WordPress.org

Make WordPress Core


Ignore:
Timestamp:
08/26/2016 06:22:28 PM (3 years ago)
Author:
johnbillion
Message:

Role/Capability: Only users who can manage options should be able to trash/delete the page for posts or the front page, as they are the only users who can restore it or subsequently alter the "Front page displays" setting.

Fixes #37580
Props JakePT

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user/mapMetaCap.php

    r35242 r38378  
    256256
    257257    }
     258
     259    /**
     260     * Test deleting front page.
     261     *
     262     * @ticket 37580
     263     */
     264    function test_only_users_who_can_manage_options_can_delete_page_on_front() {
     265        $post_id = self::factory()->post->create( array(
     266            'post_type'   => 'page',
     267            'post_status' => 'publish',
     268        ) );
     269
     270        update_option( 'page_on_front', $post_id );
     271        $caps = map_meta_cap( 'delete_page', $this->user_id, $post_id );
     272        delete_option( 'page_on_front' );
     273
     274        $this->assertEquals( array( 'manage_options' ), $caps );
     275    }
     276
     277    /**
     278     * Test deleting posts page.
     279     *
     280     * @ticket 37580
     281     */
     282    function test_only_users_who_can_manage_options_can_delete_page_for_posts() {
     283        $post_id = self::factory()->post->create( array(
     284            'post_type'   => 'page',
     285            'post_status' => 'publish',
     286        ) );
     287
     288        update_option( 'page_for_posts', $post_id );
     289        $caps = map_meta_cap( 'delete_page', $this->user_id, $post_id );
     290        delete_option( 'page_for_posts' );
     291
     292        $this->assertEquals( array( 'manage_options' ), $caps );
     293    }
    258294}
Note: See TracChangeset for help on using the changeset viewer.