Changeset 35747 for trunk/tests/phpunit/tests/user/capabilities.php

Timestamp:

11/29/2015 02:24:15 AM (10 years ago)

Author:

johnbillion

Message:

When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it.

Fixes #33694

File:

• trunk/tests/phpunit/tests/user/capabilities.php (modified) (1 diff)

trunk/tests/phpunit/tests/user/capabilities.php

@@ -982 +982 @@
     }
 
+    /**
+     * @ticket 33694
+     */
+    function test_contributor_cannot_edit_scheduled_post() {
+
+        // Add a contributor
+        $contributor = $this->factory->user->create_and_get( array(
+            'role' => 'contributor',
+        ) );
+
+        // Give them a scheduled post
+        $post = $this->factory->post->create_and_get( array(
+            'post_author' => $contributor->ID,
+            'post_status' => 'future',
+        ) );
+
+        // Ensure contributor can't edit or trash the post
+        $this->assertFalse( user_can( $contributor->ID, 'edit_post', $post->ID ) );
+        $this->assertFalse( user_can( $contributor->ID, 'delete_post', $post->ID ) );
+
+        // Test the tests
+        $this->assertTrue( defined( 'EMPTY_TRASH_DAYS' ) );
+        $this->assertNotEmpty( EMPTY_TRASH_DAYS );
+
+        // Trash it
+        $trashed = wp_trash_post( $post->ID );
+        $this->assertNotEmpty( $trashed );
+
+        // Ensure contributor can't edit, un-trash, or delete the post
+        $this->assertFalse( user_can( $contributor->ID, 'edit_post', $post->ID ) );
+        $this->assertFalse( user_can( $contributor->ID, 'delete_post', $post->ID ) );
+
+    }
+
     function test_multisite_administrator_with_manage_network_users_can_edit_users() {
         if ( ! is_multisite() ) {