WordPress.org

Make WordPress Core


Ignore:
Timestamp:
09/10/2015 03:20:11 AM (4 years ago)
Author:
jeremyfelt
Message:

Multisite: Test edit_user capabilities for multisite administrators

An administrator in multisite can not edit users other than itself.

Props daniellandau for the initial patch.
See #16860.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user/capabilities.php

    r33357 r33987  
    937937        $this->assertFalse( current_user_can( 'edit_post', $post + 1 ) );
    938938    }
     939
     940    function test_multisite_administrator_can_not_edit_users() {
     941        if ( ! is_multisite() ) {
     942            $this->markTestSkipped( 'Test only runs in multisite' );
     943            return;
     944        }
     945
     946        $user = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
     947        $other_user = new WP_User( $this->factory->user->create( array( 'role' => 'subscriber' ) ) );
     948
     949        wp_set_current_user( $user->ID );
     950
     951        $this->assertFalse( current_user_can( 'edit_user', $other_user->ID ) );
     952    }
     953
     954    function test_multisite_user_can_edit_self() {
     955        if ( ! is_multisite() ) {
     956            $this->markTestSkipped( 'Test only runs in multisite' );
     957            return;
     958        }
     959
     960        $user = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
     961
     962        wp_set_current_user( $user->ID );
     963
     964        $this->assertTrue( current_user_can( 'edit_user', $user->ID ) );
     965    }
    939966}
Note: See TracChangeset for help on using the changeset viewer.