RTC: Lock posts when custom fields enabled.

[peterwilsoncc]

Description

Related to #75939.

A user without custom fields enabled in their editor can open a post that is been edited by a user custom fields enabled in their editor.

Step-by-step reproduction instructions

1. Enable RTC
2. Create a user with authoring permissions (I used a collabortator)
3. In a private/incognito browser log in as the second user
4. Create a post
5. Go to [...] > Preferences
6. Enable custom fields
7. Save and reload
8. Write a short post
9. Add some custom data to the custom fields
10. Save the daft post
11. Keep the editor open in the private browser and return to the original window as the first user
12. Navigate to/reload all posts
13. Click the post title created in the private browser window
14. Observe you can edit the post.

Screenshots, screen recording, code snippet

Environment info

• WordPress: 6.9.2-alpha-61586
• PHP: 8.3.25
• Server: nginx/1.18.0
• Database: mysqli (Server: 8.0.36-0ubuntu0.22.04.1 / Client: mysqlnd 8.3.25)
• Browser: Firefox 148.0
• OS: macOS
• Theme: Twenty Twenty-Five 1.4
• MU Plugins:
  • auto-activate-plugins.php
  • block-bindings.php
  • query-monitor-file-mappings.php
  • _admin_bar_gb_status.php
• Plugins:
  • Gutenberg 22.7.0-rc.1
  • Query Monitor 3.20.2
  • Test Reports 1.2.1
  • User Switching 1.11.2

Please confirm that you have searched existing issues in the repo.

• Yes

Please confirm that you have tested with all plugins deactivated except Gutenberg.

• Yes

Please confirm which theme type you used for testing.

• Block
• Classic
• Hybrid (e.g. classic with theme.json)
• Not sure

[nirav7707]

@peterwilsoncc I’ve reproduced the issue. On the post list page, the lock icon appears, but I’m still able to edit the post, and the takeover notice modal does not appear.

Update: The lock icon stays there even if the second user leaves the post edit screen.