Make WordPress Core


Ignore:
Timestamp:
11/15/2018 12:56:54 PM (6 years ago)
Author:
danielbachhuber
Message:

REST API: Avoid using 'parent' as path argument name for autosaves.

When 'parent' is set as the path argument name, it gets passed down through to the create_item() method and can erroneously reset the 'parent' value on the post itself. Instead, we rename the argument to 'id' and replicate the revision controller's get_items_permissions_check() to instead reference 'id'.

Also ensures revision query params (of which there are many) aren't exposed as the query params for autosaves (of which there are two).

Props TimothyBlynJacobs.
See #43316.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/5.0/tests/phpunit/tests/rest-api/rest-autosaves-controller.php

    r43768 r43897  
    1414    protected static $post_id;
    1515    protected static $page_id;
     16    protected static $draft_page_id;
    1617
    1718    protected static $autosave_post_id;
     
    2021    protected static $editor_id;
    2122    protected static $contributor_id;
     23
     24    protected static $parent_page_id;
     25    protected static $child_page_id;
     26    protected static $child_draft_page_id;
    2227
    2328    protected function set_post_data( $args = array() ) {
     
    7782        );
    7883
     84        self::$draft_page_id       = $factory->post->create( array(
     85            'post_type'   => 'page',
     86            'post_status' => 'draft',
     87        ) );
     88        self::$parent_page_id      = $factory->post->create( array(
     89            'post_type' => 'page',
     90        ) );
     91        self::$child_page_id       = $factory->post->create( array(
     92            'post_type'   => 'page',
     93            'post_parent' => self::$parent_page_id,
     94        ) );
     95        self::$child_draft_page_id = $factory->post->create( array(
     96            'post_type'   => 'page',
     97            'post_parent' => self::$parent_page_id,
     98            // The "update post" behavior of the autosave endpoint only occurs
     99            // when saving a draft/auto-draft authored by the current user.
     100            'post_status' => 'draft',
     101            'post_author' => self::$editor_id,
     102        ) );
    79103    }
    80104
     
    97121    public function test_register_routes() {
    98122        $routes = rest_get_server()->get_routes();
    99         $this->assertArrayHasKey( '/wp/v2/posts/(?P<parent>[\d]+)/autosaves', $routes );
     123        $this->assertArrayHasKey( '/wp/v2/posts/(?P<id>[\d]+)/autosaves', $routes );
    100124        $this->assertArrayHasKey( '/wp/v2/posts/(?P<parent>[\d]+)/autosaves/(?P<id>[\d]+)', $routes );
    101         $this->assertArrayHasKey( '/wp/v2/pages/(?P<parent>[\d]+)/autosaves', $routes );
     125        $this->assertArrayHasKey( '/wp/v2/pages/(?P<id>[\d]+)/autosaves', $routes );
    102126        $this->assertArrayHasKey( '/wp/v2/pages/(?P<parent>[\d]+)/autosaves/(?P<id>[\d]+)', $routes );
    103127    }
     
    118142        $this->assertEquals( 'view', $data['endpoints'][0]['args']['context']['default'] );
    119143        $this->assertEqualSets( array( 'view', 'edit', 'embed' ), $data['endpoints'][0]['args']['context']['enum'] );
     144    }
     145
     146    public function test_registered_query_params() {
     147        $request = new WP_REST_Request( 'OPTIONS', '/wp/v2/posts/' . self::$post_id . '/autosaves' );
     148        $response = $this->server->dispatch( $request );
     149        $data = $response->get_data();
     150        $keys = array_keys( $data['endpoints'][0]['args'] );
     151        sort( $keys );
     152        $this->assertEquals( array(
     153            'context',
     154            'parent',
     155        ), $keys );
    120156    }
    121157
     
    518554    }
    519555
     556    public function test_update_item_draft_page_with_parent() {
     557        wp_set_current_user( self::$editor_id );
     558        $request = new WP_REST_Request( 'POST', '/wp/v2/pages/' . self::$child_draft_page_id . '/autosaves' );
     559        $request->add_header( 'content-type', 'application/x-www-form-urlencoded' );
     560
     561        $params = $this->set_post_data(
     562            array(
     563                'id'     => self::$child_draft_page_id,
     564                'author' => self::$editor_id,
     565            )
     566        );
     567
     568        $request->set_body_params( $params );
     569        $response = rest_get_server()->dispatch( $request );
     570        $data     = $response->get_data();
     571
     572        $this->assertEquals( self::$child_draft_page_id, $data['id'] );
     573        $this->assertEquals( self::$parent_page_id, $data['parent'] );
     574    }
     575
     576    public function test_schema_validation_is_applied() {
     577        wp_set_current_user( self::$editor_id );
     578
     579        $request = new WP_REST_Request( 'POST', '/wp/v2/pages/' . self::$draft_page_id . '/autosaves' );
     580        $request->add_header( 'content-type', 'application/x-www-form-urlencoded' );
     581
     582        $params = $this->set_post_data( array(
     583            'id' => self::$draft_page_id,
     584            'comment_status' => 'garbage',
     585        ) );
     586
     587        $request->set_body_params( $params );
     588
     589        $response = rest_get_server()->dispatch( $request );
     590        $this->assertNotEquals( 'garbage', get_post( self::$draft_page_id )->comment_status );
     591    }
    520592}
Note: See TracChangeset for help on using the changeset viewer.