Context Navigation

Back to Ticket #17253

Ticket #17253: capabilities.2.php

File capabilities.2.php, 27.9 KB (added by knutsp, 11 years ago)
Test that new authors get new capabilities

Line
1	<?php
2
3	// Test roles and capabilities via the WP_User class
4
5	/**
6	* @group user
7	* @group capabilities
8	*/
9	class Tests_User_Capabilities extends WP_UnitTestCase {
10	protected $user_ids = array();
11
12	function setUp() {
13	parent::setUp();
14	// keep track of users we create
15	$this->_flush_roles();
16
17	$this->orig_users = get_users();
18	}
19
20	function _flush_roles() {
21	// we want to make sure we're testing against the db, not just in-memory data
22	// this will flush everything and reload it from the db
23	unset($GLOBALS['wp_user_roles']);
24	global $wp_roles;
25	if ( is_object( $wp_roles ) )
26	$wp_roles->_init();
27	}
28
29	function _meta_yes_you_can( $can, $key, $post_id, $user_id, $cap, $caps ) {
30	return true;
31	}
32
33	function _meta_no_you_cant( $can, $key, $post_id, $user_id, $cap, $caps ) {
34	return false;
35	}
36
37	function _meta_filter( $meta_value, $meta_key, $meta_type ) {
38	return $meta_value;
39	}
40
41	// test the default roles
42
43	function test_user_administrator() {
44	$id = $this->factory->user->create( array( 'role' => 'administrator' ) );
45	$user = new WP_User($id);
46	$this->assertTrue($user->exists(), "Problem getting user $id");
47
48	// make sure the role name is correct
49	$this->assertEquals(array('administrator'), $user->roles);
50
51	// check a few of the main capabilities
52	$this->assertTrue($user->has_cap('switch_themes'));
53	$this->assertTrue($user->has_cap('list_users'));
54	$this->assertTrue($user->has_cap('manage_options'));
55	$this->assertTrue($user->has_cap('level_10'));
56	}
57
58	function test_user_editor() {
59	$id = $this->factory->user->create( array( 'role' => 'editor' ) );
60	$user = new WP_User($id);
61	$this->assertTrue($user->exists(), "Problem getting user $id");
62
63	// make sure the role name is correct
64	$this->assertEquals(array('editor'), $user->roles);
65
66	// check a few of the main capabilities
67	$this->assertTrue($user->has_cap('moderate_comments'));
68	$this->assertTrue($user->has_cap('manage_categories'));
69	$this->assertTrue($user->has_cap('upload_files'));
70	$this->assertTrue($user->has_cap('level_7'));
71
72	// and a few capabilities this user doesn't have
73	$this->assertFalse($user->has_cap('switch_themes'));
74	$this->assertFalse($user->has_cap('edit_users'));
75	$this->assertFalse($user->has_cap('level_8'));
76	}
77
78	function test_user_author() {
79	$id = $this->factory->user->create( array( 'role' => 'author' ) );
80	$user = new WP_User($id);
81	$this->assertTrue($user->exists(), "Problem getting user $id");
82
83	// make sure the role name is correct
84	$this->assertEquals(array('author'), $user->roles);
85
86	// check a few of the main capabilities
87	$this->assertTrue($user->has_cap('edit_posts'));
88	$this->assertTrue($user->has_cap('edit_published_posts'));
89	$this->assertTrue($user->has_cap('upload_files'));
90	$this->assertTrue($user->has_cap('level_2'));
91
92	// and a few capabilities this user doesn't have
93	$this->assertFalse($user->has_cap('moderate_comments'));
94	$this->assertFalse($user->has_cap('manage_categories'));
95	$this->assertFalse($user->has_cap('level_3'));
96	}
97
98	function test_user_contributor() {
99	$id = $this->factory->user->create( array( 'role' => 'contributor' ) );
100	$user = new WP_User($id);
101	$this->assertTrue($user->exists(), "Problem getting user $id");
102
103	// make sure the role name is correct
104	$this->assertEquals(array('contributor'), $user->roles);
105
106	// check a few of the main capabilities
107	$this->assertTrue($user->has_cap('edit_posts'));
108	$this->assertTrue($user->has_cap('read'));
109	$this->assertTrue($user->has_cap('level_1'));
110	$this->assertTrue($user->has_cap('level_0'));
111
112	// and a few capabilities this user doesn't have
113	$this->assertFalse($user->has_cap('upload_files'));
114	$this->assertFalse($user->has_cap('edit_published_posts'));
115	$this->assertFalse($user->has_cap('level_2'));
116	}
117
118	function test_user_subscriber() {
119	$id = $this->factory->user->create( array( 'role' => 'subscriber' ) );
120	$user = new WP_User($id);
121	$this->assertTrue($user->exists(), "Problem getting user $id");
122
123	// make sure the role name is correct
124	$this->assertEquals(array('subscriber'), $user->roles);
125
126	// check a few of the main capabilities
127	$this->assertTrue($user->has_cap('read'));
128	$this->assertTrue($user->has_cap('level_0'));
129
130	// and a few capabilities this user doesn't have
131	$this->assertFalse($user->has_cap('upload_files'));
132	$this->assertFalse($user->has_cap('edit_posts'));
133	$this->assertFalse($user->has_cap('level_1'));
134	}
135
136	// a role that doesn't exist
137	function test_bogus_role() {
138	_disable_wp_die();
139	$id = $this->factory->user->create( array( 'role' => rand_str() ) );
140	$user = new WP_User($id);
141	$this->assertTrue($user->exists(), "Problem getting user $id");
142
143	// user has no role and no capabilities
144	$this->assertEquals(array(), $user->roles);
145	$this->assertFalse($user->has_cap('level_0'));
146	_enable_wp_die();
147	}
148
149	// a user with multiple roles
150	function test_user_subscriber_contributor() {
151	$id = $this->factory->user->create( array( 'role' => 'subscriber' ) );
152	$user = new WP_User($id);
153	$this->assertTrue($user->exists(), "Problem getting user $id");
154	$user->add_role('contributor');
155
156	// nuke and re-fetch the object to make sure it was stored
157	$user = NULL;
158	$user = new WP_User($id);
159	$this->assertTrue($user->exists(), "Problem getting user $id");
160
161	// user should have two roles now
162	$this->assertEquals(array('subscriber', 'contributor'), $user->roles);
163
164	// with contributor capabilities
165	$this->assertTrue($user->has_cap('edit_posts'));
166	$this->assertTrue($user->has_cap('read'));
167	$this->assertTrue($user->has_cap('level_1'));
168	$this->assertTrue($user->has_cap('level_0'));
169
170	// but not these
171	$this->assertFalse($user->has_cap('upload_files'));
172	$this->assertFalse($user->has_cap('edit_published_posts'));
173	$this->assertFalse($user->has_cap('level_2'));
174	}
175
176	function test_add_empty_role() {
177	// add_role($role, $display_name, $capabilities = '')
178	// randomly named role with no capabilities
179	global $wp_roles;
180	$role_name = rand_str();
181	add_role($role_name, 'Janitor', array());
182	$this->_flush_roles();
183	$this->assertTrue($wp_roles->is_role($role_name));
184
185	$id = $this->factory->user->create( array( 'role' => $role_name ) );
186
187	$user = new WP_User($id);
188	$this->assertTrue($user->exists(), "Problem getting user $id");
189
190	$this->assertEquals(array($role_name), $user->roles);
191
192	// user shouldn't have any capabilities; test a quick sample
193	$this->assertFalse($user->has_cap('upload_files'));
194	$this->assertFalse($user->has_cap('edit_published_posts'));
195	$this->assertFalse($user->has_cap('level_1'));
196	$this->assertFalse($user->has_cap('level_0'));
197
198	// clean up
199	remove_role($role_name);
200	$this->_flush_roles();
201	$this->assertFalse($wp_roles->is_role($role_name));
202	}
203
204
205	function test_add_role() {
206	// add_role($role, $display_name, $capabilities = '')
207	// randomly named role with a few capabilities
208	global $wp_roles;
209	$role_name = rand_str();
210	add_role($role_name, 'Janitor', array('edit_posts'=>true, 'edit_pages'=>true, 'level_0'=>true, 'level_1'=>true, 'level_2'=>true));
211	$this->_flush_roles();
212	$this->assertTrue($wp_roles->is_role($role_name));
213
214	$id = $this->factory->user->create( array( 'role' => $role_name ) );
215
216	$user = new WP_User($id);
217	$this->assertTrue($user->exists(), "Problem getting user $id");
218
219	$this->assertEquals(array($role_name), $user->roles);
220
221	// the user should have all the above caps
222	$this->assertTrue($user->has_cap($role_name));
223	$this->assertTrue($user->has_cap('edit_posts'));
224	$this->assertTrue($user->has_cap('edit_pages'));
225	$this->assertTrue($user->has_cap('level_0'));
226	$this->assertTrue($user->has_cap('level_1'));
227	$this->assertTrue($user->has_cap('level_2'));
228
229	// shouldn't have any other caps
230	$this->assertFalse($user->has_cap('upload_files'));
231	$this->assertFalse($user->has_cap('edit_published_posts'));
232	$this->assertFalse($user->has_cap('upload_files'));
233	$this->assertFalse($user->has_cap('level_3'));
234
235	// clean up
236	remove_role($role_name);
237	$this->_flush_roles();
238	$this->assertFalse($wp_roles->is_role($role_name));
239	}
240
241	function test_role_add_cap() {
242	// change the capabilites associated with a role and make sure the change is reflected in has_cap()
243
244	global $wp_roles;
245	$role_name = rand_str();
246	add_role( $role_name, 'Janitor', array('level_1'=>true) );
247	$this->_flush_roles();
248	$this->assertTrue( $wp_roles->is_role($role_name) );
249
250	// assign a user to that role
251	$id = $this->factory->user->create( array( 'role' => $role_name ) );
252
253	// now add a cap to the role
254	$wp_roles->add_cap($role_name, 'sweep_floor');
255	$this->_flush_roles();
256
257	$user = new WP_User($id);
258	$this->assertTrue($user->exists(), "Problem getting user $id");
259	$this->assertEquals(array($role_name), $user->roles);
260
261	// the user should have all the above caps
262	$this->assertTrue($user->has_cap($role_name));
263	$this->assertTrue($user->has_cap('level_1'));
264	$this->assertTrue($user->has_cap('sweep_floor'));
265
266	// shouldn't have any other caps
267	$this->assertFalse($user->has_cap('upload_files'));
268	$this->assertFalse($user->has_cap('edit_published_posts'));
269	$this->assertFalse($user->has_cap('upload_files'));
270	$this->assertFalse($user->has_cap('level_4'));
271
272	// clean up
273	remove_role($role_name);
274	$this->_flush_roles();
275	$this->assertFalse($wp_roles->is_role($role_name));
276
277	}
278
279	function test_role_remove_cap() {
280	// change the capabilites associated with a role and make sure the change is reflected in has_cap()
281
282	global $wp_roles;
283	$role_name = rand_str();
284	add_role( $role_name, 'Janitor', array('level_1'=>true, 'sweep_floor'=>true, 'polish_doorknobs'=>true) );
285	$this->_flush_roles();
286	$this->assertTrue( $wp_roles->is_role($role_name) );
287
288	// assign a user to that role
289	$id = $this->factory->user->create( array( 'role' => $role_name ) );
290
291	// now remove a cap from the role
292	$wp_roles->remove_cap($role_name, 'polish_doorknobs');
293	$this->_flush_roles();
294
295	$user = new WP_User($id);
296	$this->assertTrue($user->exists(), "Problem getting user $id");
297	$this->assertEquals(array($role_name), $user->roles);
298
299	// the user should have all the above caps
300	$this->assertTrue($user->has_cap($role_name));
301	$this->assertTrue($user->has_cap('level_1'));
302	$this->assertTrue($user->has_cap('sweep_floor'));
303
304	// shouldn't have the removed cap
305	$this->assertFalse($user->has_cap('polish_doorknobs'));
306
307	// clean up
308	remove_role($role_name);
309	$this->_flush_roles();
310	$this->assertFalse($wp_roles->is_role($role_name));
311
312	}
313
314	function test_user_add_cap() {
315	// add an extra capability to a user
316
317	// there are two contributors
318	$id_1 = $this->factory->user->create( array( 'role' => 'contributor' ) );
319	$id_2 = $this->factory->user->create( array( 'role' => 'contributor' ) );
320
321	// user 1 has an extra capability
322	$user_1 = new WP_User($id_1);
323	$this->assertTrue($user_1->exists(), "Problem getting user $id_1");
324	$user_1->add_cap('publish_posts');
325
326	// re-fetch both users from the db
327	$user_1 = new WP_User($id_1);
328	$this->assertTrue($user_1->exists(), "Problem getting user $id_1");
329	$user_2 = new WP_User($id_2);
330	$this->assertTrue($user_2->exists(), "Problem getting user $id_2");
331
332	// make sure they're both still contributors
333	$this->assertEquals(array('contributor'), $user_1->roles);
334	$this->assertEquals(array('contributor'), $user_2->roles);
335
336	// check the extra cap on both users
337	$this->assertTrue($user_1->has_cap('publish_posts'));
338	$this->assertFalse($user_2->has_cap('publish_posts'));
339
340	// make sure the other caps didn't get messed up
341	$this->assertTrue($user_1->has_cap('edit_posts'));
342	$this->assertTrue($user_1->has_cap('read'));
343	$this->assertTrue($user_1->has_cap('level_1'));
344	$this->assertTrue($user_1->has_cap('level_0'));
345	$this->assertFalse($user_1->has_cap('upload_files'));
346	$this->assertFalse($user_1->has_cap('edit_published_posts'));
347	$this->assertFalse($user_1->has_cap('level_2'));
348
349	}
350
351	function test_user_remove_cap() {
352	// add an extra capability to a user then remove it
353
354	// there are two contributors
355	$id_1 = $this->factory->user->create( array( 'role' => 'contributor' ) );
356	$id_2 = $this->factory->user->create( array( 'role' => 'contributor' ) );
357
358	// user 1 has an extra capability
359	$user_1 = new WP_User($id_1);
360	$this->assertTrue($user_1->exists(), "Problem getting user $id_1");
361	$user_1->add_cap('publish_posts');
362
363	// now remove the extra cap
364	$user_1->remove_cap('publish_posts');
365
366	// re-fetch both users from the db
367	$user_1 = new WP_User($id_1);
368	$this->assertTrue($user_1->exists(), "Problem getting user $id_1");
369	$user_2 = new WP_User($id_2);
370	$this->assertTrue($user_2->exists(), "Problem getting user $id_2");
371
372	// make sure they're both still contributors
373	$this->assertEquals(array('contributor'), $user_1->roles);
374	$this->assertEquals(array('contributor'), $user_2->roles);
375
376	// check the removed cap on both users
377	$this->assertFalse($user_1->has_cap('publish_posts'));
378	$this->assertFalse($user_2->has_cap('publish_posts'));
379
380	}
381
382	function test_user_level_update() {
383	// make sure the user_level is correctly set and changed with the user's role
384
385	// user starts as an author
386	$id = $this->factory->user->create( array( 'role' => 'author' ) );
387	$user = new WP_User($id);
388	$this->assertTrue($user->exists(), "Problem getting user $id");
389
390	// author = user level 2
391	$this->assertEquals( 2, $user->user_level );
392
393	// they get promoted to editor - level should get bumped to 7
394	$user->set_role('editor');
395	$this->assertEquals( 7, $user->user_level );
396
397	// demoted to contributor - level is reduced to 1
398	$user->set_role('contributor');
399	$this->assertEquals( 1, $user->user_level );
400
401	// if they have two roles, user_level should be the max of the two
402	$user->add_role('editor');
403	$this->assertEquals(array('contributor', 'editor'), $user->roles);
404	$this->assertEquals( 7, $user->user_level );
405	}
406
407	function test_user_remove_all_caps() {
408	// user starts as an author
409	$id = $this->factory->user->create( array( 'role' => 'author' ) );
410	$user = new WP_User($id);
411	$this->assertTrue($user->exists(), "Problem getting user $id");
412
413	// add some extra capabilities
414	$user->add_cap('make_coffee');
415	$user->add_cap('drink_coffee');
416
417	// re-fetch
418	$user = new WP_User($id);
419	$this->assertTrue($user->exists(), "Problem getting user $id");
420
421	$this->assertTrue($user->has_cap('make_coffee'));
422	$this->assertTrue($user->has_cap('drink_coffee'));
423
424	// all caps are removed
425	$user->remove_all_caps();
426
427	// re-fetch
428	$user = new WP_User($id);
429	$this->assertTrue($user->exists(), "Problem getting user $id");
430
431	// capabilities for the author role should be gone
432	# $this->assertFalse($user->has_cap('edit_posts'));
433	# $this->assertFalse($user->has_cap('edit_published_posts'));
434	# $this->assertFalse($user->has_cap('upload_files'));
435	# $this->assertFalse($user->has_cap('level_2'));
436
437	// the extra capabilities should be gone
438	$this->assertFalse($user->has_cap('make_coffee'));
439	$this->assertFalse($user->has_cap('drink_coffee'));
440
441	// user level should be empty
442	$this->assertEmpty( $user->user_level );
443
444
445	}
446
447	function test_post_meta_caps() {
448	// simple tests for some common meta capabilities
449
450	// Make our author
451	$author = new WP_User( $this->factory->user->create( array( 'role' => 'author' ) ) );
452
453	// make a post
454	$post = $this->factory->post->create( array( 'post_author' => $author->ID, 'post_type' => 'post' ) );
455
456	// the author of the post
457	$this->assertTrue($author->exists(), "Problem getting user $author->ID");
458
459	// add some other users
460	$admin = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
461	$author_2 = new WP_User( $this->factory->user->create( array( 'role' => 'author' ) ) );
462	$editor = new WP_User( $this->factory->user->create( array( 'role' => 'editor' ) ) );
463	$contributor = new WP_User( $this->factory->user->create( array( 'role' => 'contributor' ) ) );
464
465	// administrators, editors and the post owner can edit it
466	$this->assertTrue($admin->has_cap('edit_post', $post));
467	$this->assertTrue($author->has_cap('edit_post', $post));
468	$this->assertTrue($editor->has_cap('edit_post', $post));
469	// other authors and contributors can't
470	$this->assertFalse($author_2->has_cap('edit_post', $post));
471	$this->assertFalse($contributor->has_cap('edit_post', $post));
472
473	// administrators, editors and the post owner can delete it
474	$this->assertTrue($admin->has_cap('delete_post', $post));
475	$this->assertTrue($author->has_cap('delete_post', $post));
476	$this->assertTrue($editor->has_cap('delete_post', $post));
477	// other authors and contributors can't
478	$this->assertFalse($author_2->has_cap('delete_post', $post));
479	$this->assertFalse($contributor->has_cap('delete_post', $post));
480
481	// administrators, editors, and authors can publish it
482	$this->assertTrue($admin->has_cap('publish_post', $post));
483	$this->assertTrue($author->has_cap('publish_post', $post));
484	$this->assertTrue($editor->has_cap('publish_post', $post));
485	$this->assertTrue($author_2->has_cap('publish_post', $post));
486	// contributors can't
487	$this->assertFalse($contributor->has_cap('publish_post', $post));
488
489	register_post_type( 'something', array( 'capabilities' => array( 'edit_posts' => 'draw_somethings' ) ) );
490	$something = get_post_type_object( 'something' );
491	$this->assertEquals( 'draw_somethings', $something->cap->edit_posts );
492	$this->assertEquals( 'draw_somethings', $something->cap->create_posts );
493
494	register_post_type( 'something', array( 'capabilities' =>
495	array( 'edit_posts' => 'draw_somethings', 'create_posts' => 'create_somethings' ) ) );
496	$something = get_post_type_object( 'something' );
497	$this->assertEquals( 'draw_somethings', $something->cap->edit_posts );
498	$this->assertEquals( 'create_somethings', $something->cap->create_posts );
499	_unregister_post_type( 'something' );
500
501	// Test meta authorization callbacks
502	if ( function_exists( 'register_meta') ) {
503	$this->assertTrue( $admin->has_cap('edit_post_meta', $post) );
504	$this->assertTrue( $admin->has_cap('add_post_meta', $post) );
505	$this->assertTrue( $admin->has_cap('delete_post_meta', $post) );
506
507	$this->assertFalse( $admin->has_cap('edit_post_meta', $post, '_protected') );
508	$this->assertFalse( $admin->has_cap('add_post_meta', $post, '_protected') );
509	$this->assertFalse( $admin->has_cap('delete_post_meta', $post, '_protected') );
510
511	register_meta( 'post', '_protected', array( $this, '_meta_filter' ), array( $this, '_meta_yes_you_can' ) );
512	$this->assertTrue( $admin->has_cap('edit_post_meta', $post, '_protected') );
513	$this->assertTrue( $admin->has_cap('add_post_meta', $post, '_protected') );
514	$this->assertTrue( $admin->has_cap('delete_post_meta', $post, '_protected') );
515
516	$this->assertTrue( $admin->has_cap('edit_post_meta', $post, 'not_protected') );
517	$this->assertTrue( $admin->has_cap('add_post_meta', $post, 'not_protected') );
518	$this->assertTrue( $admin->has_cap('delete_post_meta', $post, 'not_protected') );
519
520	register_meta( 'post', 'not_protected', array( $this, '_meta_filter' ), array( $this, '_meta_no_you_cant' ) );
521	$this->assertFalse( $admin->has_cap('edit_post_meta', $post, 'not_protected') );
522	$this->assertFalse( $admin->has_cap('add_post_meta', $post, 'not_protected') );
523	$this->assertFalse( $admin->has_cap('delete_post_meta', $post, 'not_protected') );
524	}
525	}
526
527	function authorless_post_statuses() {
528	return array( array( 'draft' ), array( 'private' ), array( 'publish' ) );
529	}
530
531	/**
532	* @ticket 27020
533	* @dataProvider authorless_post_statuses
534	*/
535	function test_authorless_post( $status ) {
536	// Make a post without an author
537	$post = $this->factory->post->create( array( 'post_author' => 0, 'post_type' => 'post', 'post_status' => $status ) );
538
539	// Add an editor and contributor
540	$editor = $this->factory->user->create_and_get( array( 'role' => 'editor' ) );
541	$contributor = $this->factory->user->create_and_get( array( 'role' => 'contributor' ) );
542
543	// editor can edit, view, and trash
544	$this->assertTrue( $editor->has_cap( 'edit_post', $post ) );
545	$this->assertTrue( $editor->has_cap( 'delete_post', $post ) );
546	$this->assertTrue( $editor->has_cap( 'read_post', $post ) );
547
548	// a contributor cannot (except read a published post)
549	$this->assertFalse( $contributor->has_cap( 'edit_post', $post ) );
550	$this->assertFalse( $contributor->has_cap( 'delete_post', $post ) );
551	$this->assertEquals( $status === 'publish', $contributor->has_cap( 'read_post', $post ) );
552	}
553
554	/**
555	* @ticket 16714
556	*/
557	function test_create_posts_caps() {
558	$author = new WP_User( $this->factory->user->create( array( 'role' => 'author' ) ) );
559	$admin = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
560	$author_2 = new WP_User( $this->factory->user->create( array( 'role' => 'author' ) ) );
561	$editor = new WP_User( $this->factory->user->create( array( 'role' => 'editor' ) ) );
562	$contributor = new WP_User( $this->factory->user->create( array( 'role' => 'contributor' ) ) );
563
564	// create_posts isn't a real cap.
565	$this->assertFalse($admin->has_cap('create_posts'));
566	$this->assertFalse($author->has_cap('create_posts'));
567	$this->assertFalse($editor->has_cap('create_posts'));
568	$this->assertFalse($author_2->has_cap('create_posts'));
569	$this->assertFalse($contributor->has_cap('create_posts'));
570
571	register_post_type( 'foobar' );
572	$cap = get_post_type_object( 'foobar' )->cap;
573
574	$this->assertEquals( 'edit_posts', $cap->create_posts );
575
576	$this->assertTrue($admin->has_cap( $cap->create_posts ));
577
578	$this->assertTrue($admin->has_cap( $cap->create_posts ));
579	$this->assertTrue($author->has_cap( $cap->create_posts ));
580	$this->assertTrue($editor->has_cap( $cap->create_posts ));
581	$this->assertTrue($author_2->has_cap( $cap->create_posts ));
582	$this->assertTrue($contributor->has_cap( $cap->create_posts ));
583
584	_unregister_post_type( 'foobar' );
585
586	// Primitive capability edit_foobars is not assigned to any users.
587	register_post_type( 'foobar', array( 'capability_type' => array( 'foobar', 'foobars' ) ) );
588	$cap = get_post_type_object( 'foobar' )->cap;
589
590	$this->assertEquals( 'edit_foobars', $cap->create_posts );
591
592	$this->assertFalse($admin->has_cap( $cap->create_posts ));
593	$this->assertFalse($author->has_cap( $cap->create_posts ));
594	$this->assertFalse($editor->has_cap( $cap->create_posts ));
595	$this->assertFalse($author_2->has_cap( $cap->create_posts ));
596	$this->assertFalse($contributor->has_cap( $cap->create_posts ));
597
598	// Add edit_foobars primitive cap to a user.
599	$admin->add_cap( 'edit_foobars', true );
600	$admin = new WP_User( $admin->ID );
601	$this->assertTrue($admin->has_cap( $cap->create_posts ));
602	$this->assertFalse($author->has_cap( $cap->create_posts ));
603	$this->assertFalse($editor->has_cap( $cap->create_posts ));
604	$this->assertFalse($author_2->has_cap( $cap->create_posts ));
605	$this->assertFalse($contributor->has_cap( $cap->create_posts ));
606
607	_unregister_post_type( 'foobar' );
608
609	$cap = get_post_type_object( 'attachment' )->cap;
610	$this->assertEquals( 'upload_files', $cap->create_posts );
611	$this->assertEquals( 'edit_posts', $cap->edit_posts );
612
613	$this->assertTrue( $author->has_cap( $cap->create_posts ) );
614	$this->assertTrue( $author->has_cap( $cap->edit_posts ) );
615	$this->assertTrue( $contributor->has_cap( $cap->edit_posts ) );
616	$this->assertFalse( $contributor->has_cap( $cap->create_posts ) );
617	}
618
619	function test_page_meta_caps() {
620	// simple tests for some common meta capabilities
621
622	// Make our author
623	$author = new WP_User( $this->factory->user->create( array( 'role' => 'author' ) ) );
624
625	// make a page
626	$page = $this->factory->post->create( array( 'post_author' => $author->ID, 'post_type' => 'page' ) );
627
628	// the author of the page
629	$this->assertTrue($author->exists(), "Problem getting user " . $author->ID);
630
631	// add some other users
632	$admin = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
633	$author_2 = new WP_User( $this->factory->user->create( array( 'role' => 'author' ) ) );
634	$editor = new WP_User( $this->factory->user->create( array( 'role' => 'editor' ) ) );
635	$contributor = new WP_User( $this->factory->user->create( array( 'role' => 'contributor' ) ) );
636
637	// administrators, editors and the post owner can edit it
638	$this->assertTrue($admin->has_cap('edit_page', $page));
639	$this->assertTrue($editor->has_cap('edit_page', $page));
640	// other authors and contributors can't
641	$this->assertFalse($author->has_cap('edit_page', $page));
642	$this->assertFalse($author_2->has_cap('edit_page', $page));
643	$this->assertFalse($contributor->has_cap('edit_page', $page));
644
645	// administrators, editors and the post owner can delete it
646	$this->assertTrue($admin->has_cap('delete_page', $page));
647	$this->assertTrue($editor->has_cap('delete_page', $page));
648	// other authors and contributors can't
649	$this->assertFalse($author->has_cap('delete_page', $page));
650	$this->assertFalse($author_2->has_cap('delete_page', $page));
651	$this->assertFalse($contributor->has_cap('delete_page', $page));
652	}
653
654	/**
655	* @ticket 21786
656	*/
657	function test_negative_caps() {
658	$author = new WP_User( $this->factory->user->create( array( 'role' => 'author' ) ) );
659	$author->add_cap( 'foo', false );
660	$this->assertTrue ( isset( $author->caps['foo'] ) );
661	$author->remove_cap( 'foo' );
662	$this->assertFalse ( isset( $author->caps['foo'] ) );
663	}
664
665	/**
666	* @ticket 18932
667	*/
668	function test_set_role_same_role() {
669	$user = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
670	$caps = $user->caps;
671	$this->assertNotEmpty( $user->caps );
672	$user->set_role( 'administrator' );
673	$this->assertNotEmpty( $user->caps );
674	$this->assertEquals( $caps, $user->caps );
675	}
676
677	function test_current_user_can_for_blog() {
678	$user = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
679	$old_uid = get_current_user_id();
680	wp_set_current_user( $user->ID );
681
682	$this->assertTrue( current_user_can_for_blog( get_current_blog_id(), 'edit_posts' ) );
683	$this->assertFalse( current_user_can_for_blog( get_current_blog_id(), 'foo_the_bar' ) );
684	if ( ! is_multisite() ) {
685	$this->assertTrue( current_user_can_for_blog( 12345, 'edit_posts' ) );
686	return;
687	}
688
689	$this->assertFalse( current_user_can_for_blog( 12345, 'edit_posts' ) );
690
691	$blog_id = $this->factory->blog->create( array( 'user_id' => $user->ID ) );
692	$this->assertTrue( current_user_can_for_blog( $blog_id, 'edit_posts' ) );
693	$this->assertFalse( current_user_can_for_blog( $blog_id, 'foo_the_bar' ) );
694
695	wp_set_current_user( $old_uid );
696	}
697
698	function test_borked_current_user_can_for_blog() {
699	if ( ! is_multisite() ) {
700	$this->markTestSkipped( 'Test only runs in multisite' );
701	return;
702	}
703
704	$orig_blog_id = get_current_blog_id();
705	$blog_id = $this->factory->blog->create();
706
707	$this->_nullify_current_user();
708
709	add_action( 'switch_blog', array( $this, '_nullify_current_user_and_keep_nullifying_user' ) );
710
711	current_user_can_for_blog( $blog_id, 'edit_posts' );
712
713	$this->assertEquals( $orig_blog_id, get_current_blog_id() );
714	}
715
716	function _nullify_current_user() {
717	// Prevents fatal errors in ::tearDown()'s and other uses of restore_current_blog()
718	$function_stack = wp_debug_backtrace_summary( null, 0, false );
719	if ( in_array( 'restore_current_blog', $function_stack ) ) {
720	return;
721	}
722	$GLOBALS['current_user'] = null;
723	}
724
725	function _nullify_current_user_and_keep_nullifying_user() {
726	add_action( 'set_current_user', array( $this, '_nullify_current_user' ) );
727	}
728
729	/**
730	* @ticket 28374
731	*/
732	function test_current_user_edit_caps() {
733	$user = new WP_User( $this->factory->user->create( array( 'role' => 'contributor' ) ) );
734	wp_set_current_user( $user->ID );
735
736	$user->add_cap( 'publish_posts' );
737	$user->add_cap( 'publish_pages' );
738	$this->assertTrue( $user->has_cap( 'publish_posts' ) );
739	$this->assertTrue( $user->has_cap( 'publish_pages' ) );
740
741	$user->remove_cap( 'publish_pages' );
742	$this->assertFalse( $user->has_cap( 'publish_pages' ) );
743	}
744
745	/**
746	* @ticket 17253
747	*/
748	function test_extra_author_caps() {
749	$author = new WP_User( $this->factory->user->create( array( 'role' => 'author' ) ) );
750	wp_set_current_user( $author->ID );
751
752	$this->assertTrue( $author->has_cap( 'edit_pages' ) );
753	$this->assertTrue( $author->has_cap( 'publish_pages' ) );
754	$this->assertTrue( $author->has_cap( 'edit_published_pages' ) );
755	$this->assertTrue( $author->has_cap( 'delete_pages' ) );
756	$this->assertTrue( $author->has_cap( 'delete_published_pages' ) );
757	}
758	}

Trac UI Preferences

Download in other formats:

Original Format

Make WordPress Core

Context Navigation

Ticket #17253: capabilities.2.php

Download in other formats: