New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Post statuses that have been allowed to be viewable by anonymous users not returned in GraphQL #2819
Comments
Hey @gblicharz , Does the issue persist using the latest version of WPGraphQL (v1.14.3)? |
@justlevine - Yes, I confirmed it is still an issue in the latest version - 1.14.3 |
Thanks for the confirmation. Looks like the PostObjectConnectionResolver has some hard-coded logic around sanitizing the provided Post statuses, which is whats causing the issue. That can probably be worked on (imo its a great spot for a filter), but in the interim you can use the add_filter
'graphql_map_input_fields_to_wp_query'
function( array $wp_query_args, $_where_args, $_source, array $graphql_args ) : array {
// Skip if we arent setting a status.
if ( empty( $graphql_args['where']['status'] ) && empty( $graphql_args['where']['stati'] ) ) {
return $wp_query_args;
}
// The 'status' arg is a string, lets make it an array.
$stati = ! empty( $graphql_args['where']['status'] ) ? [ $graphql_args['where']['status'] ] : [];
// statusescan be a string or an array.
if ( ! empty( $graphql_args['where']['stati'] ) ) {
$stati = array_merge(
$stati,
is_array( $graphql_args['where']['stati'] ) ? $graphql_args['where']['stati'] : [ $graphql_args['where']['stati'],
);
}
// Remove disallowed statuses, you need to define an allow list of _all_ statuses.
foreach ( $stati as $index => $status ) {
if ( ! in_array( $stati, $_MY_ALLOWED_STATI, true ) ) {
unset( $stati[ $index ] );
}
// Set the WP_Query arg.
$wp_query_args['post_status'] = $stati;
return $wp_query_args;
},
10,
4
); |
Thanks @justlevine. I corrected the function:
But I'm still not seeing the results returned. Looking at the PostObjectConnectionResolver.php and Post.php code, there are several other places where 'future' posts are being prevented. Specifically, in these functions:
This results in "$this->should_execute" being set to false.
For the
|
Description
We have extended the functionality of our WordPress site to allow posts with a status of "future" to be viewable to anonymous users. Making this change allows the posts with the "future" status to be viewable on our website, as well as be available via the JSON API.
This override is not respected by a graphQL query where the "stati" is specified, unless I toggle the "logged in user" in the WordPress, the GraphiQL IDE. Then the correct data is returned.
The WPGraphQL query should respect the current permissions/settings that allow posts to be visible to anonymous users similar to the logic in the WordPress front-end or JSON APIs.
Steps to reproduce
Actual results:
Expected results:
Clicking the "Switch to execute as the logged-in user" button in the GraphiQL IDE and re-running the query produces the expected results.
Additional context
No response
WPGraphQL Version
1.13.7
WordPress Version
6.2
PHP Version
8.4.33
Additional enviornment details
No response
Please confirm that you have searched existing issues in the repo.
Please confirm that you have disabled ALL plugins except for WPGraphQL.
The text was updated successfully, but these errors were encountered: