[wp-trac] [WordPress Trac] #38692: REST API: Add support for comments of password-protected posts
WordPress Trac
noreply at wordpress.org
Mon Nov 21 23:05:25 UTC 2016
#38692: REST API: Add support for comments of password-protected posts
----------------------------------------+------------------------------
Reporter: jnylen0 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+------------------------------
Changes (by flixos90):
* keywords: needs-patch => has-patch needs-unit-tests
Comment:
[attachment:38692.diff] allows to read comments of password-protected
posts when passing the correct `password` parameter with the request. It
works by making the
`WP_REST_Posts_Controller::can_access_password_content()` method public
and calling it from
`WP_REST_Comments_Controller::check_read_post_permission()`. In order for
it to work, the `$request` object is passed to that method.
Thoughts / questsions:
* The password check is also applied when querying for multiple comments.
Should we deal with passing multiple passwords? At the moment you can only
pass that parameter once, so it won't be possible to query comments of
multiple password-protected posts. My personal thought is that, since this
is rather edge-case, let's no handle it for now and maybe open an
enhancement ticket at some point as necessary.
* Should this the parent post check be built into
`WP_REST_Comments_Controller::check_edit_permission()` as well? I don't
think this makes sense since I don't see how someone that can edit the
comment wouldn't be able to read the password-protected post. Correct me
if I'm wrong.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38692#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list