Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block Bindings: Don't show protected fields that are bound to blocks #59326

Merged
merged 9 commits into from Feb 28, 2024
Merged

Block Bindings: Don't show protected fields that are bound to blocks #59326

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
b1e87cf
Check if the meta field is protected
SantosGuillamot Feb 23, 2024
7734683
Check if the meta field is available in the REST API
SantosGuillamot Feb 23, 2024
f8eab39
Use `get_registered_meta_keys` function
SantosGuillamot Feb 23, 2024
1117928
Return empty string instead of null
SantosGuillamot Feb 23, 2024
8da1667
Return null if the bindings config is not correct
SantosGuillamot Feb 26, 2024
b667e5c
Return `null` when the field is unavailable or protected
SantosGuillamot Feb 27, 2024
8697058
Add tests for protected fields
SantosGuillamot Feb 27, 2024
5eda970
Update tests to match current behavior
SantosGuillamot Feb 28, 2024
471745d
Remove unnecessary `show_in_rest` conditional
SantosGuillamot Feb 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
13 changes: 13 additions & 0 deletions lib/compat/wordpress-6.5/block-bindings/post-meta.php
View file
Open in desktop
Expand Up @@ -28,6 +28,19 @@ function gutenberg_block_bindings_post_meta_callback( $source_attrs, $block_inst
return null;
}

// Check if the meta field is protected.
if ( is_protected_meta( $source_attrs['key'], 'post' ) ) {
return null;
}

// Check if the meta field is registered to be shown in REST.
$meta_keys = get_registered_meta_keys( 'post', $block_instance->context['postType'] );
// Add fields registered for all subtypes.
$meta_keys = array_merge( $meta_keys, get_registered_meta_keys( 'post', '' ) );
if ( empty( $meta_keys[ $source_attrs['key'] ]['show_in_rest'] ) || false === $meta_keys[ $source_attrs['key'] ]['show_in_rest'] ) {
SantosGuillamot marked this conversation as resolved.
Show resolved Hide resolved
return null;
}

return get_post_meta( $post_id, $source_attrs['key'], true );
}

Expand Down
20 changes: 19 additions & 1 deletion packages/e2e-tests/plugins/block-bindings.php
View file
Open in desktop
Expand Up @@ -21,7 +21,6 @@ function gutenberg_test_block_bindings_register_custom_fields() {
'default' => 'Value of the text_custom_field',
)
);
// TODO: Change url.
register_meta(
'post',
'url_custom_field',
Expand All @@ -32,5 +31,24 @@ function gutenberg_test_block_bindings_register_custom_fields() {
'default' => '#url-custom-field',
)
);
register_meta(
'post',
'_protected_field',
array(
'type' => 'string',
'single' => true,
'default' => 'protected field value',
)
);
register_meta(
'post',
'show_in_rest_false_field',
array(
'show_in_rest' => false,
'type' => 'string',
'single' => true,
'default' => 'show_in_rest false field value',
)
);
}
add_action( 'init', 'gutenberg_test_block_bindings_register_custom_fields' );
72 changes: 68 additions & 4 deletions test/e2e/specs/editor/various/block-bindings.spec.js
View file
Open in desktop
Expand Up @@ -1218,7 +1218,7 @@ test.describe( 'Block bindings', () => {
name: 'core/paragraph',
attributes: {
anchor: 'paragraph-binding',
content: 'p',
content: 'fallback value',
metadata: {
bindings: {
content: {
Expand All @@ -1244,9 +1244,73 @@ test.describe( 'Block bindings', () => {
// Check the frontend doesn't show the content.
const postId = await editor.publishPost();
await page.goto( `/?p=${ postId }` );
await expect(
page.locator( '#paragraph-binding' )
).toBeHidden();
await expect( page.locator( '#paragraph-binding' ) ).toHaveText(
'non_existing_custom_field'
);
} );

test( 'should not show the value of a protected meta field', async ( {
editor,
page,
} ) => {
await editor.insertBlock( {
name: 'core/paragraph',
attributes: {
anchor: 'paragraph-binding',
content: 'fallback value',
metadata: {
bindings: {
content: {
source: 'core/post-meta',
args: { key: '_protected_field' },
},
},
},
},
} );
const paragraphBlock = editor.canvas.getByRole( 'document', {
name: 'Block: Paragraph',
} );
await expect( paragraphBlock ).toHaveText( '_protected_field' );
// Check the frontend doesn't show the content.
const postId = await editor.publishPost();
await page.goto( `/?p=${ postId }` );
await expect( page.locator( '#paragraph-binding' ) ).toHaveText(
'_protected_field'
);
} );

test( 'should not show the value of a meta field with `show_in_rest` false', async ( {
editor,
page,
} ) => {
await editor.insertBlock( {
name: 'core/paragraph',
attributes: {
anchor: 'paragraph-binding',
content: 'fallback value',
metadata: {
bindings: {
content: {
source: 'core/post-meta',
args: { key: 'show_in_rest_false_field' },
},
},
},
},
} );
const paragraphBlock = editor.canvas.getByRole( 'document', {
name: 'Block: Paragraph',
} );
await expect( paragraphBlock ).toHaveText(
'show_in_rest_false_field'
);
// Check the frontend doesn't show the content.
const postId = await editor.publishPost();
await page.goto( `/?p=${ postId }` );
await expect( page.locator( '#paragraph-binding' ) ).toHaveText(
'show_in_rest_false_field'
);
} );
} );

Expand Down