Make WordPress Core

Ticket #35914: 35914.1.diff

File 35914.1.diff, 5.5 KB (added by westonruter, 8 years ago)
  • src/wp-includes/customize/class-wp-customize-partial.php

    diff --git src/wp-includes/customize/class-wp-customize-partial.php src/wp-includes/customize/class-wp-customize-partial.php
    index f6e5e44..3cb410b 100644
    class WP_Customize_Partial { 
    7070        public $selector;
    7171
    7272        /**
    73          * All settings tied to the partial.
     73         * IDs for settings tied to the partial.
    7474         *
    7575         * @access public
    7676         * @since 4.5.0
    77          * @var WP_Customize_Setting[]
     77         * @var array
    7878         */
    7979        public $settings;
    8080
    class WP_Customize_Partial { 
    285285                );
    286286                return $exports;
    287287        }
     288
     289        /**
     290         * Checks if the user can refresh this partial.
     291         *
     292         * Returns false if the user cannot manipulate one of the associated settings,
     293         * or if one of the associated settings does not exist.
     294         *
     295         * @since 4.5.0
     296         * @access public
     297         *
     298         * @return bool False if user can't edit one one of the related settings,
     299         *                    or if one of the associated settings does not exist.
     300         */
     301        final public function check_capabilities() {
     302                foreach ( $this->settings as $setting_id ) {
     303                        $setting = $this->component->manager->get_setting( $setting_id );
     304                        if ( ! $setting || ! $setting->check_capabilities() ) {
     305                                return false;
     306                        }
     307                }
     308                return true;
     309        }
    288310}
  • src/wp-includes/customize/class-wp-customize-selective-refresh.php

    diff --git src/wp-includes/customize/class-wp-customize-selective-refresh.php src/wp-includes/customize/class-wp-customize-selective-refresh.php
    index bf8a9e3..23bf06d 100644
    final class WP_Customize_Selective_Refresh { 
    172172                $partials = array();
    173173
    174174                foreach ( $this->partials() as $partial ) {
    175                         $partials[ $partial->id ] = $partial->json();
     175                        if ( $partial->check_capabilities() ) {
     176                                $partials[ $partial->id ] = $partial->json();
     177                        }
    176178                }
    177179
    178180                $exports = array(
    final class WP_Customize_Selective_Refresh { 
    356358
    357359                        $partial = $this->get_partial( $partial_id );
    358360
    359                         if ( ! $partial ) {
     361                        if ( ! $partial || ! $partial->check_capabilities() ) {
    360362                                $contents[ $partial_id ] = null;
    361363                                continue;
    362364                        }
  • tests/phpunit/tests/customize/partial.php

    diff --git tests/phpunit/tests/customize/partial.php tests/phpunit/tests/customize/partial.php
    index 6120355..9b08fc1 100644
    class Test_WP_Customize_Partial extends WP_UnitTestCase { 
    273273        }
    274274
    275275        /**
    276          * Test WP_Customize_Partial::json() default.
     276         * Test WP_Customize_Partial::json().
    277277         *
    278278         * @see WP_Customize_Partial::json()
    279279         */
    class Test_WP_Customize_Partial extends WP_UnitTestCase { 
    301301        }
    302302
    303303        /**
     304         * Test WP_Customize_Partial::check_capabilities().
     305         *
     306         * @see WP_Customize_Partial::check_capabilities()
     307         */
     308        function test_check_capabilities() {
     309                wp_set_current_user( self::factory()->user->create( array( 'role' => 'administrator' ) ) );
     310                do_action( 'customize_register', $this->wp_customize );
     311                $partial = new WP_Customize_Partial( $this->selective_refresh, 'blogname', array(
     312                        'settings' => array( 'blogname' ),
     313                ) );
     314                $this->assertTrue( $partial->check_capabilities() );
     315
     316                $partial = new WP_Customize_Partial( $this->selective_refresh, 'blogname', array(
     317                        'settings' => array( 'blogname', 'non_existing' ),
     318                ) );
     319                $this->assertFalse( $partial->check_capabilities() );
     320
     321                $this->wp_customize->add_setting( 'top_secret_message', array(
     322                        'capability' => 'top_secret_clearance',
     323                ) );
     324                $partial = new WP_Customize_Partial( $this->selective_refresh, 'blogname', array(
     325                        'settings' => array( 'blogname', 'top_secret_clearance' ),
     326                ) );
     327                $this->assertFalse( $partial->check_capabilities() );
     328        }
     329
     330        /**
    304331         * Tear down.
    305332         */
    306333        function tearDown() {
  • tests/phpunit/tests/customize/selective-refresh.php

    diff --git tests/phpunit/tests/customize/selective-refresh.php tests/phpunit/tests/customize/selective-refresh.php
    index de56b13..73e7dc3 100644
    class Test_WP_Customize_Selective_Refresh extends WP_UnitTestCase { 
    137137         * @see WP_Customize_Selective_Refresh::export_preview_data()
    138138         */
    139139        function test_export_preview_data() {
     140                $user_id = self::factory()->user->create( array( 'role' => 'administrator' ) );
     141                wp_set_current_user( $user_id );
     142                $user = new WP_User( $user_id );
     143                do_action( 'customize_register', $this->wp_customize );
     144                $user->remove_cap( 'top_secret_clearance' );
     145                $this->wp_customize->add_setting( 'top_secret_message', array(
     146                        'capability' => 'top_secret_clearance', // The administrator role lacks this.
     147                ) );
    140148                $this->selective_refresh->add_partial( 'blogname', array(
    141149                        'selector' => '#site-title',
    142150                ) );
     151                $this->selective_refresh->add_partial( 'top_secret_message', array(
     152                        'settings' => array( 'top_secret_message' ),
     153                ) );
    143154                ob_start();
    144155                $this->selective_refresh->export_preview_data();
    145156                $html = ob_get_clean();
    class Test_WP_Customize_Selective_Refresh extends WP_UnitTestCase { 
    149160                $this->assertArrayHasKey( 'partials', $exported_data );
    150161                $this->assertInternalType( 'array', $exported_data['partials'] );
    151162                $this->assertArrayHasKey( 'blogname', $exported_data['partials'] );
     163                $this->assertArrayNotHasKey( 'top_secret_message', $exported_data['partials'] );
    152164                $this->assertEquals( '#site-title', $exported_data['partials']['blogname']['selector'] );
    153165                $this->assertArrayHasKey( 'renderQueryVar', $exported_data );
    154166                $this->assertArrayHasKey( 'l10n', $exported_data );