Changeset 43443
- Timestamp:
- 07/13/2018 06:28:29 AM (6 years ago)
- Location:
- branches/4.9
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.9
-
branches/4.9/src/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php
r41731 r43443 81 81 } 82 82 foreach ( $taxonomies as $taxonomy ) { 83 if ( ! empty( $taxonomy->show_in_rest ) && current_user_can( $taxonomy->cap-> manage_terms ) ) {83 if ( ! empty( $taxonomy->show_in_rest ) && current_user_can( $taxonomy->cap->assign_terms ) ) { 84 84 return true; 85 85 } … … 110 110 $data = array(); 111 111 foreach ( $taxonomies as $tax_type => $value ) { 112 if ( empty( $value->show_in_rest ) || ( 'edit' === $request['context'] && ! current_user_can( $value->cap-> manage_terms ) ) ) {112 if ( empty( $value->show_in_rest ) || ( 'edit' === $request['context'] && ! current_user_can( $value->cap->assign_terms ) ) ) { 113 113 continue; 114 114 } … … 142 142 return false; 143 143 } 144 if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap-> manage_terms ) ) {144 if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->assign_terms ) ) { 145 145 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to manage terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) ); 146 146 } -
branches/4.9/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
r42578 r43443 377 377 378 378 $taxonomy_obj = get_taxonomy( $this->taxonomy ); 379 if ( ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) { 379 if ( ( is_taxonomy_hierarchical( $this->taxonomy ) 380 && ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) 381 || ( ! is_taxonomy_hierarchical( $this->taxonomy ) 382 && ! current_user_can( $taxonomy_obj->cap->assign_terms ) ) ) { 380 383 return new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to create new terms.' ), array( 'status' => rest_authorization_required_code() ) ); 381 384 } -
branches/4.9/tests/phpunit/tests/rest-api/rest-categories-controller.php
r42578 r43443 13 13 class WP_Test_REST_Categories_Controller extends WP_Test_REST_Controller_Testcase { 14 14 protected static $administrator; 15 protected static $contributor; 15 16 protected static $subscriber; 16 17 17 18 public static function wpSetUpBeforeClass( $factory ) { 18 self::$administrator = $factory->user->create( array( 19 'role' => 'administrator', 20 ) ); 21 self::$subscriber = $factory->user->create( array( 22 'role' => 'subscriber', 23 ) ); 19 self::$administrator = $factory->user->create( 20 array( 21 'role' => 'administrator', 22 ) 23 ); 24 self::$contributor = $factory->user->create( 25 array( 26 'role' => 'subscriber', 27 ) 28 ); 29 self::$subscriber = $factory->user->create( 30 array( 31 'role' => 'subscriber', 32 ) 33 ); 24 34 } 25 35 … … 654 664 } 655 665 666 public function test_create_item_incorrect_permissions_contributor() { 667 wp_set_current_user( self::$contributor ); 668 $request = new WP_REST_Request( 'POST', '/wp/v2/categories' ); 669 $request->set_param( 'name', 'Incorrect permissions' ); 670 $response = rest_get_server()->dispatch( $request ); 671 $this->assertErrorResponse( 'rest_cannot_create', $response, 403 ); 672 } 673 656 674 public function test_create_item_missing_arguments() { 657 675 wp_set_current_user( self::$administrator ); -
branches/4.9/tests/phpunit/tests/rest-api/rest-tags-controller.php
r41760 r43443 14 14 protected static $administrator; 15 15 protected static $editor; 16 protected static $contributor; 16 17 protected static $subscriber; 17 18 18 19 public static function wpSetUpBeforeClass( $factory ) { 19 self::$superadmin = $factory->user->create( array( 20 'role' => 'administrator', 21 'user_login' => 'superadmin', 22 ) ); 23 self::$administrator = $factory->user->create( array( 24 'role' => 'administrator', 25 ) ); 26 self::$editor = $factory->user->create( array( 27 'role' => 'editor', 28 ) ); 29 self::$subscriber = $factory->user->create( array( 30 'role' => 'subscriber', 31 ) ); 20 self::$superadmin = $factory->user->create( 21 array( 22 'role' => 'administrator', 23 'user_login' => 'superadmin', 24 ) 25 ); 26 self::$administrator = $factory->user->create( 27 array( 28 'role' => 'administrator', 29 ) 30 ); 31 self::$editor = $factory->user->create( 32 array( 33 'role' => 'editor', 34 ) 35 ); 36 self::$contributor = $factory->user->create( 37 array( 38 'role' => 'contributor', 39 ) 40 ); 41 self::$subscriber = $factory->user->create( 42 array( 43 'role' => 'subscriber', 44 ) 45 ); 32 46 if ( is_multisite() ) { 33 47 update_site_option( 'site_admins', array( 'superadmin' ) ); … … 556 570 $headers = $response->get_headers(); 557 571 $data = $response->get_data(); 572 $this->assertContains( '/wp/v2/tags/' . $data['id'], $headers['Location'] ); 573 $this->assertEquals( 'My Awesome Term', $data['name'] ); 574 $this->assertEquals( 'This term is so awesome.', $data['description'] ); 575 $this->assertEquals( 'so-awesome', $data['slug'] ); 576 } 577 578 public function test_create_item_contributor() { 579 wp_set_current_user( self::$contributor ); 580 $request = new WP_REST_Request( 'POST', '/wp/v2/tags' ); 581 $request->set_param( 'name', 'My Awesome Term' ); 582 $request->set_param( 'description', 'This term is so awesome.' ); 583 $request->set_param( 'slug', 'so-awesome' ); 584 $response = rest_get_server()->dispatch( $request ); 585 $this->assertEquals( 201, $response->get_status() ); 586 $headers = $response->get_headers(); 587 $data = $response->get_data(); 558 588 $this->assertContains( '/wp/v2/tags/' . $data['id'], $headers['Location'] ); 559 589 $this->assertEquals( 'My Awesome Term', $data['name'] ); -
branches/4.9/tests/phpunit/tests/rest-api/rest-taxonomies-controller.php
r42427 r43443 52 52 $response = $this->server->dispatch( $request ); 53 53 $data = $response->get_data(); 54 $taxonomies = $this->get_public_taxonomies( get_taxonomies( '', 'objects' ) ); 55 $this->assertEquals( count( $taxonomies ), count( $data ) ); 56 $this->assertEquals( 'Categories', $data['category']['name'] ); 57 $this->assertEquals( 'category', $data['category']['slug'] ); 58 $this->assertEquals( true, $data['category']['hierarchical'] ); 59 $this->assertEquals( 'Tags', $data['post_tag']['name'] ); 60 $this->assertEquals( 'post_tag', $data['post_tag']['slug'] ); 61 $this->assertEquals( false, $data['post_tag']['hierarchical'] ); 62 $this->assertEquals( 'tags', $data['post_tag']['rest_base'] ); 63 } 64 65 public function test_get_items_context_edit() { 66 wp_set_current_user( self::$contributor_id ); 67 $request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies' ); 68 $request->set_param( 'context', 'edit' ); 69 $response = rest_get_server()->dispatch( $request ); 70 $data = $response->get_data(); 54 71 $taxonomies = $this->get_public_taxonomies( get_taxonomies( '', 'objects' ) ); 55 72 $this->assertEquals( count( $taxonomies ), count( $data ) );
Note: See TracChangeset
for help on using the changeset viewer.