This method determines whether we need to override the regular password
check in core with a filter.
public can_access_password_content ( WP_Post $post, WP_REST_Request $request ) : boolean | ||
$post | WP_Post | Post to check against. |
$request | WP_REST_Request | Request data to check. |
return | boolean | True if the user can access password-protected content, otherwise false. |
/** * Checks if the post can be read. * * Correctly handles posts with the inherit status. * * @since 4.7.0 * @access protected * * @param WP_Post $post Post object. * @param WP_REST_Request $request Request data to check. * @return bool Whether post can be read. */ protected function check_read_post_permission($post, $request) { $posts_controller = new WP_REST_Posts_Controller($post->post_type); $post_type = get_post_type_object($post->post_type); $has_password_filter = false; // Only check password if a specific post was queried for or a single comment $requested_post = !empty($request['post']) && 1 === count($request['post']); $requested_comment = !empty($request['id']); if (($requested_post || $requested_comment) && $posts_controller->can_access_password_content($post, $request)) { add_filter('post_password_required', '__return_false'); $has_password_filter = true; } if (post_password_required($post)) { $result = current_user_can($post_type->cap->edit_post, $post->ID); } else { $result = $posts_controller->check_read_permission($post); } if ($has_password_filter) { remove_filter('post_password_required', '__return_false'); } return $result; }