Changeset 39092
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
r39090 r39092 96 96 97 97 register_rest_route( $this->namespace, '/' . $this->rest_base . '/me', array( 98 'methods' => WP_REST_Server::READABLE, 99 'callback' => array( $this, 'get_current_item' ), 100 'args' => array( 101 'context' => array(), 98 array( 99 'methods' => WP_REST_Server::READABLE, 100 'callback' => array( $this, 'get_current_item' ), 101 'args' => array( 102 'context' => array(), 103 ), 104 ), 105 array( 106 'methods' => WP_REST_Server::EDITABLE, 107 'callback' => array( $this, 'update_current_item' ), 108 'permission_callback' => array( $this, 'update_current_item_permissions_check' ), 109 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 110 ), 111 array( 112 'methods' => WP_REST_Server::DELETABLE, 113 'callback' => array( $this, 'delete_current_item' ), 114 'permission_callback' => array( $this, 'delete_current_item_permissions_check' ), 115 'args' => array( 116 'force' => array( 117 'default' => false, 118 'description' => __( 'Required to be true, as resource does not support trashing.' ), 119 ), 120 'reassign' => array(), 121 ), 102 122 ), 103 123 'schema' => array( $this, 'get_public_item_schema' ), … … 569 589 570 590 /** 591 * Checks if a given request has access to update the current user. 592 * 593 * @since 4.7.0 594 * @access public 595 * 596 * @param WP_REST_Request $request Full details about the request. 597 * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. 598 */ 599 public function update_current_item_permissions_check( $request ) { 600 $request['id'] = get_current_user_id(); 601 602 return $this->update_item_permissions_check( $request ); 603 } 604 605 /** 606 * Updates the current user. 607 * 608 * @since 4.7.0 609 * @access public 610 * 611 * @param WP_REST_Request $request Full details about the request. 612 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 613 */ 614 function update_current_item( $request ) { 615 $request['id'] = get_current_user_id(); 616 617 return $this->update_item( $request ); 618 } 619 620 /** 571 621 * Checks if a given request has access delete a user. 572 622 * … … 644 694 645 695 return $response; 696 } 697 698 /** 699 * Checks if a given request has access to delete the current user. 700 * 701 * @since 4.7.0 702 * @access public 703 * 704 * @param WP_REST_Request $request Full details about the request. 705 * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. 706 */ 707 public function delete_current_item_permissions_check( $request ) { 708 $request['id'] = get_current_user_id(); 709 710 return $this->delete_item_permissions_check( $request ); 711 } 712 713 /** 714 * Deletes the current user. 715 * 716 * @since 4.7.0 717 * @access public 718 * 719 * @param WP_REST_Request $request Full details about the request. 720 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 721 */ 722 function delete_current_item( $request ) { 723 $request['id'] = get_current_user_id(); 724 725 return $this->delete_item( $request ); 646 726 } 647 727 -
trunk/tests/phpunit/tests/rest-api/rest-users-controller.php
r39090 r39092 957 957 $this->assertArrayHasKey( 'editor', $user->caps ); 958 958 $this->assertArrayNotHasKey( 'administrator', $user->caps ); 959 960 $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' ); 961 $request->set_param( 'roles', array( 'administrator' ) ); 962 $response = $this->server->dispatch( $request ); 963 964 $this->assertErrorResponse( 'rest_cannot_edit_roles', $response, 403 ); 965 $user = get_userdata( self::$editor ); 966 $this->assertArrayHasKey( 'editor', $user->caps ); 967 $this->assertArrayNotHasKey( 'administrator', $user->caps ); 959 968 } 960 969 … … 977 986 $this->assertArrayHasKey( 'administrator', $user->caps ); 978 987 $this->assertArrayNotHasKey( 'editor', $user->caps ); 988 989 $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' ); 990 $request->set_param( 'roles', array( 'editor' ) ); 991 $response = $this->server->dispatch( $request ); 992 993 $this->assertErrorResponse( 'rest_user_invalid_role', $response, 403 ); 994 995 $user = get_userdata( $user_id ); 996 $this->assertArrayHasKey( 'administrator', $user->caps ); 997 $this->assertArrayNotHasKey( 'editor', $user->caps ); 979 998 } 980 999 … … 997 1016 $this->assertEquals( 'editor', $new_data['roles'][0] ); 998 1017 $this->assertNotEquals( 'administrator', $new_data['roles'][0] ); 1018 1019 $user_id = $this->factory->user->create( array( 'role' => 'administrator' ) ); 1020 1021 wp_set_current_user( $user_id ); 1022 $user = wp_get_current_user(); 1023 update_site_option( 'site_admins', array( $user->user_login ) ); 1024 1025 $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' ); 1026 $request->set_param( 'roles', array( 'editor' ) ); 1027 $response = $this->server->dispatch( $request ); 1028 1029 $new_data = $response->get_data(); 1030 $this->assertEquals( 'editor', $new_data['roles'][0] ); 1031 $this->assertNotEquals( 'administrator', $new_data['roles'][0] ); 999 1032 } 1000 1033 … … 1005 1038 1006 1039 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', self::$editor ) ); 1040 $request->set_param( 'roles', array( 'BeSharp' ) ); 1041 $response = $this->server->dispatch( $request ); 1042 1043 $this->assertErrorResponse( 'rest_user_invalid_role', $response, 400 ); 1044 1045 $user = get_userdata( self::$editor ); 1046 $this->assertArrayHasKey( 'editor', $user->caps ); 1047 $this->assertArrayNotHasKey( 'BeSharp', $user->caps ); 1048 1049 $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' ); 1007 1050 $request->set_param( 'roles', array( 'BeSharp' ) ); 1008 1051 $response = $this->server->dispatch( $request ); … … 1030 1073 1031 1074 $this->assertErrorResponse( 'rest_cannot_edit', $response, 403 ); 1075 1076 $request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' ); 1077 $request->add_header( 'content-type', 'application/x-www-form-urlencoded' ); 1078 $request->set_body_params( $params ); 1079 $response = $this->server->dispatch( $request ); 1080 1081 $this->assertErrorResponse( 'rest_user_invalid_argument', $response, 400 ); 1032 1082 } 1033 1083 … … 1067 1117 } 1068 1118 1119 public function test_delete_current_item() { 1120 $user_id = $this->factory->user->create( array( 'role' => 'administrator', 'display_name' => 'Deleted User' ) ); 1121 1122 wp_set_current_user( $user_id ); 1123 $user = wp_get_current_user(); 1124 update_site_option( 'site_admins', array( $user->user_login ) ); 1125 1126 $request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' ); 1127 $request['force'] = true; 1128 $response = $this->server->dispatch( $request ); 1129 1130 $this->assertEquals( 200, $response->get_status() ); 1131 $data = $response->get_data(); 1132 $this->assertEquals( 'Deleted User', $data['name'] ); 1133 } 1134 1069 1135 public function test_delete_item_no_trash() { 1070 1136 $user_id = $this->factory->user->create( array( 'display_name' => 'Deleted User' ) ); … … 1083 1149 } 1084 1150 1151 public function test_delete_current_item_no_trash() { 1152 $user_id = $this->factory->user->create( array( 'role' => 'administrator' ) ); 1153 1154 wp_set_current_user( $user_id ); 1155 $user = wp_get_current_user(); 1156 update_site_option( 'site_admins', array( $user->user_login ) ); 1157 1158 $userdata = get_userdata( $user_id ); // cache for later 1159 $request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' ); 1160 $response = $this->server->dispatch( $request ); 1161 $this->assertErrorResponse( 'rest_trash_not_supported', $response, 501 ); 1162 1163 // Ensure the user still exists 1164 $user = get_user_by( 'id', $user_id ); 1165 $this->assertNotEmpty( $user ); 1166 } 1167 1085 1168 public function test_delete_user_without_permission() { 1086 1169 $user_id = $this->factory->user->create(); … … 1090 1173 1091 1174 $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) ); 1175 $request['force'] = true; 1176 $response = $this->server->dispatch( $request ); 1177 1178 $this->assertErrorResponse( 'rest_user_cannot_delete', $response, 403 ); 1179 1180 $request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' ); 1092 1181 $request['force'] = true; 1093 1182 $response = $this->server->dispatch( $request );
Note: See TracChangeset
for help on using the changeset viewer.