From aac3784618817a0543fa1dcc50600d94790d07d6 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Wed, 5 Oct 2022 14:47:07 +0000
Subject: [PATCH] Tests: Add comments to clarify a REST API test for password
 protected posts.

Authenticated users should only be allowed to read password protected content if they have the `edit_post` meta capability for the post. In other words, the content of a password protected post created by an Editor should not be viewable by a Contributor.

This commit aims to clarify the usage of a negative assertion `assertStringNotContainsString()` and describe the intention behind the test to avoid confusion.

Follow-up to [50717].

Fixes #56681.

git-svn-id: https://develop.svn.wordpress.org/trunk@54396 602fd350-edb4-49c9-b593-d223f7449a82
---
 .../tests/rest-api/rest-posts-controller.php      | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php
index 5fa7e3cf98..b2a5512fba 100644
--- a/tests/phpunit/tests/rest-api/rest-posts-controller.php
+++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php
@@ -1954,8 +1954,14 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 		$this->assertErrorResponse( 'rest_forbidden', $response, 401 );
 	}
 
+	/**
+	 * Tests that authenticated users are only allowed to read password protected content
+	 * if they have the 'edit_post' meta capability for the post.
+	 */
 	public function test_get_post_draft_edit_context() {
 		$post_content = 'Hello World!';
+
+		// Create a password protected post as an Editor.
 		self::factory()->post->create(
 			array(
 				'post_title'    => 'Hola',
@@ -1965,6 +1971,8 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 				'post_author'   => self::$editor_id,
 			)
 		);
+
+		// Create a draft with the Latest Posts block as a Contributor.
 		$draft_id = self::factory()->post->create(
 			array(
 				'post_status'  => 'draft',
@@ -1972,11 +1980,18 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
 				'post_content' => '<!-- wp:latest-posts {"displayPostContent":true} /--> <!-- wp:latest-posts {"displayPostContent":true,"displayPostContentRadio":"full_post"} /-->',
 			)
 		);
+
+		// Set the current user to Contributor and request the draft for editing.
 		wp_set_current_user( self::$contributor_id );
 		$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', $draft_id ) );
 		$request->set_param( 'context', 'edit' );
 		$response = rest_get_server()->dispatch( $request );
 		$data     = $response->get_data();
+
+		/*
+		 * Verify that the content of a password protected post created by an Editor
+		 * is not viewable by a Contributor.
+		 */
 		$this->assertStringNotContainsString( $post_content, $data['content']['rendered'] );
 	}