Skip to content

SAL: expose has_password field in post API response#47938

Open
gabrielcaires wants to merge 6 commits intotrunkfrom
update/fix-466-add-has-password-field
Open

SAL: expose has_password field in post API response#47938
gabrielcaires wants to merge 6 commits intotrunkfrom
update/fix-466-add-has-password-field

Conversation

@gabrielcaires
Copy link
Copy Markdown
Contributor

@gabrielcaires gabrielcaires commented Apr 3, 2026
edited
Loading

Part of READ-446

Expose has_password field to permit reader show better information about how the user can see the post.

Summary

  • Add has_password boolean field to $post_object_format in WPCOM_JSON_API_Post_v1_1_Endpoint
  • Add case 'has_password': in render_response_keys() calling $post->get_has_password()
  • Add get_has_password() method to SAL_Post — returns true if post_password is non-empty, regardless of whether the current user can view the password value
  • Add PHPUnit tests: SalPostsTest covers get_has_password() directly on the SAL wrapper; WPCOM_JSON_API_Get_Post_v1_1_Endpoint_Test covers the has_password field in the v1.1 API response

Does this pull request change what data or activity we track or use?

N/A

Why

When a site owner (user with edit_post capability) requests a password-protected post via the WordPress.com Reader, can_access_post() bypasses the WP_Error path. The existing password field is filtered out before reaching the Reader endpoint. A dedicated boolean field allows the Reader to reliably detect password-protected posts and show the standard placeholder, regardless of whether the current user can view the password value.

Companion change to wpcom PR wpcom/pull/210471 (READ-446).

Testing instructions:

@gabrielcaires @claude
SAL: expose has_password field in post API response
6c2848d 
Add a `has_password` boolean field to the post object format that
indicates whether a post is password protected, regardless of the
current user's permissions.

This allows the WordPress.com Reader to detect password-protected posts
from Atomic/Jetpack sites even when the requesting user is a site owner,
where `current_user_can('edit_post')` bypasses the usual WP_Error path.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@gabrielcaires gabrielcaires requested a review from Copilot April 3, 2026 17:22
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 3, 2026
edited
Loading

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

  • To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (Jetpack), and enable the update/fix-466-add-has-password-field branch.
  • To test on Simple, run the following command on your sandbox:
bin/jetpack-downloader test jetpack update/fix-466-add-has-password-field

Interested in more tips and information?

  • In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
  • Read more about our development workflow here: PCYsg-eg0-p2
  • Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

@github-actions github-actions bot added [Feature] WPCOM API [Plugin] Jetpack Issues about the Jetpack plugin. https://wordpress.org/plugins/jetpack/ labels Apr 3, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 3, 2026
edited
Loading

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

  • ✅ Include a description of your PR changes.
  • ✅ Add a "[Status]" label (In Progress, Needs Review, ...).
  • ✅ Add testing instructions.
  • ✅ Specify whether this PR includes any changes to data or privacy.
  • ✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

Follow this PR Review Process:

  1. Ensure all required checks appearing at the bottom of this PR are passing.
  2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
  3. You can use GitHub's Reviewers functionality to request a review.
  4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

Jetpack plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

@github-actions github-actions bot added the [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. label Apr 3, 2026
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates Jetpack’s SAL-backed WordPress.com REST v1.1 post endpoints to expose a new boolean has_password field so clients (notably the Reader) can reliably detect password-protected posts even when the password field is filtered/omitted.

Changes:

  • Add has_password to the v1.1 post response schema and render it via render_response_keys().
  • Add SAL_Post::get_has_password() to detect whether post_password is non-empty.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
projects/plugins/jetpack/sal/class.json-api-post-base.php Adds get_has_password() to the SAL post wrapper for detecting password protection.
projects/plugins/jetpack/json-endpoints/class.wpcom-json-api-post-v1-1-endpoint.php Documents and exposes has_password in v1.1 post responses via a new render switch case.

gabrielcaires and others added 2 commits April 3, 2026 18:27
@gabrielcaires
Add changelog
b275526
@gabrielcaires
Update projects/plugins/jetpack/json-endpoints/class.wpcom-json-api-p…
28ec795 
…ost-v1-1-endpoint.php

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@gabrielcaires gabrielcaires self-assigned this Apr 3, 2026
@gabrielcaires gabrielcaires added [Status] Needs Review This PR is ready for review. and removed [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. labels Apr 3, 2026
@github-actions github-actions bot added [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. and removed [Status] Needs Review This PR is ready for review. labels Apr 3, 2026
@jp-launch-control
Copy link
Copy Markdown

jp-launch-control bot commented Apr 3, 2026
edited
Loading

Code Coverage Summary

Coverage changed in 3 files.

File Coverage Δ% Δ Uncovered
projects/plugins/jetpack/sal/class.json-api-post-base.php 5/392 (1.28%) 0.25% 0 💚
projects/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-post-v1-1-endpoint.php 13/57 (22.81%) 22.81% -13 💚
projects/plugins/jetpack/json-endpoints/class.wpcom-json-api-post-v1-1-endpoint.php 157/192 (81.77%) 79.13% -149 💚

Full summary · PHP report · JS report

@gabrielcaires gabrielcaires requested a review from Copilot April 3, 2026 17:44
@gabrielcaires gabrielcaires requested a review from a team April 3, 2026 17:45
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Copilot AI mentioned this pull request Apr 3, 2026
Merged
gabrielcaires and others added 2 commits April 3, 2026 18:59
@gabrielcaires
Update projects/plugins/jetpack/changelog/update-fix-466-add-has-pass…
03a6fcf 
…word-field

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@gabrielcaires
SAL: Add has_password field to JSON API v1.1 post response (#47939)
e727944 
* Initial plan

* SAL: Add has_password field to post API response, fix PHPCS class name

Agent-Logs-Url: https://github.com/Automattic/jetpack/sessions/96aeb0a5-16dd-4046-b6ed-5c39575ff33e

Co-authored-by: gabrielcaires <38718+gabrielcaires@users.noreply.github.com>

* SAL: Use ! empty() for has_password check (more idiomatic WordPress)

Agent-Logs-Url: https://github.com/Automattic/jetpack/sessions/96aeb0a5-16dd-4046-b6ed-5c39575ff33e

Co-authored-by: gabrielcaires <38718+gabrielcaires@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: gabrielcaires <38718+gabrielcaires@users.noreply.github.com>
Co-authored-by: Gabriel Caires <gabriel.caires@automattic.com>
@gabrielcaires gabrielcaires removed the [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. label Apr 3, 2026
@gabrielcaires gabrielcaires added the [Status] Needs Review This PR is ready for review. label Apr 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

Copilot code review Copilot Copilot left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@gabrielcaires gabrielcaires

Labels

[Feature] Reader [Feature] WPCOM API [Plugin] Jetpack Issues about the Jetpack plugin. https://wordpress.org/plugins/jetpack/ [Status] Needs Review This PR is ready for review. [Tests] Includes Tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gabrielcaires