WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
09/27/2017 09:09:11 PM (7 years ago)
Author:
flixos90
Message:

Multisite: Initialize a user's roles correctly when setting them up for a different site.

While it has always been possible to initialize a user's roles and capabilities for another site than the current one in a multisite, the actual roles available were not switched prior to this change, possibly causing invalid roles to show up or actually valid capabilities not being available.

In order to fix this bug in a clean way, relevant parts of the WP_User class have been refactored. The ID of the site for which capabilities are currently initialized are now stored in a private property WP_User::$site_id. The WP_User::for_blog( $blog_id ) and WP_User::_init_caps( $cap_key ) methods have been deprecated in favor of WP_User::for_site( $site_id ). In addition, a new method WP_User::get_site_id() has been introduced to retrieve the site ID for which the user's capabilities are currently initialized.

Props ryanduff, jeremyfelt, flixos90.
Fixes #36961.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/tests/phpunit/tests/user/capabilities.php

    r41290 r41624  
    18491849        $this->assertFalse( user_can( self::$users['subscriber']->ID,    'remove_user', self::$users['subscriber']->ID ) );
    18501850    }
     1851
     1852    /**
     1853     * @ticket 36961
     1854     * @group ms-required
     1855     */
     1856    function test_init_user_caps_for_different_site() {
     1857        global $wpdb;
     1858
     1859        $site_id = self::factory()->blog->create( array( 'user_id' => self::$users['administrator']->ID ) );
     1860
     1861        switch_to_blog( $site_id );
     1862
     1863        $role_name = 'uploader';
     1864        add_role( $role_name, 'Uploader', array(
     1865            'read'         => true,
     1866            'upload_files' => true,
     1867        ) );
     1868        add_user_to_blog( $site_id, self::$users['subscriber']->ID, $role_name );
     1869
     1870        restore_current_blog();
     1871
     1872        $user = new WP_User( self::$users['subscriber']->ID, '', $site_id );
     1873        $this->assertTrue( $user->has_cap( 'upload_files' ) );
     1874    }
     1875
     1876    /**
     1877     * @ticket 36961
     1878     * @group ms-required
     1879     */
     1880    function test_init_user_caps_for_different_site_by_user_switch() {
     1881        global $wpdb;
     1882
     1883        $user = new WP_User( self::$users['subscriber']->ID );
     1884
     1885        $site_id = self::factory()->blog->create( array( 'user_id' => self::$users['administrator']->ID ) );
     1886
     1887        switch_to_blog( $site_id );
     1888
     1889        $role_name = 'uploader';
     1890        add_role( $role_name, 'Uploader', array(
     1891            'read'         => true,
     1892            'upload_files' => true,
     1893        ) );
     1894        add_user_to_blog( $site_id, self::$users['subscriber']->ID, $role_name );
     1895
     1896        restore_current_blog();
     1897
     1898        $user->for_site( $site_id );
     1899        $this->assertTrue( $user->has_cap( 'upload_files' ) );
     1900    }
     1901
     1902    /**
     1903     * @ticket 36961
     1904     */
     1905    function test_get_caps_data() {
     1906        global $wpdb;
     1907
     1908        $custom_caps = array(
     1909            'do_foo' => true,
     1910            'do_bar' => false,
     1911        );
     1912
     1913        // Test `WP_User::get_caps_data()` by manually setting capabilities metadata.
     1914        update_user_meta( self::$users['subscriber']->ID, $wpdb->get_blog_prefix( get_current_blog_id() ) . 'capabilities', $custom_caps );
     1915
     1916        $user = new WP_User( self::$users['subscriber']->ID );
     1917        $this->assertSame( $custom_caps, $user->caps );
     1918    }
     1919
     1920    /**
     1921     * @ticket 36961
     1922     */
     1923    function test_user_get_site_id_default() {
     1924        $user = new WP_User( self::$users['subscriber']->ID );
     1925        $this->assertSame( get_current_blog_id(), $user->get_site_id() );
     1926    }
     1927
     1928    /**
     1929     * @ticket 36961
     1930     */
     1931    function test_user_get_site_id() {
     1932        global $wpdb;
     1933
     1934        // Suppressing errors here allows to get around creating an actual site,
     1935        // which is unnecessary for this test.
     1936        $suppress = $wpdb->suppress_errors();
     1937        $user = new WP_User( self::$users['subscriber']->ID, '', 333 );
     1938        $wpdb->suppress_errors( $suppress );
     1939
     1940        $this->assertSame( 333, $user->get_site_id() );
     1941    }
    18511942}
Note: See TracChangeset for help on using the changeset viewer.