WordPress.org
Get WordPress

Make WordPress Core

Ticket #38505: 38505.diff

File 38505.diff, 4.0 KB (added by boonebgorges, 10 years ago)

  • src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php 

    diff --git src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
index cf131ad..43009cc 100644
    class WP_REST_Terms_Controller extends WP_REST_Controller { 
    451451                        return new WP_Error( 'rest_term_invalid', __( "Resource doesn't exist." ), array( 'status' => 404 ) );
    452452                }
    453453
    454                 $taxonomy_obj = get_taxonomy( $this->taxonomy );
    455                 if ( ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) {
     454                if ( ! current_user_can( 'edit_term', $term->term_id ) ) {
    456455                        return new WP_Error( 'rest_cannot_update', __( 'Sorry, you cannot update resource.' ), array( 'status' => rest_authorization_required_code() ) );
    457456                }
    458457
    class WP_REST_Terms_Controller extends WP_REST_Controller { 
    527526                if ( ! $term ) {
    528527                        return new WP_Error( 'rest_term_invalid', __( "Resource doesn't exist." ), array( 'status' => 404 ) );
    529528                }
    530                 $taxonomy_obj = get_taxonomy( $this->taxonomy );
    531                 if ( ! current_user_can( $taxonomy_obj->cap->delete_terms ) ) {
     529
     530                if ( ! current_user_can( 'delete_term', $term->term_id ) ) {
    532531                        return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you cannot delete resource.' ), array( 'status' => rest_authorization_required_code() ) );
    533532                }
    534533                return true;

  • tests/phpunit/tests/rest-api/rest-tags-controller.php 

    diff --git tests/phpunit/tests/rest-api/rest-tags-controller.php tests/phpunit/tests/rest-api/rest-tags-controller.php
index fd0e1d56..d1f7bad 100644
    class WP_Test_REST_Tags_Controller extends WP_Test_REST_Controller_Testcase { 
    533533                $this->assertErrorResponse( 'rest_cannot_update', $response, 403 );
    534534        }
    535535
     536        /**
     537         * @ticket 38505
     538         */
     539        public function test_update_item_with_edit_term_cap_granted() {
     540                wp_set_current_user( self::$subscriber );
     541                $term = $this->factory->tag->create_and_get();
     542                $request = new WP_REST_Request( 'POST', '/wp/v2/tags/' . $term->term_id );
     543                $request->set_param( 'name', 'New Name' );
     544
     545                add_filter( 'map_meta_cap', array( $this, 'grant_edit_term' ), 10, 2 );
     546                $response = $this->server->dispatch( $request );
     547                remove_filter( 'user_has_cap', array( $this, 'grant_edit_term' ), 10, 2 );
     548
     549                $this->assertEquals( 200, $response->get_status() );
     550                $data = $response->get_data();
     551                $this->assertEquals( 'New Name', $data['name'] );
     552        }
     553
     554        public function grant_edit_term( $caps, $cap ) {
     555                if ( 'edit_term' === $cap ) {
     556                        $caps = array( 'read' );
     557                }
     558                return $caps;
     559        }
     560
    536561        public function test_update_item_parent_non_hierarchical_taxonomy() {
    537562                wp_set_current_user( self::$administrator );
    538563                $term = get_term_by( 'id', $this->factory->tag->create(), 'post_tag' );
    class WP_Test_REST_Tags_Controller extends WP_Test_REST_Controller_Testcase { 
    578603                $this->assertErrorResponse( 'rest_cannot_delete', $response, 403 );
    579604        }
    580605
     606        /**
     607         * @ticket 38505
     608         */
     609        public function test_delete_item_with_delete_term_cap_granted() {
     610                wp_set_current_user( self::$subscriber );
     611                $term = get_term_by( 'id', $this->factory->tag->create( array( 'name' => 'Deleted Tag' ) ), 'post_tag' );
     612                $request = new WP_REST_Request( 'DELETE', '/wp/v2/tags/' . $term->term_id );
     613                $request->set_param( 'force', true );
     614
     615                add_filter( 'map_meta_cap', array( $this, 'grant_delete_term' ), 10, 2 );
     616                $response = $this->server->dispatch( $request );
     617                remove_filter( 'map_meta_cap', array( $this, 'grant_delete_term' ), 10, 2 );
     618
     619                $this->assertEquals( 200, $response->get_status() );
     620                $data = $response->get_data();
     621                $this->assertEquals( 'Deleted Tag', $data['name'] );
     622        }
     623
     624        public function grant_delete_term( $caps, $cap ) {
     625                if ( 'delete_term' === $cap ) {
     626                        $caps = array( 'read' );
     627                }
     628                return $caps;
     629        }
     630
    581631        public function test_prepare_item() {
    582632                $term = get_term_by( 'id', $this->factory->tag->create(), 'post_tag' );
    583633                $request = new WP_REST_Request( 'GET', '/wp/v2/tags/' . $term->term_id );