public-post-preview icon indicating copy to clipboard operation
public-post-preview copied to clipboard
verified publisher icon ocean90

Add Restricted Site Access bypass when post has Public Post Preview enabled

Open benlk opened this issue 9 months ago • 1 comments

Changes

When a site uses Restricted Site Access to prevent logged-out users from viewing the site, that plugin prevents Public Post Preview from being used to allow logged-out users to view specific posts. A common scenario where this occurs is when RSA is used to restrict access to a staging or development site, where logged-out users may be needed for reviews or testing.

This change allows valid PPP links to pierce RSA's restrictions.

I'm filing this PR against PPP, but if this feature is better implemented in RSA, I have a corresponding PR against RSA here: https://github.com/10up/restricted-site-access/pull/345

Testing

  1. Enable PPP and RSA on the same site.
  2. Create a draft post.
  3. Verify that the draft post is visible to logged-in users, and blocked for logged-out users.
  4. Enable PPP for the post.
  5. Verify that the draft post is visible to both logged-in users and logged-out users.
  6. Disable PPP for the post.
  7. Verify that the draft post is visible to logged-in users, and blocked for logged-out users.

Questions:

  • What's the expected behavior for a former PPP post which has been published but is still behind RSA?
  • What's the expected behavior when a PPP post's preview link has expired?
  • What other information do you need from third-party contributors?

benlk avatar Mar 07 '25 17:03 benlk

This specific version of the integration is untested. See additional discussion at https://github.com/10up/restricted-site-access/issues/344

benlk avatar Mar 07 '25 17:03 benlk

@ocean90 checking to see what you're thinking is on this PR for PPP (as compared to https://github.com/10up/restricted-site-access/pull/345 within RSA)?

jeffpaul avatar Nov 07 '25 05:11 jeffpaul