WordPress.org

Make WordPress Core

Changeset 39092


Ignore:
Timestamp:
11/02/2016 06:52:30 AM (5 years ago)
Author:
rmccue
Message:

REST API: Add update and delete endpoints to /users/me

Now that /users/me is a standalone resource, it should have all the standard endpoints for a resource.

Props pento.
Fixes #38521 (hopefully).

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

    r39090 r39092  
    9696
    9797        register_rest_route( $this->namespace, '/' . $this->rest_base . '/me', array(
    98             'methods'  => WP_REST_Server::READABLE,
    99             'callback' => array( $this, 'get_current_item' ),
    100             'args'     => array(
    101                 'context' => array(),
     98            array(
     99                'methods'             => WP_REST_Server::READABLE,
     100                'callback'            => array( $this, 'get_current_item' ),
     101                'args'                => array(
     102                    'context'          => array(),
     103                ),
     104            ),
     105            array(
     106                'methods'             => WP_REST_Server::EDITABLE,
     107                'callback'            => array( $this, 'update_current_item' ),
     108                'permission_callback' => array( $this, 'update_current_item_permissions_check' ),
     109                'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
     110            ),
     111            array(
     112                'methods'             => WP_REST_Server::DELETABLE,
     113                'callback'            => array( $this, 'delete_current_item' ),
     114                'permission_callback' => array( $this, 'delete_current_item_permissions_check' ),
     115                'args'                => array(
     116                    'force'    => array(
     117                        'default'     => false,
     118                        'description' => __( 'Required to be true, as resource does not support trashing.' ),
     119                    ),
     120                    'reassign' => array(),
     121                ),
    102122            ),
    103123            'schema' => array( $this, 'get_public_item_schema' ),
     
    569589
    570590    /**
     591     * Checks if a given request has access to update the current user.
     592     *
     593     * @since 4.7.0
     594     * @access public
     595     *
     596     * @param WP_REST_Request $request Full details about the request.
     597     * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
     598     */
     599    public function update_current_item_permissions_check( $request ) {
     600        $request['id'] = get_current_user_id();
     601
     602        return $this->update_item_permissions_check( $request );
     603    }
     604
     605    /**
     606     * Updates the current user.
     607     *
     608     * @since 4.7.0
     609     * @access public
     610     *
     611     * @param WP_REST_Request $request Full details about the request.
     612     * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
     613     */
     614    function update_current_item( $request ) {
     615        $request['id'] = get_current_user_id();
     616
     617        return $this->update_item( $request );
     618    }
     619
     620    /**
    571621     * Checks if a given request has access delete a user.
    572622     *
     
    644694
    645695        return $response;
     696    }
     697
     698    /**
     699     * Checks if a given request has access to delete the current user.
     700     *
     701     * @since 4.7.0
     702     * @access public
     703     *
     704     * @param WP_REST_Request $request Full details about the request.
     705     * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
     706     */
     707    public function delete_current_item_permissions_check( $request ) {
     708        $request['id'] = get_current_user_id();
     709
     710        return $this->delete_item_permissions_check( $request );
     711    }
     712
     713    /**
     714     * Deletes the current user.
     715     *
     716     * @since 4.7.0
     717     * @access public
     718     *
     719     * @param WP_REST_Request $request Full details about the request.
     720     * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
     721     */
     722    function delete_current_item( $request ) {
     723        $request['id'] = get_current_user_id();
     724
     725        return $this->delete_item( $request );
    646726    }
    647727
  • trunk/tests/phpunit/tests/rest-api/rest-users-controller.php

    r39090 r39092  
    957957        $this->assertArrayHasKey( 'editor', $user->caps );
    958958        $this->assertArrayNotHasKey( 'administrator', $user->caps );
     959
     960        $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' );
     961        $request->set_param( 'roles', array( 'administrator' ) );
     962        $response = $this->server->dispatch( $request );
     963
     964        $this->assertErrorResponse( 'rest_cannot_edit_roles', $response, 403 );
     965        $user = get_userdata( self::$editor );
     966        $this->assertArrayHasKey( 'editor', $user->caps );
     967        $this->assertArrayNotHasKey( 'administrator', $user->caps );
    959968    }
    960969
     
    977986        $this->assertArrayHasKey( 'administrator', $user->caps );
    978987        $this->assertArrayNotHasKey( 'editor', $user->caps );
     988
     989        $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' );
     990        $request->set_param( 'roles', array( 'editor' ) );
     991        $response = $this->server->dispatch( $request );
     992
     993        $this->assertErrorResponse( 'rest_user_invalid_role', $response, 403 );
     994
     995        $user = get_userdata( $user_id );
     996        $this->assertArrayHasKey( 'administrator', $user->caps );
     997        $this->assertArrayNotHasKey( 'editor', $user->caps );
    979998    }
    980999
     
    9971016        $this->assertEquals( 'editor', $new_data['roles'][0] );
    9981017        $this->assertNotEquals( 'administrator', $new_data['roles'][0] );
     1018
     1019        $user_id = $this->factory->user->create( array( 'role' => 'administrator' ) );
     1020
     1021        wp_set_current_user( $user_id );
     1022        $user = wp_get_current_user();
     1023        update_site_option( 'site_admins', array( $user->user_login ) );
     1024
     1025        $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' );
     1026        $request->set_param( 'roles', array( 'editor' ) );
     1027        $response = $this->server->dispatch( $request );
     1028
     1029        $new_data = $response->get_data();
     1030        $this->assertEquals( 'editor', $new_data['roles'][0] );
     1031        $this->assertNotEquals( 'administrator', $new_data['roles'][0] );
    9991032    }
    10001033
     
    10051038
    10061039        $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', self::$editor ) );
     1040        $request->set_param( 'roles', array( 'BeSharp' ) );
     1041        $response = $this->server->dispatch( $request );
     1042
     1043        $this->assertErrorResponse( 'rest_user_invalid_role', $response, 400 );
     1044
     1045        $user = get_userdata( self::$editor );
     1046        $this->assertArrayHasKey( 'editor', $user->caps );
     1047        $this->assertArrayNotHasKey( 'BeSharp', $user->caps );
     1048
     1049        $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' );
    10071050        $request->set_param( 'roles', array( 'BeSharp' ) );
    10081051        $response = $this->server->dispatch( $request );
     
    10301073
    10311074        $this->assertErrorResponse( 'rest_cannot_edit', $response, 403 );
     1075
     1076        $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' );
     1077        $request->add_header( 'content-type', 'application/x-www-form-urlencoded' );
     1078        $request->set_body_params( $params );
     1079        $response = $this->server->dispatch( $request );
     1080
     1081        $this->assertErrorResponse( 'rest_user_invalid_argument', $response, 400 );
    10321082    }
    10331083
     
    10671117    }
    10681118
     1119    public function test_delete_current_item() {
     1120        $user_id = $this->factory->user->create( array( 'role' => 'administrator', 'display_name' => 'Deleted User' ) );
     1121
     1122        wp_set_current_user( $user_id );
     1123        $user = wp_get_current_user();
     1124        update_site_option( 'site_admins', array( $user->user_login ) );
     1125
     1126        $request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
     1127        $request['force'] = true;
     1128        $response = $this->server->dispatch( $request );
     1129
     1130        $this->assertEquals( 200, $response->get_status() );
     1131        $data = $response->get_data();
     1132        $this->assertEquals( 'Deleted User', $data['name'] );
     1133    }
     1134
    10691135    public function test_delete_item_no_trash() {
    10701136        $user_id = $this->factory->user->create( array( 'display_name' => 'Deleted User' ) );
     
    10831149    }
    10841150
     1151    public function test_delete_current_item_no_trash() {
     1152        $user_id = $this->factory->user->create( array( 'role' => 'administrator' ) );
     1153
     1154        wp_set_current_user( $user_id );
     1155        $user = wp_get_current_user();
     1156        update_site_option( 'site_admins', array( $user->user_login ) );
     1157
     1158        $userdata = get_userdata( $user_id ); // cache for later
     1159        $request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
     1160        $response = $this->server->dispatch( $request );
     1161        $this->assertErrorResponse( 'rest_trash_not_supported', $response, 501 );
     1162
     1163        // Ensure the user still exists
     1164        $user = get_user_by( 'id', $user_id );
     1165        $this->assertNotEmpty( $user );
     1166    }
     1167
    10851168    public function test_delete_user_without_permission() {
    10861169        $user_id = $this->factory->user->create();
     
    10901173
    10911174        $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
     1175        $request['force'] = true;
     1176        $response = $this->server->dispatch( $request );
     1177
     1178        $this->assertErrorResponse( 'rest_user_cannot_delete', $response, 403 );
     1179
     1180        $request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
    10921181        $request['force'] = true;
    10931182        $response = $this->server->dispatch( $request );
Note: See TracChangeset for help on using the changeset viewer.