Changeset 43438 for branches/4.9/tests/phpunit/tests/rest-api/rest-posts-controller.php

Timestamp:

07/11/2018 09:20:10 AM (7 years ago)

Author:

pento

Message:

REST API: Declare user capabilities using JSON Hyper Schema's "targetSchema".

There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.

Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, targetSchema allows us to expose a single flag to show whether the corresponding UI should be displayed.

This change also includes flags on post objects for the following actions:

• action-publish: The current user can publish this post.
• action-sticky: The current user can make this post sticky, and the post type supports sticking.
• `action-assign-author': The current user can change the author on this post.
• action-assign-{$taxonomy}: The current user can assign terms from the "$taxonomy" taxonomy to this post.
• action-create-{$taxonomy}: The current user can create terms int the "$taxonomy" taxonomy.

Merges [43437] to the 4.9 branch.

Props TimothyBlynJacobs, danielbachhuber.
Fixes #44287.

Location:

branches/4.9

Files:

• . (modified) (1 prop)
• tests/phpunit/tests/rest-api/rest-posts-controller.php (modified) (1 diff)

branches/4.9/tests/phpunit/tests/rest-api/rest-posts-controller.php

@@ -3247 +3247 @@
     }
 
+    public function test_publish_action_ldo_registered() {
+
+        $response = rest_get_server()->dispatch( new WP_REST_Request( 'OPTIONS', '/wp/v2/posts' ) );
+        $data     = $response->get_data();
+        $schema   = $data['schema'];
+
+        $this->assertArrayHasKey( 'links', $schema );
+        $publish = wp_list_filter( $schema['links'], array( 'rel' => 'https://api.w.org/action-publish' ) );
+
+        $this->assertCount( 1, $publish, 'LDO found on schema.' );
+    }
+
+    public function test_sticky_action_ldo_registered_for_posts() {
+
+        $response = rest_get_server()->dispatch( new WP_REST_Request( 'OPTIONS', '/wp/v2/posts' ) );
+        $data     = $response->get_data();
+        $schema   = $data['schema'];
+
+        $this->assertArrayHasKey( 'links', $schema );
+        $publish = wp_list_filter( $schema['links'], array( 'rel' => 'https://api.w.org/action-sticky' ) );
+
+        $this->assertCount( 1, $publish, 'LDO found on schema.' );
+    }
+
+    public function test_sticky_action_ldo_not_registered_for_non_posts() {
+
+        $response = rest_get_server()->dispatch( new WP_REST_Request( 'OPTIONS', '/wp/v2/pages' ) );
+        $data     = $response->get_data();
+        $schema   = $data['schema'];
+
+        $this->assertArrayHasKey( 'links', $schema );
+        $publish = wp_list_filter( $schema['links'], array( 'rel' => 'https://api.w.org/action-sticky' ) );
+
+        $this->assertCount( 0, $publish, 'LDO found on schema.' );
+    }
+
+    public function test_author_action_ldo_registered_for_post_types_with_author_support() {
+
+        $response = rest_get_server()->dispatch( new WP_REST_Request( 'OPTIONS', '/wp/v2/posts' ) );
+        $data     = $response->get_data();
+        $schema   = $data['schema'];
+
+        $this->assertArrayHasKey( 'links', $schema );
+        $publish = wp_list_filter( $schema['links'], array( 'rel' => 'https://api.w.org/action-assign-author' ) );
+
+        $this->assertCount( 1, $publish, 'LDO found on schema.' );
+    }
+
+    public function test_author_action_ldo_not_registered_for_post_types_without_author_support() {
+
+        remove_post_type_support( 'post', 'author' );
+
+        $response = rest_get_server()->dispatch( new WP_REST_Request( 'OPTIONS', '/wp/v2/posts' ) );
+        $data     = $response->get_data();
+        $schema   = $data['schema'];
+
+        $this->assertArrayHasKey( 'links', $schema );
+        $publish = wp_list_filter( $schema['links'], array( 'rel' => 'https://api.w.org/action-assign-author' ) );
+
+        $this->assertCount( 0, $publish, 'LDO found on schema.' );
+    }
+
+    public function test_term_action_ldos_registered() {
+
+        $response = rest_get_server()->dispatch( new WP_REST_Request( 'OPTIONS', '/wp/v2/posts' ) );
+        $data     = $response->get_data();
+        $schema   = $data['schema'];
+
+        $this->assertArrayHasKey( 'links', $schema );
+        $rels = array_flip( wp_list_pluck( $schema['links'], 'rel' ) );
+
+        $this->assertArrayHasKey( 'https://api.w.org/action-assign-categories', $rels );
+        $this->assertArrayHasKey( 'https://api.w.org/action-create-categories', $rels );
+        $this->assertArrayHasKey( 'https://api.w.org/action-assign-tags', $rels );
+        $this->assertArrayHasKey( 'https://api.w.org/action-create-tags', $rels );
+
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-assign-post_format', $rels );
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-create-post_format', $rels );
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-assign-nav_menu', $rels );
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-create-nav_menu', $rels );
+    }
+
+    public function test_action_links_only_available_in_edit_context() {
+
+        wp_set_current_user( self::$author_id );
+
+        $post = self::factory()->post->create( array( 'post_author' => self::$author_id ) );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'view' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-publish', $links );
+    }
+
+    public function test_publish_action_link_exists_for_author() {
+
+        wp_set_current_user( self::$author_id );
+
+        $post = self::factory()->post->create( array( 'post_author' => self::$author_id ) );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayHasKey( 'https://api.w.org/action-publish', $links );
+    }
+
+    public function test_publish_action_link_does_not_exist_for_contributor() {
+
+        wp_set_current_user( self::$contributor_id );
+
+        $post = self::factory()->post->create( array( 'post_author' => self::$contributor_id ) );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-publish', $links );
+    }
+
+    public function test_sticky_action_exists_for_editor() {
+
+        wp_set_current_user( self::$editor_id );
+
+        $post = self::factory()->post->create( array( 'post_author' => self::$author_id ) );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayHasKey( 'https://api.w.org/action-sticky', $links );
+    }
+
+    public function test_sticky_action_does_not_exist_for_author() {
+
+        wp_set_current_user( self::$author_id );
+
+        $post = self::factory()->post->create( array( 'post_author' => self::$author_id ) );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-sticky', $links );
+    }
+
+    public function test_sticky_action_does_not_exist_for_non_post_posts() {
+
+        wp_set_current_user( self::$editor_id );
+
+        $post = self::factory()->post->create(
+            array(
+                'post_author' => self::$author_id,
+                'post_type'   => 'page',
+            )
+        );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-sticky', $links );
+    }
+
+
+    public function test_assign_author_action_exists_for_editor() {
+
+        wp_set_current_user( self::$editor_id );
+
+        $post = self::factory()->post->create( array( 'post_author' => self::$author_id ) );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayHasKey( 'https://api.w.org/action-assign-author', $links );
+    }
+
+    public function test_assign_author_action_does_not_exist_for_author() {
+
+        wp_set_current_user( self::$author_id );
+
+        $post = self::factory()->post->create( array( 'post_author' => self::$author_id ) );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-assign-author', $links );
+    }
+
+    public function test_assign_author_action_does_not_exist_for_post_types_without_author_support() {
+
+        remove_post_type_support( 'post', 'author' );
+
+        wp_set_current_user( self::$editor_id );
+
+        $post = self::factory()->post->create();
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-assign-author', $links );
+    }
+
+    public function test_create_term_action_exists_for_editor() {
+
+        wp_set_current_user( self::$editor_id );
+
+        $post = self::factory()->post->create( array( 'post_author' => self::$author_id ) );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayHasKey( 'https://api.w.org/action-create-categories', $links );
+        $this->assertArrayHasKey( 'https://api.w.org/action-create-tags', $links );
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-create-post_format', $links );
+    }
+
+    public function test_create_term_action_non_hierarchical_exists_for_author() {
+
+        wp_set_current_user( self::$author_id );
+
+        $post = self::factory()->post->create( array( 'post_author' => self::$author_id ) );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayHasKey( 'https://api.w.org/action-create-tags', $links );
+    }
+
+    public function test_create_term_action_hierarchical_does_not_exists_for_author() {
+
+        wp_set_current_user( self::$author_id );
+
+        $post = self::factory()->post->create( array( 'post_author' => self::$author_id ) );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayNotHasKey( 'https://api.w.org/action-create-categories', $links );
+    }
+
+    public function test_assign_term_action_exists_for_contributor() {
+
+        wp_set_current_user( self::$contributor_id );
+
+        $post = self::factory()->post->create(
+            array(
+                'post_author' => self::$contributor_id,
+                'post_status' => 'draft',
+            )
+        );
+        $this->assertGreaterThan( 0, $post );
+
+        $request = new WP_REST_Request( 'GET', "/wp/v2/posts/{$post}" );
+        $request->set_query_params( array( 'context' => 'edit' ) );
+
+        $response = rest_get_server()->dispatch( $request );
+        $links    = $response->get_links();
+
+        $this->assertArrayHasKey( 'https://api.w.org/action-assign-categories', $links );
+        $this->assertArrayHasKey( 'https://api.w.org/action-assign-tags', $links );
+    }
+
     public function tearDown() {
         _unregister_post_type( 'youseeeme' );