From ef88c3fcd271a7d11cacae083687d63dbf4911b3 Mon Sep 17 00:00:00 2001 From: Mario Santos Date: Wed, 25 Sep 2024 17:40:52 +0200 Subject: [PATCH 1/2] Use `getPostMetaFields` in `canUserEditValue` --- packages/editor/src/bindings/post-meta.js | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/packages/editor/src/bindings/post-meta.js b/packages/editor/src/bindings/post-meta.js index 4cd05f594daf7..267d01003b80c 100644 --- a/packages/editor/src/bindings/post-meta.js +++ b/packages/editor/src/bindings/post-meta.js @@ -114,14 +114,9 @@ export default { return false; } - // Check that the custom field is not protected and available in the REST API. + const fieldValue = getPostMetaFields( registry, context )?.[ args.key ] + ?.value; // Empty string or `false` could be a valid value, so we need to check if the field value is undefined. - const fieldValue = registry - .select( coreDataStore ) - .getEntityRecord( 'postType', postType, context?.postId )?.meta?.[ - args.key - ]; - if ( fieldValue === undefined ) { return false; } From 47f804024714ff2408d7810b52fbb3ad5240ee63 Mon Sep 17 00:00:00 2001 From: Mario Santos Date: Wed, 25 Sep 2024 17:41:37 +0200 Subject: [PATCH 2/2] Add e2e test --- packages/e2e-tests/plugins/block-bindings.php | 7 ++--- .../editor/various/block-bindings.spec.js | 27 +++++++++++++++++++ 2 files changed, 31 insertions(+), 3 deletions(-) diff --git a/packages/e2e-tests/plugins/block-bindings.php b/packages/e2e-tests/plugins/block-bindings.php index 8951255d516bf..0629a39728602 100644 --- a/packages/e2e-tests/plugins/block-bindings.php +++ b/packages/e2e-tests/plugins/block-bindings.php @@ -55,9 +55,10 @@ function gutenberg_test_block_bindings_registration() { 'post', '_protected_field', array( - 'type' => 'string', - 'single' => true, - 'default' => 'protected field value', + 'type' => 'string', + 'show_in_rest' => true, + 'single' => true, + 'default' => 'protected field value', ) ); register_meta( diff --git a/test/e2e/specs/editor/various/block-bindings.spec.js b/test/e2e/specs/editor/various/block-bindings.spec.js index 010d173e760ca..f172a424bb172 100644 --- a/test/e2e/specs/editor/various/block-bindings.spec.js +++ b/test/e2e/specs/editor/various/block-bindings.spec.js @@ -2390,6 +2390,33 @@ test.describe( 'Block bindings', () => { previewPage.locator( '#image-alt-binding img' ) ).toHaveAttribute( 'alt', 'new value' ); } ); + + test( 'should not be possible to edit the value of the protected custom fields', async ( { + editor, + } ) => { + await editor.insertBlock( { + name: 'core/paragraph', + attributes: { + content: 'paragraph default content', + metadata: { + bindings: { + content: { + source: 'core/post-meta', + args: { key: '_protected_field' }, + }, + }, + }, + }, + } ); + const paragraphBlock = editor.canvas.getByRole( 'document', { + name: 'Block: Paragraph', + } ); + + await expect( paragraphBlock ).toHaveAttribute( + 'contenteditable', + 'false' + ); + } ); } ); } );