-
Notifications
You must be signed in to change notification settings - Fork 16
Allow unauthenticated user to view a customize-draft post via REST API #117
Conversation
2 similar comments
return $allcaps; | ||
} | ||
|
||
$post = get_post( absint( $args[2] ) ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question: Why absint
? Should be guaranteed to already be a post ID. If it isn't, then the previous if
should check for it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it seems to be guaranteed, good point. Added that automatically, will remove.
if ( ! $chageset_id ) { | ||
return $allcaps; | ||
} | ||
$data = $this->post_type->get_post_content( get_post( absint( $chageset_id ) ) ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mispelling in chageset_id
.
if ( isset( $data[ $key ] ) ) { | ||
$changeset_post_values = $data[ $key ]['value']; | ||
if ( isset( $changeset_post_values['post_status'] ) ) { | ||
$is_published = 'publish' === $changeset_post_values['post_status']; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if the post is private and the current user can read private posts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unauthenticated user shouldn't have the ability to read private posts by default. Are you thinking of a case when reading private posts permission is given somewhere else to the unauthenticated user via a filter? Maybe it should be handled in the place where that's added then? Or in which cases would unauthenticated user have the permission to read private posts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm thinking of when a less-privileged authenticated user is making an API request. Consider an editor
user making an authenticated request to the API. They should be able to see a post which is in the DB as an draft
but which is private
in the customized state.
'0' => 'read_post', | ||
'2' => $post_id, | ||
); | ||
$allcaps = $this->manager->filter_user_has_cap( array(), $caps, $args ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of using the filter_user_has_cap
method directly, should this instead use current_user_can
to ensure that the filter is applying?
|
||
if ( | ||
! $this->current_snapshot_uuid | ||
|| 0 !== $current_user->ID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the check for current user being 0
should be removed because it should also work for under-privileged users making authenticated requests to read posts that normally they wouldn't be able to read, except that the post is made readable due to the status
in the customized state.
Consider an author user making an authenticated API request. They should be able to access a post that is draft
in the DB but publish
in the customized state.
! $this->current_snapshot_uuid | ||
|| 0 !== $current_user->ID | ||
|| ! isset( $args[2] ) | ||
|| 'read_post' !== $args['0'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is 0
a string here?
|
||
if ( true === $is_published ) { | ||
$allcaps[ $caps[0] ] = true; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You might want to change the condition here to be:
$allcaps[ $caps[0] ] = $is_published;
This could potentially handle the reverse condition where access to a post could be revoked if if its status is changed from publish
to private
and the user is not authorized to view private posts. There's probably more to it than that, but this is what came to mind.
$args = array( | ||
'0' => 'read_post', | ||
'2' => $post_id, | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These variables, $args
and $caps
aren't being used?
$post_id = $this->factory()->post->create( array( | ||
'post_type' => 'post', | ||
'post_status' => 'auto-draft', | ||
) ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can there be other posts here including ones that have the draft
, private
, and publish
statuses? Then below in the changeset data these posts can have the post_status
overridden to for example reverse the statuses. Then at the end it can set the current user to anonymous, to an author, and to an administrator and for each then the read_post
cap check can be verified to return the proper result for the customized state?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On it. For some reason checking for read_post
cap causes failure (fatal error) in unit tests, haven't figured out why yet, that's why the delay in fixing.
…th-users-api-read-permissions
Changes Unknown when pulling abefb00 on feature/grant-unauth-users-api-read-permissions into ** on develop**. |
@miina Please fix merge conflicts so I can review. Thanks! |
Fixes #32
Allows unauthenticated user read a customize-draft post in case it's with status
publish
within the Snapshot/Changeset.