From ab2e860f0dee2b9ee662f44efce3c4236becd2c8 Mon Sep 17 00:00:00 2001 From: Mario Santos <34552881+SantosGuillamot@users.noreply.github.com> Date: Wed, 25 Sep 2024 19:32:10 +0200 Subject: [PATCH] Block Bindings: Fix editing protected custom fields in block bindings (#65658) * Use `getPostMetaFields` in `canUserEditValue` * Add e2e test Co-authored-by: SantosGuillamot Co-authored-by: cbravobernal --- packages/e2e-tests/plugins/block-bindings.php | 7 ++--- packages/editor/src/bindings/post-meta.js | 9 ++----- .../editor/various/block-bindings.spec.js | 27 +++++++++++++++++++ 3 files changed, 33 insertions(+), 10 deletions(-) diff --git a/packages/e2e-tests/plugins/block-bindings.php b/packages/e2e-tests/plugins/block-bindings.php index 8951255d516bfc..0629a397286023 100644 --- a/packages/e2e-tests/plugins/block-bindings.php +++ b/packages/e2e-tests/plugins/block-bindings.php @@ -55,9 +55,10 @@ function gutenberg_test_block_bindings_registration() { 'post', '_protected_field', array( - 'type' => 'string', - 'single' => true, - 'default' => 'protected field value', + 'type' => 'string', + 'show_in_rest' => true, + 'single' => true, + 'default' => 'protected field value', ) ); register_meta( diff --git a/packages/editor/src/bindings/post-meta.js b/packages/editor/src/bindings/post-meta.js index 4cd05f594daf74..267d01003b80c4 100644 --- a/packages/editor/src/bindings/post-meta.js +++ b/packages/editor/src/bindings/post-meta.js @@ -114,14 +114,9 @@ export default { return false; } - // Check that the custom field is not protected and available in the REST API. + const fieldValue = getPostMetaFields( registry, context )?.[ args.key ] + ?.value; // Empty string or `false` could be a valid value, so we need to check if the field value is undefined. - const fieldValue = registry - .select( coreDataStore ) - .getEntityRecord( 'postType', postType, context?.postId )?.meta?.[ - args.key - ]; - if ( fieldValue === undefined ) { return false; } diff --git a/test/e2e/specs/editor/various/block-bindings.spec.js b/test/e2e/specs/editor/various/block-bindings.spec.js index 010d173e760ca9..f172a424bb1729 100644 --- a/test/e2e/specs/editor/various/block-bindings.spec.js +++ b/test/e2e/specs/editor/various/block-bindings.spec.js @@ -2390,6 +2390,33 @@ test.describe( 'Block bindings', () => { previewPage.locator( '#image-alt-binding img' ) ).toHaveAttribute( 'alt', 'new value' ); } ); + + test( 'should not be possible to edit the value of the protected custom fields', async ( { + editor, + } ) => { + await editor.insertBlock( { + name: 'core/paragraph', + attributes: { + content: 'paragraph default content', + metadata: { + bindings: { + content: { + source: 'core/post-meta', + args: { key: '_protected_field' }, + }, + }, + }, + }, + } ); + const paragraphBlock = editor.canvas.getByRole( 'document', { + name: 'Block: Paragraph', + } ); + + await expect( paragraphBlock ).toHaveAttribute( + 'contenteditable', + 'false' + ); + } ); } ); } );