Ticket #43316: 43316.24.diff
File 43316.24.diff, 8.6 KB (added by , 6 years ago) |
---|
-
src/wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php index 79529213c3..01241f2cdc 100644
a b class WP_REST_Autosaves_Controller extends WP_REST_Revisions_Controller { 79 79 public function register_routes() { 80 80 register_rest_route( 81 81 $this->rest_namespace, 82 '/' . $this->parent_base . '/(?P< parent>[\d]+)/' . $this->rest_base,82 '/' . $this->parent_base . '/(?P<id>[\d]+)/' . $this->rest_base, 83 83 array( 84 84 'args' => array( 85 85 'parent' => array( … … class WP_REST_Autosaves_Controller extends WP_REST_Revisions_Controller { 90 90 array( 91 91 'methods' => WP_REST_Server::READABLE, 92 92 'callback' => array( $this, 'get_items' ), 93 'permission_callback' => array( $this ->revisions_controller, 'get_items_permissions_check' ),93 'permission_callback' => array( $this, 'get_items_permissions_check' ), 94 94 'args' => $this->get_collection_params(), 95 95 ), 96 96 array( 97 97 'methods' => WP_REST_Server::CREATABLE, 98 98 'callback' => array( $this, 'create_item' ), 99 99 'permission_callback' => array( $this, 'create_item_permissions_check' ), 100 'args' => $this-> get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),100 'args' => $this->parent_controller->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 101 101 ), 102 102 'schema' => array( $this, 'get_public_item_schema' ), 103 103 ) … … class WP_REST_Autosaves_Controller extends WP_REST_Revisions_Controller { 143 143 return $this->revisions_controller->get_parent( $parent_id ); 144 144 } 145 145 146 /** 147 * Checks if a given request has access to get autosaves. 148 * 149 * @since 5.0.0 150 * 151 * @param WP_REST_Request $request Full data about the request. 152 * @return true|WP_Error True if the request has read access, WP_Error object otherwise. 153 */ 154 public function get_items_permissions_check( $request ) { 155 $parent = $this->get_parent( $request['id'] ); 156 if ( is_wp_error( $parent ) ) { 157 return $parent; 158 } 159 160 $parent_post_type_obj = get_post_type_object( $parent->post_type ); 161 if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) { 162 return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to view revisions of this post.' ), array( 'status' => rest_authorization_required_code() ) ); 163 } 164 165 return true; 166 } 167 146 168 /** 147 169 * Checks if a given request has access to create an autosave revision. 148 170 * … … class WP_REST_Autosaves_Controller extends WP_REST_Revisions_Controller { 177 199 define( 'DOING_AUTOSAVE', true ); 178 200 } 179 201 180 $post = get_post( $request ->get_param( 'id' ));202 $post = get_post( $request['id'] ); 181 203 182 204 if ( is_wp_error( $post ) ) { 183 205 return $post; … … class WP_REST_Autosaves_Controller extends WP_REST_Revisions_Controller { 245 267 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 246 268 */ 247 269 public function get_items( $request ) { 248 $parent = $this->get_parent( $request ->get_param( 'parent' ));270 $parent = $this->get_parent( $request['id'] ); 249 271 if ( is_wp_error( $parent ) ) { 250 272 return $parent; 251 273 } … … class WP_REST_Autosaves_Controller extends WP_REST_Revisions_Controller { 389 411 */ 390 412 return apply_filters( 'rest_prepare_autosave', $response, $post, $request ); 391 413 } 414 415 /** 416 * Retrieves the query params for the autosaves collection. 417 * 418 * @since 5.0.0 419 * 420 * @return array Collection parameters. 421 */ 422 public function get_collection_params() { 423 return array( 424 'context' => $this->get_context_param( array( 'default' => 'view' ) ), 425 ); 426 } 392 427 } -
tests/phpunit/tests/rest-api/rest-autosaves-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-autosaves-controller.php b/tests/phpunit/tests/rest-api/rest-autosaves-controller.php index ede81c5f25..c0217028ef 100644
a b 13 13 class WP_Test_REST_Autosaves_Controller extends WP_Test_REST_Post_Type_Controller_Testcase { 14 14 protected static $post_id; 15 15 protected static $page_id; 16 protected static $draft_page_id; 16 17 17 18 protected static $autosave_post_id; 18 19 protected static $autosave_page_id; … … class WP_Test_REST_Autosaves_Controller extends WP_Test_REST_Post_Type_Controlle 20 21 protected static $editor_id; 21 22 protected static $contributor_id; 22 23 24 protected static $parent_page_id; 25 protected static $child_page_id; 26 protected static $child_draft_page_id; 27 23 28 protected function set_post_data( $args = array() ) { 24 29 $defaults = array( 25 30 'title' => 'Post Title', … … class WP_Test_REST_Autosaves_Controller extends WP_Test_REST_Post_Type_Controlle 76 81 ) 77 82 ); 78 83 84 self::$draft_page_id = $factory->post->create( array( 85 'post_type' => 'page', 86 'post_status' => 'draft', 87 ) ); 88 self::$parent_page_id = $factory->post->create( array( 89 'post_type' => 'page', 90 ) ); 91 self::$child_page_id = $factory->post->create( array( 92 'post_type' => 'page', 93 'post_parent' => self::$parent_page_id, 94 ) ); 95 self::$child_draft_page_id = $factory->post->create( array( 96 'post_type' => 'page', 97 'post_parent' => self::$parent_page_id, 98 // The "update post" behavior of the autosave endpoint only occurs 99 // when saving a draft/auto-draft authored by the current user. 100 'post_status' => 'draft', 101 'post_author' => self::$editor_id, 102 ) ); 79 103 } 80 104 81 105 public static function wpTearDownAfterClass() { … … class WP_Test_REST_Autosaves_Controller extends WP_Test_REST_Post_Type_Controlle 96 120 97 121 public function test_register_routes() { 98 122 $routes = rest_get_server()->get_routes(); 99 $this->assertArrayHasKey( '/wp/v2/posts/(?P< parent>[\d]+)/autosaves', $routes );123 $this->assertArrayHasKey( '/wp/v2/posts/(?P<id>[\d]+)/autosaves', $routes ); 100 124 $this->assertArrayHasKey( '/wp/v2/posts/(?P<parent>[\d]+)/autosaves/(?P<id>[\d]+)', $routes ); 101 $this->assertArrayHasKey( '/wp/v2/pages/(?P< parent>[\d]+)/autosaves', $routes );125 $this->assertArrayHasKey( '/wp/v2/pages/(?P<id>[\d]+)/autosaves', $routes ); 102 126 $this->assertArrayHasKey( '/wp/v2/pages/(?P<parent>[\d]+)/autosaves/(?P<id>[\d]+)', $routes ); 103 127 } 104 128 … … class WP_Test_REST_Autosaves_Controller extends WP_Test_REST_Post_Type_Controlle 119 143 $this->assertEqualSets( array( 'view', 'edit', 'embed' ), $data['endpoints'][0]['args']['context']['enum'] ); 120 144 } 121 145 146 public function test_registered_query_params() { 147 $request = new WP_REST_Request( 'OPTIONS', '/wp/v2/posts/' . self::$post_id . '/autosaves' ); 148 $response = $this->server->dispatch( $request ); 149 $data = $response->get_data(); 150 $keys = array_keys( $data['endpoints'][0]['args'] ); 151 sort( $keys ); 152 $this->assertEquals( array( 153 'context', 154 'parent', 155 ), $keys ); 156 } 157 122 158 public function test_get_items() { 123 159 wp_set_current_user( self::$editor_id ); 124 160 $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/autosaves' ); … … class WP_Test_REST_Autosaves_Controller extends WP_Test_REST_Post_Type_Controlle 517 553 $this->assertEquals( $parent_post_id, self::$post_id ); 518 554 } 519 555 556 public function test_update_item_draft_page_with_parent() { 557 wp_set_current_user( self::$editor_id ); 558 $request = new WP_REST_Request( 'POST', '/wp/v2/pages/' . self::$child_draft_page_id . '/autosaves' ); 559 $request->add_header( 'content-type', 'application/x-www-form-urlencoded' ); 560 561 $params = $this->set_post_data( 562 array( 563 'id' => self::$child_draft_page_id, 564 'author' => self::$editor_id, 565 ) 566 ); 567 568 $request->set_body_params( $params ); 569 $response = rest_get_server()->dispatch( $request ); 570 $data = $response->get_data(); 571 572 $this->assertEquals( self::$child_draft_page_id, $data['id'] ); 573 $this->assertEquals( self::$parent_page_id, $data['parent'] ); 574 } 575 576 public function test_schema_validation_is_applied() { 577 wp_set_current_user( self::$editor_id ); 578 579 $request = new WP_REST_Request( 'POST', '/wp/v2/pages/' . self::$draft_page_id . '/autosaves' ); 580 $request->add_header( 'content-type', 'application/x-www-form-urlencoded' ); 581 582 $params = $this->set_post_data( array( 583 'id' => self::$draft_page_id, 584 'comment_status' => 'garbage', 585 ) ); 586 587 $request->set_body_params( $params ); 588 589 $response = rest_get_server()->dispatch( $request ); 590 $this->assertNotEquals( 'garbage', get_post( self::$draft_page_id )->comment_status ); 591 } 520 592 }