Changeset 34570
- Timestamp:
- 09/26/2015 02:48:47 AM (9 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-xmlrpc-server.php
r34559 r34570 3156 3156 $comment_id = (int) $args[3]; 3157 3157 3158 if ( !$user = $this->login($username, $password) ) 3159 return $this->error; 3160 3161 if ( !current_user_can( 'moderate_comments' ) ) 3162 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 3158 if ( ! $user = $this->login( $username, $password ) ) { 3159 return $this->error; 3160 } 3163 3161 3164 3162 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3165 3163 do_action( 'xmlrpc_call', 'wp.getComment' ); 3166 3164 3167 if ( ! $comment = get_comment( $comment_id) )3165 if ( ! $comment = get_comment( $comment_id ) ) { 3168 3166 return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 3167 } 3168 3169 if ( ! current_user_can( 'edit_comment', $comment_id ) ) { 3170 return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); 3171 } 3169 3172 3170 3173 return $this->_prepare_comment( $comment ); … … 3204 3207 $struct = isset( $args[3] ) ? $args[3] : array(); 3205 3208 3206 if ( !$user = $this->login($username, $password) ) 3207 return $this->error; 3208 3209 if ( !current_user_can( 'moderate_comments' ) ) 3210 return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) ); 3209 if ( ! $user = $this->login($username, $password ) ) 3210 return $this->error; 3211 3211 3212 3212 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 3213 3213 do_action( 'xmlrpc_call', 'wp.getComments' ); 3214 3214 3215 if ( isset( $struct['status']) )3215 if ( isset( $struct['status'] ) ) 3216 3216 $status = $struct['status']; 3217 3217 else 3218 3218 $status = ''; 3219 3220 if ( ! current_user_can( 'moderate_comments' ) && 'approve' !== $status ) { 3221 return new IXR_Error( 401, __( 'Invalid comment status.' ) ); 3222 } 3219 3223 3220 3224 $post_id = ''; … … 3261 3265 * @return bool|IXR_Error {@link wp_delete_comment()} 3262 3266 */ 3263 public function wp_deleteComment( $args) {3267 public function wp_deleteComment( $args ) { 3264 3268 $this->escape($args); 3265 3269 … … 3268 3272 $comment_ID = (int) $args[3]; 3269 3273 3270 if ( !$user = $this->login($username, $password) ) 3271 return $this->error; 3272 3273 if ( !current_user_can( 'moderate_comments' ) ) 3274 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 3275 3276 if ( ! get_comment($comment_ID) ) 3274 if ( ! $user = $this->login( $username, $password ) ) { 3275 return $this->error; 3276 } 3277 3278 if ( ! get_comment( $comment_ID ) ) { 3277 3279 return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 3278 3279 if ( !current_user_can( 'edit_comment', $comment_ID ) ) 3280 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 3280 } 3281 3282 if ( !current_user_can( 'edit_comment', $comment_ID ) ) { 3283 return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); 3284 } 3281 3285 3282 3286 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ … … 3335 3339 $content_struct = $args[4]; 3336 3340 3337 if ( !$user = $this->login($username, $password) ) 3338 return $this->error; 3339 3340 if ( !current_user_can( 'moderate_comments' ) ) 3341 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 3342 3343 if ( ! get_comment($comment_ID) ) 3341 if ( !$user = $this->login( $username, $password ) ) { 3342 return $this->error; 3343 } 3344 3345 if ( ! get_comment( $comment_ID ) ) { 3344 3346 return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); 3345 3346 if ( !current_user_can( 'edit_comment', $comment_ID ) ) 3347 return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); 3347 } 3348 3349 if ( ! current_user_can( 'edit_comment', $comment_ID ) ) { 3350 return new IXR_Error( 403, __( 'You are not allowed to moderate or edit this comment.' ) ); 3351 } 3348 3352 3349 3353 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ … … 3537 3541 * @return array|IXR_Error 3538 3542 */ 3539 public function wp_getCommentStatusList( $args) {3543 public function wp_getCommentStatusList( $args ) { 3540 3544 $this->escape( $args ); 3541 3545 … … 3543 3547 $password = $args[2]; 3544 3548 3545 if ( !$user = $this->login($username, $password) ) 3546 return $this->error; 3547 3548 if ( !current_user_can( 'moderate_comments' ) ) 3549 if ( ! $user = $this->login( $username, $password ) ) { 3550 return $this->error; 3551 } 3552 3553 if ( ! current_user_can( 'publish_posts' ) ) { 3549 3554 return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); 3555 } 3550 3556 3551 3557 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ … … 3577 3583 $post_id = (int) $args[3]; 3578 3584 3579 if ( !$user = $this->login($username, $password) ) 3580 return $this->error; 3581 3582 if ( !current_user_can( 'edit_posts' ) ) 3583 return new IXR_Error( 403, __( 'You are not allowed access to details about comments.' ) ); 3585 if ( ! $user = $this->login( $username, $password ) ) { 3586 return $this->error; 3587 } 3588 3589 $post = get_post( $post_id, ARRAY_A ); 3590 if ( empty( $post['ID'] ) ) { 3591 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 3592 } 3593 3594 if ( ! current_user_can( 'edit_post', $post_id ) ) { 3595 return new IXR_Error( 403, __( 'You are not allowed access to details of this post.' ) ); 3596 } 3584 3597 3585 3598 /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ … … 3587 3600 3588 3601 $count = wp_count_comments( $post_id ); 3602 3589 3603 return array( 3590 3604 'approved' => $count->approved, -
trunk/tests/phpunit/tests/xmlrpc/wp/editComment.php
r34524 r34570 5 5 */ 6 6 class Tests_XMLRPC_wp_editComment extends WP_XMLRPC_UnitTestCase { 7 8 function test_author_can_edit_own_comment() { 9 $author_id = $this->make_user_by_role( 'author' ); 10 $post_id = $this->factory->post->create( array( 11 'post_title' => 'Post test by author', 12 'post_author' => $author_id 13 ) ); 14 15 $comment_id = wp_insert_comment(array( 16 'comment_post_ID' => $post_id, 17 'comment_author' => 'Commenter 1', 18 'comment_author_url' => "http://example.com/1/", 19 'comment_approved' => 1, 20 )); 21 22 $result = $this->myxmlrpcserver->wp_editComment( array( 1, 'author', 'author', $comment_id, array( 23 'status' => 'hold' 24 ) ) ); 25 $this->assertNotInstanceOf( 'IXR_Error', $result ); 26 $this->assertTrue( $result ); 27 } 28 29 function test_author_cannot_edit_others_comment() { 30 $this->make_user_by_role( 'author' ); 31 $editor_id = $this->make_user_by_role( 'editor' ); 32 $post_id = $this->factory->post->create( array( 33 'post_title' => 'Post test by editor', 34 'post_author' => $editor_id 35 ) ); 36 37 $comment_id = wp_insert_comment( array( 38 'comment_post_ID' => $post_id, 39 'comment_author' => 'Commenter 2', 40 'comment_author_url' => 'http://example.com/2/', 41 'comment_approved' => 0, 42 ) ); 43 44 $result = $this->myxmlrpcserver->wp_editComment( array( 1, 'author', 'author', $comment_id, array( 'status' => 'hold' ) ) ); 45 $this->assertInstanceOf( 'IXR_Error', $result ); 46 $this->assertEquals( 403, $result->code ); 47 $this->assertEquals( __( 'You are not allowed to moderate or edit this comment.' ), $result->message ); 48 } 49 7 50 function test_trash_comment() { 8 51 $this->make_user_by_role( 'administrator' ); -
trunk/tests/phpunit/tests/xmlrpc/wp/getComments.php
r25002 r34570 43 43 $this->make_user_by_role( 'editor' ); 44 44 45 $ filter =array(45 $results = $this->myxmlrpcserver->wp_getComments( array( 1, 'editor', 'editor', array( 46 46 'post_id' => $this->post_id 47 ); 48 $results = $this->myxmlrpcserver->wp_getComments( array( 1, 'editor', 'editor', $filter ) ); 47 ) ) ); 49 48 $this->assertNotInstanceOf( 'IXR_Error', $results ); 50 49 … … 57 56 $this->make_user_by_role( 'editor' ); 58 57 59 $ filter =array(58 $results = $this->myxmlrpcserver->wp_getComments( array( 1, 'editor', 'editor', array( 60 59 'post_id' => $this->post_id, 61 ); 62 $results = $this->myxmlrpcserver->wp_getComments( array( 1, 'editor', 'editor', $filter ) ); 60 ) ) ); 63 61 $this->assertNotInstanceOf( 'IXR_Error', $results ); 64 62 65 63 // if no 'number' filter is specified, default should be 10 66 $this->assertEquals( 10, count( $results ) ); 67 68 // explicitly set a 'number' filter and verify that only that many are returned 69 $filter['number'] = 5; 70 $results2 = $this->myxmlrpcserver->wp_getComments( array( 1, 'editor', 'editor', $filter ) ); 64 $this->assertCount( 10, $results ); 65 66 $results2 = $this->myxmlrpcserver->wp_getComments( array( 1, 'editor', 'editor', array( 67 'post_id' => $this->post_id, 68 'number' => 5 69 ) ) ); 71 70 $this->assertNotInstanceOf( 'IXR_Error', $results2 ); 72 $this->assertEquals( 5, count( $results2 ) ); 71 $this->assertCount( 5, $results2 ); 72 } 73 74 function test_contributor_capabilities() { 75 $this->make_user_by_role( 'contributor' ); 76 $author_id = $this->make_user_by_role( 'author' ); 77 $author_post_id = $this->factory->post->create( array( 78 'post_title' => 'Author', 79 'post_author' => $author_id, 80 'post_status' => 'publish' 81 ) ); 82 83 $this->factory->comment->create( array( 84 'comment_post_ID' => $author_post_id, 85 'comment_author' => "Commenter 1", 86 'comment_author_url' => "http://example.com/1/", 87 'comment_approved' => 0, 88 ) ); 89 90 $editor_id = $this->make_user_by_role( 'editor' ); 91 $editor_post_id = $this->factory->post->create( array( 92 'post_title' => 'Editor', 93 'post_author' => $editor_id, 94 'post_status' => 'publish' 95 ) ); 96 97 $this->factory->comment->create( array( 98 'comment_post_ID' => $editor_post_id, 99 'comment_author' => 'Commenter 2', 100 'comment_author_url' => 'http://example.com/2/', 101 'comment_approved' => 0, 102 ) ); 103 104 $result = $this->myxmlrpcserver->wp_getComments( array( 1, 'contributor', 'contributor' ) ); 105 $this->assertInstanceOf( 'IXR_Error', $result ); 106 $this->assertEquals( 401, $result->code ); 107 } 108 109 function test_author_capabilities() { 110 $author_id = $this->make_user_by_role( 'author' ); 111 $author_post_id = $this->factory->post->create( array( 112 'post_title' => 'Author', 113 'post_author' => $author_id, 114 'post_status' => 'publish' 115 ) ); 116 117 $this->factory->comment->create( array( 118 'comment_post_ID' => $author_post_id, 119 'comment_author' => 'Commenter 1', 120 'comment_author_url' => 'http://example.com/1/', 121 'comment_approved' => 1, 122 ) ); 123 124 $editor_id = $this->make_user_by_role( 'editor' ); 125 $editor_post_id = $this->factory->post->create( array( 126 'post_title' => 'Editor', 127 'post_author' => $editor_id, 128 'post_status' => 'publish' 129 ) ); 130 131 $this->factory->comment->create( array( 132 'comment_post_ID' => $editor_post_id, 133 'comment_author' => 'Commenter 2', 134 'comment_author_url' => 'http://example.com/2/', 135 'comment_approved' => 0, 136 ) ); 137 138 $result1 = $this->myxmlrpcserver->wp_getComments( array( 1, 'author', 'author', array( 139 'post_id' => $author_post_id 140 ) ) ); 141 $this->assertInstanceOf( 'IXR_Error', $result1 ); 142 143 $result2 = $this->myxmlrpcserver->wp_getComments( array( 1, 'author', 'author', array( 144 'status' => 'approve', 145 'post_id' => $author_post_id 146 ) ) ); 147 148 $this->assertInternalType( 'array', $result2 ); 149 $this->assertCount( 1, $result2 ); 150 151 $result3 = $this->myxmlrpcserver->wp_getComments( array( 1, 'author', 'author', array( 152 'post_id' => $editor_post_id 153 ) ) ); 154 $this->assertInstanceOf( 'IXR_Error', $result3 ); 155 156 $result4 = $this->myxmlrpcserver->wp_getComments( array( 1, 'author', 'author', array( 157 'status' => 'approve', 158 'post_id' => $author_post_id 159 ) ) ); 160 161 $this->assertInternalType( 'array', $result4 ); 162 $this->assertCount( 1, $result4 ); 163 } 164 165 function test_editor_capabilities() { 166 $author_id = $this->make_user_by_role( 'author' ); 167 $author_post_id = $this->factory->post->create( array( 168 'post_title' => 'Author', 169 'post_author' => $author_id, 170 'post_status' => 'publish' 171 ) ); 172 173 $this->factory->comment->create( array( 174 'comment_post_ID' => $author_post_id, 175 'comment_author' => 'Commenter 1', 176 'comment_author_url' => 'http://example.com/1/', 177 'comment_approved' => 1, 178 )); 179 180 $editor_id = $this->make_user_by_role( 'editor' ); 181 $editor_post_id = $this->factory->post->create( array( 182 'post_title' => 'Editor', 183 'post_author' => $editor_id, 184 'post_status' => 'publish' 185 ) ); 186 187 $this->factory->comment->create(array( 188 'comment_post_ID' => $editor_post_id, 189 'comment_author' => 'Commenter 2', 190 'comment_author_url' => 'http://example.com/2/', 191 'comment_approved' => 0, 192 )); 193 194 $result = $this->myxmlrpcserver->wp_getComments( array( 1, 'editor', 'editor', array( 195 'post_id' => $author_post_id 196 ) ) ); 197 $this->assertInternalType( 'array', $result ); 198 $this->assertCount( 1, $result ); 199 200 $result2 = $this->myxmlrpcserver->wp_getComments( array( 1, 'editor', 'editor', array( 201 'status' => 'approve', 202 'post_id' => $author_post_id 203 ) ) ); 204 205 $this->assertInternalType( 'array', $result2 ); 206 $this->assertCount( 1, $result2 ); 73 207 } 74 208 }
Note: See TracChangeset
for help on using the changeset viewer.