WP_REST_Posts_Controller::can_access_password_content()
Checks if the user can access password-protected content.
This method determines whether we need to override the regular password check in core with a filter.
Method of the class: WP_REST_Posts_Controller{}
No Hooks.
Return
true|false
. True if the user can access password-protected content, otherwise false.
Usage
$WP_REST_Posts_Controller = new WP_REST_Posts_Controller(); $WP_REST_Posts_Controller->can_access_password_content( $post, $request );
- $post(WP_Post) (required)
- Post to check against.
- $request(WP_REST_Request) (required)
- Request data to check.
Changelog
Since 4.7.0 | Introduced. |
WP_REST_Posts_Controller::can_access_password_content() WP REST Posts Controller::can access password content code WP 6.6.2
public function can_access_password_content( $post, $request ) { if ( empty( $post->post_password ) ) { // No filter required. return false; } /* * Users always gets access to password protected content in the edit * context if they have the `edit_post` meta capability. */ if ( 'edit' === $request['context'] && current_user_can( 'edit_post', $post->ID ) ) { return true; } // No password, no auth. if ( empty( $request['password'] ) ) { return false; } // Double-check the request password. return hash_equals( $post->post_password, $request['password'] ); }