Changeset 47361 for trunk/tests/phpunit/tests/rest-api/rest-themes-controller.php

Timestamp:

02/25/2020 03:18:19 PM (6 years ago)

Author:

kadamwhite

Message:

REST API: Permit access to the themes controller if user can edit any post type.

Check a more exhaustive list of post type editing caps beyond "edit_post" to ensure custom user roles with access to to specific post types may still use block editor functionality depending on theme features.

Props miyauchi, TimothyBlynJacobs.
Fixes #46723.

File:

• trunk/tests/phpunit/tests/rest-api/rest-themes-controller.php (modified) (2 diffs)

trunk/tests/phpunit/tests/rest-api/rest-themes-controller.php

@@ -157 +157 @@
 
     /**
+     * @ticket 46723
+     */
+    public function test_get_items_logged_out() {
+        wp_set_current_user( 0 );
+        $response = self::perform_active_theme_request();
+        $this->assertErrorResponse( 'rest_user_cannot_view', $response, 401 );
+    }
+
+    /**
      * An error should be returned when the user does not have the edit_posts capability.
      *
@@ -165 +174 @@
         $response = self::perform_active_theme_request();
         $this->assertErrorResponse( 'rest_user_cannot_view', $response, 403 );
+    }
+
+    /**
+     * @ticket 46723
+     */
+    public function test_get_item_single_post_type_cap() {
+        $user = self::factory()->user->create_and_get();
+        $user->add_cap( 'edit_pages' );
+        wp_set_current_user( $user->ID );
+
+        $response = self::perform_active_theme_request();
+        $this->assertEquals( 200, $response->get_status() );
     }