WordPress.org

Make WordPress Core

Ticket #41059: 41059.patch

File 41059.patch, 3.0 KB (added by johnbillion, 3 years ago)
  • src/wp-includes/class-wp-user.php

     
    748748                // Everyone is allowed to exist.
    749749                $capabilities['exist'] = true;
    750750
     751                // Nobody is allowed to do things they are not allowed to do.
     752                unset( $capabilities['do_not_allow'] );
     753
    751754                // Must have ALL requested caps.
    752755                foreach ( (array) $caps as $cap ) {
    753756                        if ( empty( $capabilities[ $cap ] ) )
  • tests/phpunit/tests/user/capabilities.php

     
    494494                $this->assertTrue( user_can( $user, 'exist' ), "User with the {$role} role should have the exist capability" );
    495495        }
    496496
     497        /**
     498         * @ticket 41059
     499         */
     500        public function test_do_not_allow_is_denied_for_all_roles() {
     501                foreach ( self::$users as $role => $user ) {
     502
     503                        # Test adding the cap directly to the user
     504                        $user->add_cap( 'do_not_allow' );
     505                        $has_cap = $user->has_cap( 'do_not_allow' );
     506                        $user->remove_cap( 'do_not_allow' );
     507                        $this->assertFalse( $has_cap, "User with the {$role} role should not have the do_not_allow capability" );
     508
     509                        # Test adding the cap to the user's role
     510                        $role_obj = get_role( $role );
     511                        $role_obj->add_cap( 'do_not_allow' );
     512                        $has_cap = $user->has_cap( 'do_not_allow' );
     513                        $role_obj->remove_cap( 'do_not_allow' );
     514                        $this->assertFalse( $has_cap, "User with the {$role} role should not have the do_not_allow capability" );
     515
     516                        # Test adding the cap via a filter
     517                        add_filter( 'user_has_cap', array( $this, 'grant_do_not_allow' ), 10, 4 );
     518                        $has_cap = $user->has_cap( 'do_not_allow' );
     519                        remove_filter( 'user_has_cap', array( $this, 'grant_do_not_allow' ), 10, 4 );
     520                        $this->assertFalse( $has_cap, "User with the {$role} role should not have the do_not_allow capability" );
     521
     522                }
     523        }
     524
     525        /**
     526         * @group ms-required
     527         * @ticket 41059
     528         */
     529        public function test_do_not_allow_is_denied_for_super_admins() {
     530                # Test adding the cap directly to the user
     531                self::$super_admin->add_cap( 'do_not_allow' );
     532                $has_cap = self::$super_admin->has_cap( 'do_not_allow' );
     533                self::$super_admin->remove_cap( 'do_not_allow' );
     534                $this->assertFalse( $has_cap, 'Super admins should not have the do_not_allow capability' );
     535
     536                # Test adding the cap via a filter
     537                add_filter( 'user_has_cap', array( $this, 'grant_do_not_allow' ), 10, 4 );
     538                $has_cap = self::$super_admin->has_cap( 'do_not_allow' );
     539                remove_filter( 'user_has_cap', array( $this, 'grant_do_not_allow' ), 10, 4 );
     540                $this->assertFalse( $has_cap, 'Super admins should not have the do_not_allow capability' );
     541        }
     542
     543        public function grant_do_not_allow( $allcaps, $caps, $args, $user ) {
     544                $allcaps['do_not_allow'] = true;
     545                return $allcaps;
     546        }
     547
    497548        // special case for the link manager
    498549        function test_link_manager_caps() {
    499550                $caps = array(