WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
07/11/2018 09:20:10 AM (7 years ago)
Author:
pento
Message:

REST API: Declare user capabilities using JSON Hyper Schema's "targetSchema".

There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.

Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, targetSchema allows us to expose a single flag to show whether the corresponding UI should be displayed.

This change also includes flags on post objects for the following actions:

  • action-publish: The current user can publish this post.
  • action-sticky: The current user can make this post sticky, and the post type supports sticking.
  • `action-assign-author': The current user can change the author on this post.
  • action-assign-{$taxonomy}: The current user can assign terms from the "$taxonomy" taxonomy to this post.
  • action-create-{$taxonomy}: The current user can create terms int the "$taxonomy" taxonomy.

Merges [43437] to the 4.9 branch.

Props TimothyBlynJacobs, danielbachhuber.
Fixes #44287.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/4.9

  • branches/4.9/tests/phpunit/tests/rest-api/rest-attachments-controller.php

    r42427 r43438  
    12121212    }
    12131213
     1214    public function test_links_exist() {
     1215
     1216        wp_set_current_user( self::$editor_id );
     1217
     1218        $post = self::factory()->attachment->create( array( 'post_author' => self::$editor_id ) );
     1219        $this->assertGreaterThan( 0, $post );
     1220
     1221        $request = new WP_REST_Request( 'GET', "/wp/v2/media/{$post}" );
     1222        $request->set_query_params( array( 'context' => 'edit' ) );
     1223
     1224        $response = rest_get_server()->dispatch( $request );
     1225        $links    = $response->get_links();
     1226
     1227        $this->assertArrayHasKey( 'self', $links );
     1228    }
     1229
     1230    public function test_publish_action_ldo_not_registered() {
     1231
     1232        $response = rest_get_server()->dispatch( new WP_REST_Request( 'OPTIONS', '/wp/v2/media' ) );
     1233        $data     = $response->get_data();
     1234        $schema   = $data['schema'];
     1235
     1236        $this->assertArrayHasKey( 'links', $schema );
     1237        $publish = wp_list_filter( $schema['links'], array( 'rel' => 'https://api.w.org/action-publish' ) );
     1238
     1239        $this->assertCount( 0, $publish, 'LDO not found on schema.' );
     1240    }
     1241
     1242    public function test_publish_action_link_does_not_exists() {
     1243
     1244        wp_set_current_user( self::$editor_id );
     1245
     1246        $post = self::factory()->attachment->create( array( 'post_author' => self::$editor_id ) );
     1247        $this->assertGreaterThan( 0, $post );
     1248
     1249        $request = new WP_REST_Request( 'GET', "/wp/v2/media/{$post}" );
     1250        $request->set_query_params( array( 'context' => 'edit' ) );
     1251
     1252        $response = rest_get_server()->dispatch( $request );
     1253        $links    = $response->get_links();
     1254
     1255        $this->assertArrayNotHasKey( 'https://api.w.org/action-publish', $links );
     1256    }
     1257
    12141258    public function tearDown() {
    12151259        parent::tearDown();
Note: See TracChangeset for help on using the changeset viewer.