Make WordPress Core

Ticket #43701: 43701.diff

File 43701.diff, 2.2 KB (added by soulseekah, 6 years ago)

tests + fix

  • src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

    diff --git src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
    index 0661152..80c0f8d 100644
    class WP_REST_Posts_Controller extends WP_REST_Controller { 
    22912291
    22922292                        $post_type_obj = get_post_type_object( $this->post_type );
    22932293
    2294                         if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
     2294                        if ( current_user_can( $post_type_obj->cap->edit_posts ) || current_user_can( $post_type_obj->cap->read_private_posts ) ) {
    22952295                                $result = rest_validate_request_arg( $status, $request, $parameter );
    22962296                                if ( is_wp_error( $result ) ) {
    22972297                                        return $result;
  • tests/phpunit/tests/rest-api/rest-posts-controller.php

    diff --git tests/phpunit/tests/rest-api/rest-posts-controller.php tests/phpunit/tests/rest-api/rest-posts-controller.php
    index c0a5397..f7d41b7 100644
    class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 
    617617                }
    618618        }
    619619
     620        /**
     621         * @ticket 43701
     622         */
     623        public function test_get_items_status_private_without_edit_capability() {
     624                $this->factory->post->create( array( 'post_status' => 'private' ) );
     625
     626                wp_set_current_user( 0 );
     627                $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
     628                $request->set_param( 'status', 'private' );
     629                $response = rest_get_server()->dispatch( $request );
     630                $this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
     631
     632                add_role( 'wp_test_role_read_private', 'Paid Subscriber', array( 'read_private_posts' => true ) );
     633
     634                $user_id = $this->factory->user->create(
     635                        array(
     636                                'role' => 'wp_test_role_read_private',
     637                        )
     638                );
     639
     640                wp_set_current_user( $user_id );
     641
     642                $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
     643                $request->set_param( 'status', 'private' );
     644                $response = rest_get_server()->dispatch( $request );
     645                $this->assertEquals( 200, $response->get_status() );
     646                $this->assertEquals( 1, count( $response->get_data() ) );
     647        }
     648
    620649        public function test_get_items_order_and_orderby() {
    621650                $this->factory->post->create(
    622651                        array(