Changeset 39295
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
r39292 r39295 1455 1455 protected function check_read_post_permission( $post ) { 1456 1456 $posts_controller = new WP_REST_Posts_Controller( $post->post_type ); 1457 $post_type = get_post_type_object( $post->post_type ); 1458 1459 if ( post_password_required( $post ) ) { 1460 return current_user_can( $post_type->cap->edit_post, $post->ID ); 1461 } 1457 1462 1458 1463 return $posts_controller->check_read_permission( $post ); -
trunk/tests/phpunit/tests/rest-api/rest-comments-controller.php
r39292 r39295 18 18 19 19 protected static $post_id; 20 protected static $password_id; 20 21 protected static $private_id; 21 22 protected static $draft_id; … … 53 54 'post_status' => 'private', 54 55 ) ); 56 self::$password_id = $factory->post->create( array( 57 'post_password' => 'toomanysecrets', 58 ) ); 55 59 self::$draft_id = $factory->post->create( array( 56 60 'post_status' => 'draft', … … 79 83 wp_delete_post( self::$post_id, true ); 80 84 wp_delete_post( self::$private_id, true ); 85 wp_delete_post( self::$password_id, true ); 81 86 wp_delete_post( self::$draft_id, true ); 82 87 wp_delete_post( self::$trash_id, true ); … … 163 168 } 164 169 170 public function test_get_password_items_without_edit_post_permission() { 171 wp_set_current_user( 0 ); 172 173 $args = array( 174 'comment_approved' => 1, 175 'comment_post_ID' => self::$password_id, 176 ); 177 $password_comment = $this->factory->comment->create( $args ); 178 179 $request = new WP_REST_Request( 'GET', '/wp/v2/comments' ); 180 181 $response = $this->server->dispatch( $request ); 182 $this->assertEquals( 200, $response->get_status() ); 183 184 $collection_data = $response->get_data(); 185 $this->assertFalse( in_array( $password_comment, wp_list_pluck( $collection_data, 'id' ), true ) ); 186 } 187 188 public function test_get_password_items_with_edit_post_permission() { 189 wp_set_current_user( self::$admin_id ); 190 191 $args = array( 192 'comment_approved' => 1, 193 'comment_post_ID' => self::$password_id, 194 ); 195 $password_comment = $this->factory->comment->create( $args ); 196 197 $request = new WP_REST_Request( 'GET', '/wp/v2/comments' ); 198 199 $response = $this->server->dispatch( $request ); 200 $this->assertEquals( 200, $response->get_status() ); 201 202 $collection_data = $response->get_data(); 203 $this->assertTrue( in_array( $password_comment, wp_list_pluck( $collection_data, 'id' ), true ) ); 204 } 205 165 206 public function test_get_items_without_private_post_permission() { 166 207 wp_set_current_user( 0 ); … … 801 842 } 802 843 844 public function test_get_comment_with_password_without_edit_post_permission() { 845 wp_set_current_user( 0 ); 846 $args = array( 847 'comment_approved' => 1, 848 'comment_post_ID' => self::$password_id, 849 ); 850 $password_comment = $this->factory->comment->create( $args ); 851 $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/comments/%s', $password_comment ) ); 852 $response = $this->server->dispatch( $request ); 853 $this->assertErrorResponse( 'rest_cannot_read', $response, 401 ); 854 } 855 803 856 public function test_create_item() { 804 857 wp_set_current_user( 0 ); … … 1370 1423 $response = $this->server->dispatch( $request ); 1371 1424 1425 $this->assertErrorResponse( 'rest_cannot_read_post', $response, 403 ); 1426 } 1427 1428 public function test_create_comment_password_post_invalid_permission() { 1429 wp_set_current_user( self::$subscriber_id ); 1430 1431 $params = array( 1432 'post' => self::$password_id, 1433 'author_name' => 'Homer Jay Simpson', 1434 'author_email' => 'chunkylover53@aol.com', 1435 'author_url' => 'http://compuglobalhypermeganet.com', 1436 'content' => 'I\’d be a vegetarian if bacon grew on trees.', 1437 'author' => self::$subscriber_id, 1438 ); 1439 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1440 $request->add_header( 'content-type', 'application/json' ); 1441 $request->set_body( wp_json_encode( $params ) ); 1442 1443 $response = $this->server->dispatch( $request ); 1372 1444 $this->assertErrorResponse( 'rest_cannot_read_post', $response, 403 ); 1373 1445 }
Note: See TracChangeset
for help on using the changeset viewer.