From 8cbd30e3ce869f10429519fff1d3370269b9756a Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Fri, 16 Dec 2016 05:45:50 +0000 Subject: [PATCH] REST API: Do not include the `password` argument when getting media items Currently, `attachment` is the only post type exposed via the REST API that does not support password protection, but it's possible for other post types to remove password support. Props jnylen0. Merges [39595] to the 4.7 branch. Fixes #38977. git-svn-id: https://develop.svn.wordpress.org/branches/4.7@39610 602fd350-edb4-49c9-b593-d223f7449a82 --- .../class-wp-rest-posts-controller.php | 18 +++++++++++------- .../rest-api/rest-attachments-controller.php | 13 +++++++++++++ .../tests/rest-api/rest-posts-controller.php | 9 +++++++++ 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index 872a6607cb..40955b3c1d 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php @@ -77,18 +77,22 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { 'schema' => array( $this, 'get_public_item_schema' ), ) ); + $schema = $this->get_item_schema(); + $get_item_args = array( + 'context' => $this->get_context_param( array( 'default' => 'view' ) ), + ); + if ( isset( $schema['properties']['password'] ) ) { + $get_item_args['password'] = array( + 'description' => __( 'The password for the post if it is password protected.' ), + 'type' => 'string', + ); + } register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P[\d]+)', array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_item' ), 'permission_callback' => array( $this, 'get_item_permissions_check' ), - 'args' => array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - 'password' => array( - 'description' => __( 'The password for the post if it is password protected.' ), - 'type' => 'string', - ), - ), + 'args' => $get_item_args, ), array( 'methods' => WP_REST_Server::EDITABLE, diff --git a/tests/phpunit/tests/rest-api/rest-attachments-controller.php b/tests/phpunit/tests/rest-api/rest-attachments-controller.php index 0de092dafc..a651a7622f 100644 --- a/tests/phpunit/tests/rest-api/rest-attachments-controller.php +++ b/tests/phpunit/tests/rest-api/rest-attachments-controller.php @@ -172,6 +172,19 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control $this->assertEqualSets( $media_types, $data['endpoints'][0]['args']['media_type']['enum'] ); } + public function test_registered_get_item_params() { + $id1 = $this->factory->attachment->create_object( $this->test_file, 0, array( + 'post_mime_type' => 'image/jpeg', + 'post_excerpt' => 'A sample caption', + ) ); + $request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/media/%d', $id1 ) ); + $response = $this->server->dispatch( $request ); + $data = $response->get_data(); + $keys = array_keys( $data['endpoints'][0]['args'] ); + sort( $keys ); + $this->assertEquals( array( 'context' ), $keys ); + } + public function test_get_items() { wp_set_current_user( 0 ); $id1 = $this->factory->attachment->create_object( $this->test_file, 0, array( diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index 886ae3c5a6..7389b971b3 100644 --- a/tests/phpunit/tests/rest-api/rest-posts-controller.php +++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php @@ -121,6 +121,15 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te ), $keys ); } + public function test_registered_get_item_params() { + $request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/posts/%d', self::$post_id ) ); + $response = $this->server->dispatch( $request ); + $data = $response->get_data(); + $keys = array_keys( $data['endpoints'][0]['args'] ); + sort( $keys ); + $this->assertEquals( array( 'context', 'password' ), $keys ); + } + public function test_get_items() { $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); $response = $this->server->dispatch( $request );