WordPress.org

Make WordPress Core

Changeset 46433


Ignore:
Timestamp:
10/08/2019 04:00:25 AM (6 weeks ago)
Author:
kadamwhite
Message:

REST API: Ensure users with "moderate_comments" capability may edit comments.

Props meloniq.
Fixes #47024.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    r46272 r46433  
    16731673        }
    16741674
    1675         if ( ! current_user_can( 'moderate_comments' ) ) {
    1676             return false;
     1675        if ( current_user_can( 'moderate_comments' ) ) {
     1676            return true;
    16771677        }
    16781678
  • trunk/tests/phpunit/tests/rest-api/rest-comments-controller.php

    r43571 r46433  
    1414    protected static $admin_id;
    1515    protected static $editor_id;
     16    protected static $moderator_id;
    1617    protected static $subscriber_id;
    1718    protected static $author_id;
     
    2829
    2930    public static function wpSetUpBeforeClass( $factory ) {
     31        add_role(
     32            'comment_moderator',
     33            'Comment Moderator',
     34            array(
     35                'read'              => true,
     36                'moderate_comments' => true,
     37            )
     38        );
     39
    3040        self::$superadmin_id = $factory->user->create(
    3141            array(
     
    4252            array(
    4353                'role' => 'editor',
     54            )
     55        );
     56        self::$moderator_id  = $factory->user->create(
     57            array(
     58                'role' => 'comment_moderator',
    4459            )
    4560        );
     
    99114
    100115    public static function wpTearDownAfterClass() {
     116        remove_role( 'comment_moderator' );
     117
    101118        self::delete_user( self::$superadmin_id );
    102119        self::delete_user( self::$admin_id );
    103120        self::delete_user( self::$editor_id );
     121        self::delete_user( self::$moderator_id );
    104122        self::delete_user( self::$subscriber_id );
    105123        self::delete_user( self::$author_id );
     
    24812499    }
    24822500
     2501    /**
     2502     * @ticket 47024
     2503     */
     2504    public function test_update_comment_when_can_moderate_comments() {
     2505        wp_set_current_user( self::$moderator_id );
     2506
     2507        $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
     2508        $params  = array(
     2509            'content' => 'Updated comment.',
     2510            'date'    => '2019-10-07T23:14:25',
     2511        );
     2512        $request->add_header( 'content-type', 'application/json' );
     2513        $request->set_body( wp_json_encode( $params ) );
     2514
     2515        $response = rest_get_server()->dispatch( $request );
     2516        $this->assertEquals( 200, $response->get_status() );
     2517
     2518        $comment = $response->get_data();
     2519        $updated = get_comment( self::$approved_id );
     2520
     2521        $this->assertEquals( $params['content'], $updated->comment_content );
     2522        $this->assertEquals( self::$post_id, $comment['post'] );
     2523        $this->assertEquals( '2019-10-07T23:14:25', $comment['date'] );
     2524    }
     2525
    24832526    public function test_update_comment_private_post_invalid_permission() {
    24842527        $private_comment_id = $this->factory->comment->create(
  • trunk/tests/qunit/fixtures/wp-api-generated.js

    r46422 r46433  
    23052305            ]
    23062306        },
    2307         "/wp/v2/media/(?P<id>[\\d+])/post-process": {
     2307        "/wp/v2/media/(?P<id>[\\d]+)/post-process": {
    23082308            "namespace": "wp/v2",
    23092309            "methods": [
Note: See TracChangeset for help on using the changeset viewer.