Changeset 42380
- Timestamp:
- 12/09/2017 10:50:13 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/post.php
r42343 r42380 3305 3305 } 3306 3306 3307 // Don't allow contributors to set the post slug for pending review posts. 3308 if ( 'pending' == $post_status && ! current_user_can( 'publish_posts' ) ) { 3307 /* 3308 * Don't allow contributors to set the post slug for pending review posts. 3309 * 3310 * For new posts check the primitive capability, for updates check the meta capability. 3311 */ 3312 $post_type_object = get_post_type_object( $post_type ); 3313 3314 if ( ! $update && 'pending' === $post_status && ! current_user_can( $post_type_object->cap->publish_posts ) ) { 3315 $post_name = ''; 3316 } elseif ( $update && 'pending' === $post_status && ! current_user_can( 'publish_post', $post_ID ) ) { 3309 3317 $post_name = ''; 3310 3318 } -
trunk/tests/phpunit/tests/post/wpInsertPost.php
r42343 r42380 6 6 class Tests_WPInsertPost extends WP_UnitTestCase { 7 7 8 protected static $user_ids = array( 9 'administrator' => null, 10 'contributor' => null, 11 ); 12 13 static function wpSetUpBeforeClass( $factory ) { 14 self::$user_ids = array( 15 'administrator' => $factory->user->create( array( 16 'role' => 'administrator', 17 ) ), 18 'contributor' => $factory->user->create( array( 19 'role' => 'contributor', 20 ) ), 21 ); 22 23 $role = get_role( 'administrator' ); 24 $role->add_cap( 'publish_mapped_meta_caps' ); 25 $role->add_cap( 'publish_unmapped_meta_caps' ); 26 } 27 28 static function tearDownAfterClass() { 29 $role = get_role( 'administrator' ); 30 $role->remove_cap( 'publish_mapped_meta_caps' ); 31 $role->remove_cap( 'publish_unmapped_meta_caps' ); 32 33 parent::tearDownAfterClass(); 34 } 35 36 function setUp() { 37 parent::setUp(); 38 39 register_post_type( 'mapped_meta_caps', array( 40 'capability_type' => array( 'mapped_meta_cap', 'mapped_meta_caps' ), 41 'map_meta_cap' => true, 42 ) ); 43 44 register_post_type( 'unmapped_meta_caps', array( 45 'capability_type' => array( 'unmapped_meta_cap', 'unmapped_meta_caps' ), 46 'map_meta_cap' => false, 47 ) ); 48 49 register_post_type( 'no_admin_caps', array( 50 'capability_type' => array( 'no_admin_cap', 'no_admin_caps' ), 51 'map_meta_cap' => false, 52 ) ); 53 } 54 8 55 /** 9 56 * @ticket 11863 … … 104 151 $this->assertEquals( 'about-2', get_post( $about_page_id )->post_name ); 105 152 } 153 154 /** 155 * Data for testing the ability for users to set the post slug. 156 * 157 * @return array Array of test arguments. 158 */ 159 function data_various_post_types() { 160 return array( 161 array( 162 'mapped_meta_caps', 163 ), 164 array( 165 'unmapped_meta_caps', 166 ), 167 array( 168 'post', 169 ), 170 ); 171 } 172 173 /** 174 * Test contributor making changes to the pending post slug. 175 * 176 * @ticket 42464 177 * @dataProvider data_various_post_types 178 */ 179 function test_contributor_cannot_set_post_slug( $post_type ) { 180 wp_set_current_user( self::$user_ids['contributor'] ); 181 182 $post_id = $this->factory()->post->create( array( 183 'post_title' => 'Jefferson claim: nice to have Washington on your side.', 184 'post_content' => "I’m in the cabinet. I am complicit in watching him grabbin’ at power and kiss it.\n\nIf Washington isn’t gon’ listen to disciplined dissidents, this is the difference: this kid is out!", 185 'post_type' => $post_type, 186 'post_name' => 'new-washington', 187 'post_status' => 'pending', 188 ) ); 189 190 $expected = ''; 191 $actual = get_post_field( 'post_name', $post_id ); 192 193 $this->assertSame( $expected, $actual ); 194 195 // Now update the post. 196 wp_update_post( array( 197 'ID' => $post_id, 198 'post_title' => 'Hamilton has Washington on side: Jefferson', 199 'post_name' => 'edited-washington', 200 ) ); 201 202 $expected = ''; 203 $actual = get_post_field( 'post_name', $post_id ); 204 205 $this->assertSame( $expected, $actual ); 206 } 207 208 /** 209 * Test administrator making changes to the pending post slug. 210 * 211 * @ticket 42464 212 * @dataProvider data_various_post_types 213 */ 214 function test_administrator_can_set_post_slug( $post_type ) { 215 wp_set_current_user( self::$user_ids['administrator'] ); 216 217 $post_id = $this->factory()->post->create( array( 218 'post_title' => 'What is the Conner Project?', 219 'post_content' => "Evan Hansen’s last link to his friend Conner is a signature on his broken arm.", 220 'post_type' => $post_type, 221 'post_name' => 'dear-evan-hansen-explainer', 222 'post_status' => 'pending', 223 ) ); 224 225 $expected = 'dear-evan-hansen-explainer'; 226 $actual = get_post_field( 'post_name', $post_id ); 227 228 $this->assertSame( $expected, $actual ); 229 230 // Now update the post. 231 wp_update_post( array( 232 'ID' => $post_id, 233 'post_title' => 'Conner Project to close', 234 'post_name' => 'dear-evan-hansen-spoiler', 235 ) ); 236 237 $expected = 'dear-evan-hansen-spoiler'; 238 $actual = get_post_field( 'post_name', $post_id ); 239 240 $this->assertSame( $expected, $actual ); 241 } 242 243 /** 244 * Test administrator making changes to a pending post slug for a post type they don't 245 * have permission to publish. 246 * 247 * These assertions failed prior to ticket #42464. 248 * 249 * @ticket 42464 250 */ 251 function test_administrator_cannot_set_post_slug_on_post_type_they_cannot_publish() { 252 wp_set_current_user( self::$user_ids['administrator'] ); 253 254 $post_id = $this->factory()->post->create( array( 255 'post_title' => 'Everything is legal in New Jersey', 256 'post_content' => 'Shortly before his death, Philip Hamilton was heard to claim everything was legal in the garden state.', 257 'post_type' => 'no_admin_caps', 258 'post_name' => 'yet-another-duel', 259 'post_status' => 'pending', 260 ) ); 261 262 $expected = ''; 263 $actual = get_post_field( 'post_name', $post_id ); 264 265 $this->assertSame( $expected, $actual ); 266 267 // Now update the post. 268 wp_update_post( array( 269 'ID' => $post_id, 270 'post_title' => 'Ten things illegal in New Jersey', 271 'post_name' => 'foreshadowing-in-nj', 272 ) ); 273 274 $expected = ''; 275 $actual = get_post_field( 'post_name', $post_id ); 276 277 $this->assertSame( $expected, $actual ); 278 } 279 106 280 }
Note: See TracChangeset
for help on using the changeset viewer.