Make WordPress Core

Changeset 39438


Ignore:
Timestamp:
12/02/2016 10:10:01 PM (8 years ago)
Author:
jeremyfelt
Message:

REST API: Disable DELETE requests for users in multisite.

In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.

Until support for a PUT request that removes a user's site and content associations is available, DELETE requests are disabled to avoid possible issues with lost content.

Props jnylen0, rachelbaker.
Fixes #38962.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

    r39426 r39438  
    702702     */
    703703    public function delete_item( $request ) {
     704        // We don't support delete requests in multisite.
     705        if ( is_multisite() ) {
     706            return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) );
     707        }
     708
    704709        $id       = (int) $request['id'];
    705710        $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] );
  • trunk/tests/phpunit/tests/rest-api/rest-users-controller.php

    r39426 r39438  
    16441644        $response = $this->server->dispatch( $request );
    16451645
     1646        // Not implemented in multisite.
     1647        if ( is_multisite() ) {
     1648            $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
     1649            return;
     1650        }
     1651
    16461652        $this->assertEquals( 200, $response->get_status() );
    16471653        $data = $response->get_data();
     
    16611667        $request->set_param( 'reassign', false );
    16621668        $response = $this->server->dispatch( $request );
     1669
     1670        // Not implemented in multisite.
     1671        if ( is_multisite() ) {
     1672            $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
     1673            return;
     1674        }
     1675
    16631676        $this->assertErrorResponse( 'rest_trash_not_supported', $response, 501 );
    16641677
     
    16841697        $response = $this->server->dispatch( $request );
    16851698
     1699        // Not implemented in multisite.
     1700        if ( is_multisite() ) {
     1701            $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
     1702            return;
     1703        }
     1704
    16861705        $this->assertEquals( 200, $response->get_status() );
    16871706        $data = $response->get_data();
     
    17001719        $request->set_param( 'reassign', false );
    17011720        $response = $this->server->dispatch( $request );
     1721
     1722        // Not implemented in multisite.
     1723        if ( is_multisite() ) {
     1724            $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
     1725            return;
     1726        }
     1727
    17021728        $this->assertErrorResponse( 'rest_trash_not_supported', $response, 501 );
    17031729
     
    17401766        $request->set_param( 'reassign', false );
    17411767        $response = $this->server->dispatch( $request );
     1768
     1769        // Not implemented in multisite.
     1770        if ( is_multisite() ) {
     1771            $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
     1772            return;
     1773        }
    17421774
    17431775        $this->assertErrorResponse( 'rest_user_invalid_id', $response, 404 );
     
    17651797        $response = $this->server->dispatch( $request );
    17661798
     1799        // Not implemented in multisite.
     1800        if ( is_multisite() ) {
     1801            $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
     1802            return;
     1803        }
     1804
    17671805        $this->assertEquals( 200, $response->get_status() );
    17681806
     
    17831821        $response = $this->server->dispatch( $request );
    17841822
     1823        // Not implemented in multisite.
     1824        if ( is_multisite() ) {
     1825            $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
     1826            return;
     1827        }
     1828
    17851829        $this->assertErrorResponse( 'rest_user_invalid_reassign', $response, 400 );
    17861830    }
     
    18131857        $request['force'] = true;
    18141858        $request->set_param( 'reassign', false );
    1815         $this->server->dispatch( $request );
     1859        $response = $this->server->dispatch( $request );
     1860
     1861        // Not implemented in multisite.
     1862        if ( is_multisite() ) {
     1863            $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
     1864            return;
     1865        }
    18161866
    18171867        $test_post = get_post( $test_post );
     
    18321882        $request['force'] = true;
    18331883        $request->set_param( 'reassign', 'false' );
    1834         $this->server->dispatch( $request );
     1884        $response = $this->server->dispatch( $request );
     1885
     1886        // Not implemented in multisite.
     1887        if ( is_multisite() ) {
     1888            $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
     1889            return;
     1890        }
    18351891
    18361892        $test_post = get_post( $test_post );
     
    18511907        $request['force'] = true;
    18521908        $request->set_param( 'reassign', '' );
    1853         $this->server->dispatch( $request );
     1909        $response = $this->server->dispatch( $request );
     1910
     1911        // Not implemented in multisite.
     1912        if ( is_multisite() ) {
     1913            $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
     1914            return;
     1915        }
    18541916
    18551917        $test_post = get_post( $test_post );
     
    18701932        $request['force'] = true;
    18711933        $request->set_param( 'reassign', 0 );
    1872         $this->server->dispatch( $request );
     1934        $response = $this->server->dispatch( $request );
     1935
     1936        // Not implemented in multisite.
     1937        if ( is_multisite() ) {
     1938            $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );
     1939            return;
     1940        }
    18731941
    18741942        $test_post = get_post( $test_post );
Note: See TracChangeset for help on using the changeset viewer.