61837: Add failing unit tests for checking item permissions while updating password

Author: kadamwhite

tests/phpunit/tests/rest-api/rest-posts-controller.php

@@ -2173,6 +2173,49 @@ public function test_get_post_with_password_without_permission() {
 		$this->assertTrue( $data['excerpt']['protected'] );
 	}
 
+	/**
+	 * @ticket 61837
+	 */
+	public function test_get_item_permissions_check_while_updating_password() {
+		$endpoint = new WP_REST_Posts_Controller( 'post' );
+
+		$request_with_post_password = new WP_REST_Request( 'POST', sprintf( '/wp/v2/posts/%d', self::$post_id ) );
+		$request_with_post_password->set_body_params(
+			$this->set_post_data(
+				array(
+					'id'       => self::$post_id,
+					'password' => '123',
+				)
+			)
+		);
+		$permission = $endpoint->get_item_permissions_check( $request_with_post_password );
+
+		// Password provided in POST data, password check should not kick in.
+		$this->assertNotInstanceOf( 'WP_Error', $permission, 'Password should be ignored by permissions check if provided in post body.' );
+		$this->assertTrue( $permission );
+	}
+
+	/**
+	 * @ticket 61837
+	 */
+	public function test_get_item_permissions_check_while_updating_password_with_invalid_type() {
+		$endpoint = new WP_REST_Posts_Controller( 'post' );
+
+		$request_with_post_password = new WP_REST_Request( 'POST', sprintf( '/wp/v2/posts/%d', self::$post_id ) );
+		$request_with_post_password->set_body_params(
+			$this->set_post_data(
+				array(
+					'id'       => self::$post_id,
+					'password' => 123,
+				)
+			)
+		);
+		$permission = $endpoint->get_item_permissions_check( $request_with_post_password );
+
+		$this->assertNotInstanceOf( 'WP_Error', $permission, 'Password should be ignored by permissions chedk even if invalid type' );
+		$this->assertTrue( $permission );
+	}
+
 	/**
 	 * The post response should not have `block_version` when in view context.
 	 *