Changeset 47547 for trunk/tests/phpunit/tests/rest-api/rest-revisions-controller.php

Timestamp:

04/03/2020 07:38:15 PM (3 years ago)

Author:

kadamwhite

Message:

REST API: Fix revisions controller get_item permission check.

r45812 incorrectly introduced a delete_post permissions check into the get_item method, breaking some plugins which requested revisions when generating previews.

Props sorenbronsted, yohannp, TimothyBlynJacobs.
Fixes #49645.

File:

• trunk/tests/phpunit/tests/rest-api/rest-revisions-controller.php (modified) (2 diffs)

trunk/tests/phpunit/tests/rest-api/rest-revisions-controller.php

@@ -243 +243 @@
 
     /**
+     * @ticket 49645
+     */
+    public function test_delete_item_parent_check() {
+        wp_set_current_user( self::$contributor_id );
+        $request = new WP_REST_Request( 'DELETE', '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_id1 );
+        $request->set_param( 'force', true );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertErrorResponse( 'rest_cannot_delete', $response, 403 );
+        $this->assertNotNull( get_post( $this->revision_id1 ) );
+    }
+
+    /**
      * @ticket 43709
      */
@@ -290 +302 @@
         $request  = new WP_REST_Request( 'DELETE', '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_id1 );
         $response = rest_get_server()->dispatch( $request );
-        $this->assertErrorResponse( 'rest_cannot_read', $response, 403 );
+        $this->assertErrorResponse( 'rest_cannot_delete', $response, 403 );
     }