| 5157 | /** |
| 5158 | * @ticket 42947 |
| 5159 | * @dataProvider data_get_items_status_permissions |
| 5160 | * @param string[] $grant_cap Capability to grant the contributor. |
| 5161 | * @param string $context The context to request the posts in. |
| 5162 | * @param bool $has_private Whether the other user's private post should be included. |
| 5163 | * @param bool $has_public Whether the other user's public post should be included. |
| 5164 | */ |
| 5165 | public function test_get_items_status_permissions( $grant_cap, $context, $has_private, $has_public ) { |
| 5166 | $user = self::factory()->user->create_and_get( array( 'role' => 'contributor' ) ); |
| 5167 | |
| 5168 | foreach ( $grant_cap as $cap ) { |
| 5169 | $user->add_cap( $cap ); |
| 5170 | } |
| 5171 | |
| 5172 | // Isolate to just these posts. |
| 5173 | $tag = self::factory()->term->create(); |
| 5174 | $a_private = self::factory()->post->create( |
| 5175 | array( |
| 5176 | 'post_author' => self::$author_id, |
| 5177 | 'post_status' => 'private', |
| 5178 | 'tags_input' => array( $tag ), |
| 5179 | ) |
| 5180 | ); |
| 5181 | $a_publish = self::factory()->post->create( |
| 5182 | array( |
| 5183 | 'post_author' => self::$author_id, |
| 5184 | 'post_status' => 'publish', |
| 5185 | 'tags_input' => array( $tag ), |
| 5186 | ) |
| 5187 | ); |
| 5188 | $c_private = self::factory()->post->create( |
| 5189 | array( |
| 5190 | 'post_author' => $user->ID, |
| 5191 | 'post_status' => 'private', |
| 5192 | 'tags_input' => array( $tag ), |
| 5193 | ) |
| 5194 | ); |
| 5195 | $c_publish = self::factory()->post->create( |
| 5196 | array( |
| 5197 | 'post_author' => $user->ID, |
| 5198 | 'post_status' => 'publish', |
| 5199 | 'tags_input' => array( $tag ), |
| 5200 | ) |
| 5201 | ); |
| 5202 | |
| 5203 | $expected = array( $c_private, $c_publish ); |
| 5204 | |
| 5205 | if ( $has_public ) { |
| 5206 | $expected[] = $a_publish; |
| 5207 | } |
| 5208 | |
| 5209 | if ( $has_private ) { |
| 5210 | $expected[] = $a_private; |
| 5211 | } |
| 5212 | |
| 5213 | $count = count( $expected ); |
| 5214 | |
| 5215 | wp_set_current_user( $user->ID ); |
| 5216 | $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); |
| 5217 | $request->set_query_params( |
| 5218 | array( |
| 5219 | 'status' => 'publish,private', |
| 5220 | 'per_page' => $count, |
| 5221 | 'orderby' => 'id', |
| 5222 | 'context' => $context, |
| 5223 | 'tags' => array( $tag ), |
| 5224 | ) |
| 5225 | ); |
| 5226 | |
| 5227 | $posts = rest_do_request( $request ); |
| 5228 | $this->assertNotWPError( $posts->as_error() ); |
| 5229 | $this->assertSameSets( $expected, wp_list_pluck( $posts->get_data(), 'id' ) ); |
| 5230 | |
| 5231 | $this->assertEquals( $count, $posts->get_headers()['X-WP-Total'] ); |
| 5232 | } |
| 5233 | |
| 5234 | public function data_get_items_status_permissions() { |
| 5235 | return array( |
| 5236 | array( array(), 'view', false, true ), |
| 5237 | array( array( 'read_private_posts' ), 'view', true, true ), |
| 5238 | array( array(), 'edit', false, false ), |
| 5239 | array( array( 'read_private_posts', 'edit_others_posts' ), 'edit', true, true ), |
| 5240 | ); |
| 5241 | } |
| 5242 | |