Changeset 33096
- Timestamp:
- 07/06/2015 10:40:59 PM (9 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/post.php
r33054 r33096 386 386 wp_set_post_lock( $post_ID ); 387 387 388 if ( current_user_can( $ptype->cap->edit_others_posts ) ) {388 if ( current_user_can( $ptype->cap->edit_others_posts ) && current_user_can( $ptype->cap->publish_posts ) ) { 389 389 if ( ! empty( $post_data['sticky'] ) ) 390 390 stick_post( $post_ID ); -
trunk/tests/phpunit/tests/post.php
r33041 r33096 1024 1024 _unregister_post_type( $post_type ); 1025 1025 } 1026 1027 /** 1028 * If a post is sticky and is updated by a user that does not have the publish_post capability, it should _stay_ 1029 * sticky. 1030 * 1031 * @ticket 24153 1032 */ 1033 function test_user_without_publish_cannot_affect_sticky() { 1034 // Create a role with edit_others_posts. 1035 add_role( 'grammarian', 'Grammarian', array( 1036 'read' => true, 1037 'edit_posts' => true, 1038 'edit_others_posts' => true, 1039 'edit_published_posts' => true, 1040 ) ); 1041 $editor_user = $this->factory->user->create( array( 'role' => 'grammarian' ) ); 1042 $old_uid = get_current_user_id(); 1043 wp_set_current_user( $editor_user ); 1044 1045 // Sanity Check. 1046 $this->assertFalse( current_user_can( 'publish_posts' ) ); 1047 $this->assertTrue( current_user_can( 'edit_others_posts' ) ); 1048 $this->assertTrue( current_user_can( 'edit_published_posts' ) ); 1049 1050 // Create a sticky post. 1051 $post = $this->factory->post->create_and_get( array( 1052 'post_title' => 'Will be changed', 1053 'post_content' => 'Will be changed', 1054 ) ); 1055 stick_post( $post->ID ); 1056 1057 // Sanity Check. 1058 $this->assertTrue( is_sticky( $post->ID ) ); 1059 1060 // Edit the post. 1061 $post->post_title = 'Updated'; 1062 $post->post_content = 'Updated'; 1063 wp_update_post( $post ); 1064 1065 // Make sure it's still sticky. 1066 $saved_post = get_post( $post->ID ); 1067 $this->assertTrue( is_sticky( $saved_post->ID ) ); 1068 $this->assertEquals( 'Updated', $saved_post->post_title ); 1069 $this->assertEquals( 'Updated', $saved_post->post_content ); 1070 1071 // Teardown 1072 wp_set_current_user( $old_uid ); 1073 } 1074 1075 /** 1076 * If the `edit_post()` method is invoked by a user without publish_posts permission, the sticky status of the post 1077 * should not be changed. 1078 * 1079 * @ticket 24153 1080 */ 1081 function test_user_without_publish_cannot_affect_sticky_with_edit_post() { 1082 // Create a sticky post. 1083 $post = $this->factory->post->create_and_get( array( 1084 'post_title' => 'Will be changed', 1085 'post_content' => 'Will be changed', 1086 ) ); 1087 stick_post( $post->ID ); 1088 1089 // Sanity Check. 1090 $this->assertTrue( is_sticky( $post->ID ) ); 1091 1092 // Create a role with edit_others_posts. 1093 add_role( 'grammarian', 'Grammarian', array( 1094 'read' => true, 1095 'edit_posts' => true, 1096 'edit_others_posts' => true, 1097 'edit_published_posts' => true, 1098 ) ); 1099 $editor_user = $this->factory->user->create( array( 'role' => 'grammarian' ) ); 1100 $old_uid = get_current_user_id(); 1101 wp_set_current_user( $editor_user ); 1102 1103 // Sanity Check. 1104 $this->assertFalse( current_user_can( 'publish_posts' ) ); 1105 $this->assertTrue( current_user_can( 'edit_others_posts' ) ); 1106 $this->assertTrue( current_user_can( 'edit_published_posts' ) ); 1107 1108 // Edit the post - The key 'sticky' is intentionally unset. 1109 $data = array( 1110 'post_ID' => $post->ID, 1111 'post_title' => 'Updated', 1112 'post_content' => 'Updated', 1113 ); 1114 edit_post( $data ); 1115 1116 // Make sure it's still sticky 1117 $saved_post = get_post( $post->ID ); 1118 $this->assertTrue( is_sticky( $saved_post->ID ) ); 1119 $this->assertEquals( 'Updated', $saved_post->post_title ); 1120 $this->assertEquals( 'Updated', $saved_post->post_content ); 1121 1122 // Teardown 1123 wp_set_current_user( $old_uid ); 1124 } 1026 1125 }
Note: See TracChangeset
for help on using the changeset viewer.