Changeset 50114
- Timestamp:
- 01/31/2021 07:02:30 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/capabilities.php
r49936 r50114 593 593 $caps[] = is_multisite() ? 'manage_network' : 'manage_options'; 594 594 break; 595 case 'create_app_password': 596 case 'list_app_passwords': 597 case 'read_app_password': 598 case 'edit_app_password': 599 case 'delete_app_passwords': 600 case 'delete_app_password': 601 $caps = map_meta_cap( 'edit_user', $user_id, $args[0] ); 602 break; 595 603 default: 596 604 // Handle meta capabilities for custom post types. -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-application-passwords-controller.php
r50065 r50114 111 111 */ 112 112 public function get_items_permissions_check( $request ) { 113 return $this->do_permissions_check( $request ); 113 $user = $this->get_user( $request ); 114 115 if ( is_wp_error( $user ) ) { 116 return $user; 117 } 118 119 if ( ! current_user_can( 'list_app_passwords', $user->ID ) ) { 120 return new WP_Error( 121 'rest_cannot_list_application_passwords', 122 __( 'Sorry, you are not allowed to list application passwords for this user.' ), 123 array( 'status' => rest_authorization_required_code() ) 124 ); 125 } 126 127 return true; 114 128 } 115 129 … … 150 164 */ 151 165 public function get_item_permissions_check( $request ) { 152 return $this->do_permissions_check( $request ); 166 $user = $this->get_user( $request ); 167 168 if ( is_wp_error( $user ) ) { 169 return $user; 170 } 171 172 if ( ! current_user_can( 'read_app_password', $user->ID, $request['uuid'] ) ) { 173 return new WP_Error( 174 'rest_cannot_read_application_password', 175 __( 'Sorry, you are not allowed to read this application password.' ), 176 array( 'status' => rest_authorization_required_code() ) 177 ); 178 } 179 180 return true; 153 181 } 154 182 … … 180 208 */ 181 209 public function create_item_permissions_check( $request ) { 182 return $this->do_permissions_check( $request ); 210 $user = $this->get_user( $request ); 211 212 if ( is_wp_error( $user ) ) { 213 return $user; 214 } 215 216 if ( ! current_user_can( 'create_app_password', $user->ID ) ) { 217 return new WP_Error( 218 'rest_cannot_create_application_passwords', 219 __( 'Sorry, you are not allowed to create application passwords for this user.' ), 220 array( 'status' => rest_authorization_required_code() ) 221 ); 222 } 223 224 return true; 183 225 } 184 226 … … 249 291 */ 250 292 public function update_item_permissions_check( $request ) { 251 return $this->do_permissions_check( $request ); 293 $user = $this->get_user( $request ); 294 295 if ( is_wp_error( $user ) ) { 296 return $user; 297 } 298 299 if ( ! current_user_can( 'edit_app_password', $user->ID, $request['uuid'] ) ) { 300 return new WP_Error( 301 'rest_cannot_edit_application_password', 302 __( 'Sorry, you are not allowed to edit this application password.' ), 303 array( 'status' => rest_authorization_required_code() ) 304 ); 305 } 306 307 return true; 252 308 } 253 309 … … 309 365 */ 310 366 public function delete_items_permissions_check( $request ) { 311 return $this->do_permissions_check( $request ); 367 $user = $this->get_user( $request ); 368 369 if ( is_wp_error( $user ) ) { 370 return $user; 371 } 372 373 if ( ! current_user_can( 'delete_app_passwords', $user->ID ) ) { 374 return new WP_Error( 375 'rest_cannot_delete_application_passwords', 376 __( 'Sorry, you are not allowed to delete application passwords for this user.' ), 377 array( 'status' => rest_authorization_required_code() ) 378 ); 379 } 380 381 return true; 312 382 } 313 383 … … 350 420 */ 351 421 public function delete_item_permissions_check( $request ) { 352 return $this->do_permissions_check( $request ); 422 $user = $this->get_user( $request ); 423 424 if ( is_wp_error( $user ) ) { 425 return $user; 426 } 427 428 if ( ! current_user_can( 'delete_app_password', $user->ID, $request['uuid'] ) ) { 429 return new WP_Error( 430 'rest_cannot_delete_application_password', 431 __( 'Sorry, you are not allowed to delete this application password.' ), 432 array( 'status' => rest_authorization_required_code() ) 433 ); 434 } 435 436 return true; 353 437 } 354 438 … … 458 542 * 459 543 * @since 5.6.0 544 * @deprecated 5.7.0 Use `edit_user` directly or one of the specific meta capabilities introduced in 5.7.0. 460 545 * 461 546 * @param WP_REST_Request $request … … 463 548 */ 464 549 protected function do_permissions_check( $request ) { 550 _deprecated_function( __METHOD__, '5.7.0' ); 551 465 552 $user = $this->get_user( $request ); 466 553 -
trunk/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php
r50065 r50114 191 191 192 192 $response = rest_do_request( sprintf( '/wp/v2/users/%d/application-passwords', self::$admin ) ); 193 $this->assertErrorResponse( 'rest_cannot_ manage_application_passwords', $response, 403 );193 $this->assertErrorResponse( 'rest_cannot_list_application_passwords', $response, 403 ); 194 194 } 195 195 … … 273 273 $uuid = $item['uuid']; 274 274 $response = rest_do_request( sprintf( '/wp/v2/users/%d/application-passwords/%s', self::$admin, $uuid ) ); 275 $this->assertErrorResponse( 'rest_cannot_ manage_application_passwords', $response, 403 );275 $this->assertErrorResponse( 'rest_cannot_read_application_password', $response, 403 ); 276 276 } 277 277 … … 395 395 $request->set_body_params( array( 'name' => 'App' ) ); 396 396 $response = rest_do_request( $request ); 397 $this->assertErrorResponse( 'rest_cannot_ manage_application_passwords', $response, 403 );397 $this->assertErrorResponse( 'rest_cannot_create_application_passwords', $response, 403 ); 398 398 } 399 399 … … 501 501 $request->set_body_params( array( 'name' => 'New App' ) ); 502 502 $response = rest_do_request( $request ); 503 $this->assertErrorResponse( 'rest_cannot_ manage_application_passwords', $response, 403 );503 $this->assertErrorResponse( 'rest_cannot_edit_application_password', $response, 403 ); 504 504 } 505 505 … … 644 644 $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d/application-passwords/%s', self::$admin, $uuid ) ); 645 645 $response = rest_do_request( $request ); 646 $this->assertErrorResponse( 'rest_cannot_ manage_application_passwords', $response, 403 );646 $this->assertErrorResponse( 'rest_cannot_delete_application_password', $response, 403 ); 647 647 } 648 648 … … 748 748 $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d/application-passwords', self::$admin ) ); 749 749 $response = rest_do_request( $request ); 750 $this->assertErrorResponse( 'rest_cannot_ manage_application_passwords', $response, 403 );750 $this->assertErrorResponse( 'rest_cannot_delete_application_passwords', $response, 403 ); 751 751 } 752 752 -
trunk/tests/phpunit/tests/user/capabilities.php
r49932 r50114 523 523 $expected['edit_user_meta'], 524 524 $expected['delete_user_meta'], 525 $expected['add_user_meta'] 525 $expected['add_user_meta'], 526 $expected['create_app_password'], 527 $expected['list_app_passwords'], 528 $expected['read_app_password'], 529 $expected['edit_app_password'], 530 $expected['delete_app_passwords'], 531 $expected['delete_app_password'] 526 532 ); 527 533
Note: See TracChangeset
for help on using the changeset viewer.