| 2192 | /** |
| 2193 | * @ticket 39701 |
| 2194 | */ |
| 2195 | public function test_get_item_from_different_site_as_site_administrator() { |
| 2196 | if ( ! is_multisite() ) { |
| 2197 | $this->markTestSkipped( 'Test only runs in multisite' ); |
| 2198 | } |
| 2199 | |
| 2200 | switch_to_blog( self::$site ); |
| 2201 | $user_id = $this->factory->user->create( array( |
| 2202 | 'role' => 'author', |
| 2203 | ) ); |
| 2204 | restore_current_blog(); |
| 2205 | |
| 2206 | wp_set_current_user( self::$user ); |
| 2207 | $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/users/%d', $user_id ) ); |
| 2208 | |
| 2209 | $response = $this->server->dispatch( $request ); |
| 2210 | $this->assertErrorResponse( 'rest_user_cannot_view', $response, 403 ); |
| 2211 | } |
| 2212 | |
| 2213 | /** |
| 2214 | * @ticket 39701 |
| 2215 | */ |
| 2216 | public function test_get_item_from_different_site_as_network_administrator() { |
| 2217 | if ( ! is_multisite() ) { |
| 2218 | $this->markTestSkipped( 'Test only runs in multisite' ); |
| 2219 | } |
| 2220 | |
| 2221 | switch_to_blog( self::$site ); |
| 2222 | $user_id = $this->factory->user->create( array( |
| 2223 | 'role' => 'author', |
| 2224 | ) ); |
| 2225 | restore_current_blog(); |
| 2226 | |
| 2227 | wp_set_current_user( self::$superadmin ); |
| 2228 | $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/users/%d', $user_id ) ); |
| 2229 | |
| 2230 | $response = $this->server->dispatch( $request ); |
| 2231 | $this->check_get_user_response( $response ); |
| 2232 | } |
| 2233 | |
| 2234 | /** |
| 2235 | * @ticket 39701 |
| 2236 | */ |
| 2237 | public function test_update_item_from_different_site_as_site_administrator() { |
| 2238 | if ( ! is_multisite() ) { |
| 2239 | $this->markTestSkipped( 'Test only runs in multisite' ); |
| 2240 | } |
| 2241 | |
| 2242 | switch_to_blog( self::$site ); |
| 2243 | $user_id = $this->factory->user->create( array( |
| 2244 | 'role' => 'author', |
| 2245 | ) ); |
| 2246 | restore_current_blog(); |
| 2247 | |
| 2248 | wp_set_current_user( self::$user ); |
| 2249 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $user_id ) ); |
| 2250 | $request->add_header( 'content-type', 'application/x-www-form-urlencoded' ); |
| 2251 | $request->set_body_params( array( 'first_name' => 'New Name' ) ); |
| 2252 | |
| 2253 | $response = $this->server->dispatch( $request ); |
| 2254 | $this->assertErrorResponse( 'rest_cannot_edit', $response, 403 ); |
| 2255 | } |
| 2256 | |
| 2257 | /** |
| 2258 | * @ticket 39701 |
| 2259 | */ |
| 2260 | public function test_update_item_from_different_site_as_network_administrator() { |
| 2261 | if ( ! is_multisite() ) { |
| 2262 | $this->markTestSkipped( 'Test only runs in multisite' ); |
| 2263 | } |
| 2264 | |
| 2265 | switch_to_blog( self::$site ); |
| 2266 | $user_id = $this->factory->user->create( array( |
| 2267 | 'role' => 'author', |
| 2268 | ) ); |
| 2269 | restore_current_blog(); |
| 2270 | |
| 2271 | wp_set_current_user( self::$superadmin ); |
| 2272 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $user_id ) ); |
| 2273 | $request->add_header( 'content-type', 'application/x-www-form-urlencoded' ); |
| 2274 | $request->set_body_params( array( 'first_name' => 'New Name' ) ); |
| 2275 | |
| 2276 | $response = $this->server->dispatch( $request ); |
| 2277 | $this->check_add_edit_user_response( $response, true ); |
| 2278 | } |
| 2279 | |
| 2280 | /** |
| 2281 | * @ticket 39701 |
| 2282 | */ |
| 2283 | public function test_update_item_from_different_site_as_network_administrator_with_roles() { |
| 2284 | if ( ! is_multisite() ) { |
| 2285 | $this->markTestSkipped( 'Test only runs in multisite' ); |
| 2286 | } |
| 2287 | |
| 2288 | switch_to_blog( self::$site ); |
| 2289 | $user_id = $this->factory->user->create( array( |
| 2290 | 'role' => 'author', |
| 2291 | ) ); |
| 2292 | restore_current_blog(); |
| 2293 | |
| 2294 | wp_set_current_user( self::$superadmin ); |
| 2295 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $user_id ) ); |
| 2296 | $request->add_header( 'content-type', 'application/x-www-form-urlencoded' ); |
| 2297 | $request->set_body_params( array( 'roles' => array( 'subscriber' ) ) ); |
| 2298 | |
| 2299 | $response = $this->server->dispatch( $request ); |
| 2300 | $this->assertErrorResponse( 'rest_cannot_edit_roles', $response, 400 ); |
| 2301 | } |
| 2302 | |