790,7 +792,9 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $data = $response->get_data(); $this->assertEquals( wpautop( $post->post_content ), $data['content']['rendered'] ); + $this->assertTrue( $data['content']['protected'] ); $this->assertEquals( wpautop( $post->post_excerpt ), $data['excerpt']['rendered'] ); + $this->assertTrue( $data['excerpt']['protected'] ); } public function test_get_post_with_password_using_incorrect_password() { @@ -817,8 +821,9 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $data = $response->get_data(); $this->check_get_post_response( $response, 'view' ); $this->assertEquals( '', $data['content']['rendered'] ); + $this->assertTrue( $data['content']['protected'] ); $this->assertEquals( '', $data['excerpt']['rendered'] ); - + $this->assertTrue( $data['excerpt']['protected'] ); } public function test_get_item_read_permission_custom_post_status() {