Changeset 27390 for trunk/tests/phpunit/tests/user/capabilities.php

Timestamp:

03/04/2014 03:08:54 AM (12 years ago)

Author:

nacin

Message:

Don't default to current user for capability checks when dealing with a post without an author (post_author = 0).

Undoes [12053]. While it risks breakage, this is a far safer and saner default for these situations.

props danielbachhuber.
fixes #27020.

File:

• trunk/tests/phpunit/tests/user/capabilities.php (modified) (1 diff)

trunk/tests/phpunit/tests/user/capabilities.php

@@ -523 +523 @@
             $this->assertFalse( $admin->has_cap('delete_post_meta',  $post, 'not_protected') );
         }
+    }
+
+    function authorless_post_statuses() {
+        return array( array( 'draft' ), array( 'private' ), array( 'publish' ) );
+    }
+
+    /**
+     * @ticket 27020
+     * @dataProvider authorless_post_statuses
+     */
+    function test_authorless_post( $status ) {
+        // Make a post without an author
+        $post = $this->factory->post->create( array( 'post_author' => 0, 'post_type' => 'post', 'post_status' => $status ) );
+
+        // Add an editor and contributor
+        $editor = $this->factory->user->create_and_get( array( 'role' => 'editor' ) );
+        $contributor = $this->factory->user->create_and_get( array( 'role' => 'contributor' ) );
+
+        // editor can edit, view, and trash
+        $this->assertTrue( $editor->has_cap( 'edit_post', $post ) );
+        $this->assertTrue( $editor->has_cap( 'delete_post', $post ) );
+        $this->assertTrue( $editor->has_cap( 'read_post', $post ) );
+
+        // a contributor cannot (except read a published post)
+        $this->assertFalse( $contributor->has_cap( 'edit_post', $post ) );
+        $this->assertFalse( $contributor->has_cap( 'delete_post', $post ) );
+        $this->assertEquals( $status === 'publish', $contributor->has_cap( 'read_post', $post ) );
     }