Ticket #43701: 43701.diff
File 43701.diff, 2.2 KB (added by , 6 years ago) |
---|
-
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
diff --git src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index 0661152..80c0f8d 100644
class WP_REST_Posts_Controller extends WP_REST_Controller { 2291 2291 2292 2292 $post_type_obj = get_post_type_object( $this->post_type ); 2293 2293 2294 if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {2294 if ( current_user_can( $post_type_obj->cap->edit_posts ) || current_user_can( $post_type_obj->cap->read_private_posts ) ) { 2295 2295 $result = rest_validate_request_arg( $status, $request, $parameter ); 2296 2296 if ( is_wp_error( $result ) ) { 2297 2297 return $result; -
tests/phpunit/tests/rest-api/rest-posts-controller.php
diff --git tests/phpunit/tests/rest-api/rest-posts-controller.php tests/phpunit/tests/rest-api/rest-posts-controller.php index c0a5397..f7d41b7 100644
class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 617 617 } 618 618 } 619 619 620 /** 621 * @ticket 43701 622 */ 623 public function test_get_items_status_private_without_edit_capability() { 624 $this->factory->post->create( array( 'post_status' => 'private' ) ); 625 626 wp_set_current_user( 0 ); 627 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 628 $request->set_param( 'status', 'private' ); 629 $response = rest_get_server()->dispatch( $request ); 630 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 631 632 add_role( 'wp_test_role_read_private', 'Paid Subscriber', array( 'read_private_posts' => true ) ); 633 634 $user_id = $this->factory->user->create( 635 array( 636 'role' => 'wp_test_role_read_private', 637 ) 638 ); 639 640 wp_set_current_user( $user_id ); 641 642 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 643 $request->set_param( 'status', 'private' ); 644 $response = rest_get_server()->dispatch( $request ); 645 $this->assertEquals( 200, $response->get_status() ); 646 $this->assertEquals( 1, count( $response->get_data() ) ); 647 } 648 620 649 public function test_get_items_order_and_orderby() { 621 650 $this->factory->post->create( 622 651 array(