Make WordPress Core


Ignore:
Timestamp:
12/02/2016 06:58:36 AM (8 years ago)
Author:
pento
Message:

REST API: Require the reassign parameter when deleting users.

When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.

This change requires reassign as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.

Merges [39426] to the 4.7 branch.

Props jeremyfelt.
Fixes #39000.

Location:
branches/4.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.7

  • branches/4.7/tests/phpunit/tests/rest-api/rest-users-controller.php

    r39372 r39427  
    16401640        $userdata = get_userdata( $user_id ); // cache for later
    16411641        $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
    1642         $request['force'] = true;
     1642        $request->set_param( 'force', true );
     1643        $request->set_param( 'reassign', false );
    16431644        $response = $this->server->dispatch( $request );
    16441645
     
    16581659
    16591660        $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
     1661        $request->set_param( 'reassign', false );
    16601662        $response = $this->server->dispatch( $request );
    16611663        $this->assertErrorResponse( 'rest_trash_not_supported', $response, 501 );
     
    16791681        $request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
    16801682        $request['force'] = true;
     1683        $request->set_param( 'reassign', false );
    16811684        $response = $this->server->dispatch( $request );
    16821685
     
    16951698
    16961699        $request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
     1700        $request->set_param( 'reassign', false );
    16971701        $response = $this->server->dispatch( $request );
    16981702        $this->assertErrorResponse( 'rest_trash_not_supported', $response, 501 );
     
    17151719        $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
    17161720        $request['force'] = true;
     1721        $request->set_param( 'reassign', false );
    17171722        $response = $this->server->dispatch( $request );
    17181723
     
    17211726        $request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
    17221727        $request['force'] = true;
     1728        $request->set_param( 'reassign', false );
    17231729        $response = $this->server->dispatch( $request );
    17241730
     
    17321738        $request = new WP_REST_Request( 'DELETE', '/wp/v2/users/100' );
    17331739        $request['force'] = true;
     1740        $request->set_param( 'reassign', false );
    17341741        $response = $this->server->dispatch( $request );
    17351742
     
    17771784
    17781785        $this->assertErrorResponse( 'rest_user_invalid_reassign', $response, 400 );
     1786    }
     1787
     1788    public function test_delete_user_invalid_reassign_passed_as_string() {
     1789        $user_id = $this->factory->user->create();
     1790
     1791        $this->allow_user_to_manage_multisite();
     1792        wp_set_current_user( self::$user );
     1793
     1794        $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
     1795        $request['force'] = true;
     1796        $request->set_param( 'reassign', 'null' );
     1797        $response = $this->server->dispatch( $request );
     1798
     1799        $this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
     1800    }
     1801
     1802    public function test_delete_user_reassign_passed_as_boolean_false_trashes_post() {
     1803        $user_id = $this->factory->user->create();
     1804
     1805        $this->allow_user_to_manage_multisite();
     1806        wp_set_current_user( self::$user );
     1807
     1808        $test_post = $this->factory->post->create(array(
     1809            'post_author' => $user_id,
     1810        ));
     1811
     1812        $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
     1813        $request['force'] = true;
     1814        $request->set_param( 'reassign', false );
     1815        $this->server->dispatch( $request );
     1816
     1817        $test_post = get_post( $test_post );
     1818        $this->assertEquals( 'trash', $test_post->post_status );
     1819    }
     1820
     1821    public function test_delete_user_reassign_passed_as_string_false_trashes_post() {
     1822        $user_id = $this->factory->user->create();
     1823
     1824        $this->allow_user_to_manage_multisite();
     1825        wp_set_current_user( self::$user );
     1826
     1827        $test_post = $this->factory->post->create(array(
     1828            'post_author' => $user_id,
     1829        ));
     1830
     1831        $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
     1832        $request['force'] = true;
     1833        $request->set_param( 'reassign', 'false' );
     1834        $this->server->dispatch( $request );
     1835
     1836        $test_post = get_post( $test_post );
     1837        $this->assertEquals( 'trash', $test_post->post_status );
     1838    }
     1839
     1840    public function test_delete_user_reassign_passed_as_empty_string_trashes_post() {
     1841        $user_id = $this->factory->user->create();
     1842
     1843        $this->allow_user_to_manage_multisite();
     1844        wp_set_current_user( self::$user );
     1845
     1846        $test_post = $this->factory->post->create(array(
     1847            'post_author' => $user_id,
     1848        ));
     1849
     1850        $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
     1851        $request['force'] = true;
     1852        $request->set_param( 'reassign', '' );
     1853        $this->server->dispatch( $request );
     1854
     1855        $test_post = get_post( $test_post );
     1856        $this->assertEquals( 'trash', $test_post->post_status );
     1857    }
     1858
     1859    public function test_delete_user_reassign_passed_as_0_reassigns_author() {
     1860        $user_id = $this->factory->user->create();
     1861
     1862        $this->allow_user_to_manage_multisite();
     1863        wp_set_current_user( self::$user );
     1864
     1865        $test_post = $this->factory->post->create(array(
     1866            'post_author' => $user_id,
     1867        ));
     1868
     1869        $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
     1870        $request['force'] = true;
     1871        $request->set_param( 'reassign', 0 );
     1872        $this->server->dispatch( $request );
     1873
     1874        $test_post = get_post( $test_post );
     1875        $this->assertEquals( 0, $test_post->post_author );
    17791876    }
    17801877
Note: See TracChangeset for help on using the changeset viewer.