Merge pull request #3073 from justlevine/feat/expose-post-passwords

jasonbahl · web-flow · commit 8a790e0d0d8f · 2024-04-01T11:46:21.000-06:00
feat: expose `hasPassword` and `password` fields on Post objects
diff --git a/src/Model/Post.php b/src/Model/Post.php
@@ -51,13 +51,15 @@
  * @property array   $editLock
  * @property string  $enclosure
  * @property string  $guid
+ * @property bool    $hasPassword
  * @property int     $menuOrder
  * @property string  $link
  * @property string  $uri
  * @property int     $commentCount
  * @property string  $featuredImageId
  * @property int     $featuredImageDatabaseId
  * @property string  $pageTemplate
+ * @property string  $password
  * @property int     $previewRevisionDatabaseId
  *
  * @property string  $captionRaw
@@ -152,6 +154,7 @@ public function __construct( WP_Post $post ) {
 			'isPostsPage',
 			'isFrontPage',
 			'isPrivacyPage',
+			'hasPassword',
 		];
 
 		if ( isset( $this->post_type_object->graphql_single_name ) ) {
@@ -595,6 +598,12 @@ protected function init() {
 
 					return false;
 				},
+				'hasPassword'               => function () {
+					return ! empty( $this->data->post_password );
+				},
+				'password'                  => function () {
+					return ! empty( $this->data->post_password ) ? $this->data->post_password : null;
+				},
 				'toPing'                    => function () {
 					$to_ping = get_to_ping( $this->databaseId );
 
@@ -690,12 +699,6 @@ protected function init() {
 
 					return ! empty( $thumbnail_id ) ? absint( $thumbnail_id ) : null;
 				},
-				'password'                  => [
-					'callback'   => function () {
-						return ! empty( $this->data->post_password ) ? $this->data->post_password : null;
-					},
-					'capability' => isset( $this->post_type_object->cap->edit_others_posts ) ?: 'edit_others_posts',
-				],
 				'enqueuedScriptsQueue'      => static function () {
 					global $wp_scripts;
 					do_action( 'wp_enqueue_scripts' );
diff --git a/src/Registry/Utils/PostObject.php b/src/Registry/Utils/PostObject.php
@@ -360,6 +360,22 @@ public static function get_fields( WP_Post_Type $post_type_object ) {
 					return absint( $post->ID );
 				},
 			],
+			'hasPassword'       => [
+				'type'        => 'Boolean',
+				'description' => sprintf(
+					// translators: %s: custom post-type name.
+					__( 'Whether the %s object is password protected.', 'wp-graphql' ),
+					$post_type_object->name
+				),
+			],
+			'password'          => [
+				'type'        => 'String',
+				'description' => sprintf(
+					// translators: %s: custom post-type name.
+					__( 'The password for the %s object.', 'wp-graphql' ),
+					$post_type_object->name
+				),
+			],
 		];
 
 		if ( 'page' === $post_type_object->name ) {
diff --git a/tests/wpunit/PostObjectQueriesTest.php b/tests/wpunit/PostObjectQueriesTest.php
@@ -101,7 +101,6 @@ public function set_permalink_structure( $structure = '' ) {
 	}
 
 	public function createPostObject( $args ) {
-
 		/**
 		 * Set up the $defaults
 		 */
@@ -212,6 +211,8 @@ static function ( $param ) {
 				}
 				enclosure
 				excerpt
+				hasPassword
+				password
 				status
 				link
 				postId
@@ -270,6 +271,8 @@ static function ( $param ) {
 				'slug'            => 'test-title-for-postobjectqueriestest',
 				'toPing'          => null,
 				'pinged'          => null,
+				'hasPassword'     => false,
+				'password'        => null,
 				'modified'        => \WPGraphQL\Utils\Utils::prepare_date_response( get_post( $post_id )->post_modified ),
 				'modifiedGmt'     => \WPGraphQL\Utils\Utils::prepare_date_response( get_post( $post_id )->post_modified_gmt ),
 				'title'           => apply_filters( 'the_title', 'Test Title for PostObjectQueriesTest' ),
@@ -2396,7 +2399,7 @@ public function testQueryPostBySlugWithNonAsciiSlug() {
 		);
 
 		// assert that the response is what we expect
-		self::assertQuerySuccessful(
+		$this->assertQuerySuccessful(
 			$actual,
 			[
 				$this->expectedField( 'post.__typename', 'Post' ),
@@ -2406,4 +2409,135 @@ public function testQueryPostBySlugWithNonAsciiSlug() {
 			]
 		);
 	}
+
+	public function testPasswordProtectedPost() {
+		$subscriber = $this->factory()->user->create(
+			[
+				'role' => 'subscriber',
+			]
+		);
+
+		$post_author_one = $this->factory()->user->create(
+			[
+				'role' => 'author',
+			]
+		);
+
+		$post_author_two = $this->factory()->user->create(
+			[
+				'role' => 'author',
+			]
+		);
+
+		$post = $this->factory()->post->create_and_get(
+			[
+				'post_type'   => 'post',
+				'post_status' => 'publish',
+				'post_password'    => 'mypassword',
+				'title'       => 'Password Protected post',
+				'content'     => 'Some content',
+				'post_author' => $post_author_one,
+			]
+		);
+
+		$query = '
+		query GetPasswordProtectedPost( $id: ID! ) {
+			post( id: $id, idType: DATABASE_ID ) {
+				title
+				content
+				status
+				password
+				hasPassword
+			}
+		}
+		';
+
+		// Test password protected post as unauthenticated user.
+		$actual = $this->graphql( [
+			'query'     => $query,
+			'variables' => [
+				'id' => $post->ID,
+			],
+		] );
+
+		$this->assertArrayNotHasKey( 'errors', $actual );
+		$this->assertEquals( $post->post_title, $actual['data']['post']['title'], 'Title should be returned when unauthenticated' );
+		$this->assertEquals( 'publish', $actual['data']['post']['status'], 'Status should be "publish" when unauthenticated' );
+		$this->assertNull( $actual['data']['post']['content'], 'Content should be null when unauthenticated' );
+		$this->assertNull( $actual['data']['post']['password'], 'Password should be null when unauthenticated' );
+		$this->assertTrue( $actual['data']['post']['hasPassword'], 'hasPassword should be true when unauthenticated' );
+
+		// Test password protected post as a subscriber.
+		wp_set_current_user( $subscriber );
+		$actual = $this->graphql( [
+			'query' => $query,
+			'variables' => [
+				'id' => $post->ID,
+			],
+		] );
+
+		$this->assertArrayNotHasKey( 'errors', $actual );
+		$this->assertEquals( $post->post_title, $actual['data']['post']['title'], 'Title should be returned when lacking permissions' );
+		$this->assertEquals( 'publish', $actual['data']['post']['status'], 'Status should be "publish" when lacking permissions' );
+		$this->assertNull( $actual['data']['post']['content'], 'Content should be null when lacking permissions' );
+		$this->assertNull( $actual['data']['post']['password'], 'Password should be null when lacking permissions' );
+		$this->assertTrue( $actual['data']['post']['hasPassword'], 'hasPassword should be true when lacking permissions' );
+
+		// Test password protected post as different author.
+		wp_set_current_user( $post_author_two );
+		$actual = $this->graphql( [
+			'query' => $query,
+			'variables' => [
+				'id' => $post->ID,
+			],
+		] );
+
+		$this->assertArrayNotHasKey( 'errors', $actual );
+		$this->assertEquals( $post->post_title, $actual['data']['post']['title'], 'Title should be returned when lacking permissions' );
+		$this->assertEquals( 'publish', $actual['data']['post']['status'], 'Status should be "publish" when lacking permissions' );
+		$this->assertNull( $actual['data']['post']['content'], 'Content should be null when lacking permissions' );
+		$this->assertNull( $actual['data']['post']['password'], 'Password should be null when lacking permissions' );
+		$this->assertTrue( $actual['data']['post']['hasPassword'], 'hasPassword should be true when lacking permissions' );
+
+		// Test password protected post as current author.
+		wp_set_current_user( $post_author_one );
+
+		$actual = $this->graphql( [
+			'query'     => $query,
+			'variables' => [
+				'id' => $post->ID,
+			],
+		] );
+
+		$this->assertArrayNotHasKey( 'errors', $actual );
+		$this->assertEquals( $post->post_title, $actual['data']['post']['title'], 'Title should be returned when authenticated' );
+		$this->assertEquals( 'publish', $actual['data']['post']['status'], 'Status should be "publish" when authenticated' );
+		$this->assertNotEmpty( $actual['data']['post']['content'], 'Content should be returned when authenticated' );
+		$this->assertEquals( $post->post_password, $actual['data']['post']['password'], 'Password should be returned when authenticated' );
+		$this->assertTrue( $actual['data']['post']['hasPassword'], 'hasPassword should be true when authenticated' );
+
+		// Test password protected post as admin.
+		wp_set_current_user( $this->admin );
+
+		$actual = $this->graphql( [
+			'query'     => $query,
+			'variables' => [
+				'id' => $post->ID,
+			],
+		] );
+
+		$this->assertArrayNotHasKey( 'errors', $actual );
+		$this->assertEquals( $post->post_title, $actual['data']['post']['title'], 'Title should be returned when authenticated' );
+		$this->assertEquals( 'publish', $actual['data']['post']['status'], 'Status should be "publish" when authenticated' );
+		$this->assertNotEmpty( $actual['data']['post']['content'], 'Content should be returned when authenticated' );
+		$this->assertEquals( $post->post_password, $actual['data']['post']['password'], 'Password should be returned when authenticated' );
+		$this->assertTrue( $actual['data']['post']['hasPassword'], 'hasPassword should be true when authenticated' );
+
+		// @todo add case with password supplied once supported.
+		// @see https://github.com/wp-graphql/wp-graphql/issues/930
+
+		// cleanup
+		wp_delete_post( $post->ID, true );
+		wp_delete_user( $subscriber );
+	}
 }
