W3cubDocs

/WordPress

WP_REST_Posts_Controller::can_access_password_content( WP_Post $post, WP_REST_Request $request ): bool

Checks if the user can access password-protected content.

Description

This method determines whether we need to override the regular password check in core with a filter.

Parameters

$postWP_Postrequired: Post to check against.
$requestWP_REST_Requestrequired: Request data to check.

Return

bool True if the user can access password-protected content, otherwise false.

Source

public function can_access_password_content( $post, $request ) {
	if ( empty( $post->post_password ) ) {
		// No filter required.
		return false;
	}

	/*
	 * Users always gets access to password protected content in the edit
	 * context if they have the `edit_post` meta capability.
	 */
	if (
		'edit' === $request['context'] &&
		current_user_can( 'edit_post', $post->ID )
	) {
		return true;
	}

	// No password, no auth.
	if ( empty( $request['password'] ) ) {
		return false;
	}

	// Double-check the request password.
	return hash_equals( $post->post_password, $request['password'] );
}

View all references View on Trac View on GitHub

Changelog

Version	Description
4.7.0	Introduced.

© 2003–2024 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_rest_posts_controller/can_access_password_content