WordPress.org

Make WordPress Core


Ignore:
Timestamp:
07/22/2015 04:01:53 AM (4 years ago)
Author:
pento
Message:

Capabilities: When creating an auto-draft, ensure that the current user still has permission to do so.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user/capabilities.php

    r32812 r33357  
    927927        $this->assertFalse( $user->has_cap( 'publish_pages' ) );
    928928    }
     929
     930    function test_subscriber_cant_edit_posts() {
     931        $user = new WP_User( $this->factory->user->create( array( 'role' => 'subscriber' ) ) );
     932        wp_set_current_user( $user->ID );
     933
     934        $post = $this->factory->post->create( array( 'post_author' => 1 ) );
     935
     936        $this->assertFalse( current_user_can( 'edit_post', $post ) );
     937        $this->assertFalse( current_user_can( 'edit_post', $post + 1 ) );
     938    }
    929939}
Note: See TracChangeset for help on using the changeset viewer.