Changeset 50490 for trunk/tests/phpunit/tests/user/capabilities.php

Timestamp:

03/04/2021 12:12:55 AM (4 years ago)

Author:

peterwilsoncc

Message:

Roles/Caps: Return same result from current_user_can and user_can().

Ensure current_user_can() and user_can() return the same results for logged out users. For core capabilities this changes user_can( 0, 'exist' ) to return true rather than false in line with current_user_can( 'exist' ) for logged out users.

Convert current_user_can() and current_user_can_for_blog() to wrapper functions ultimately calling user_can().

Add anonymous user to primitive capability checks as appropriate. Convert Tests_User_Capabilities::test_other_caps_for_all_roles() to use a data provider and add tests to check whether user exists in the database (WP_User::exists()) as that intentionally differs from the exist capability.

Props jjj, johnbillion, peterwilsoncc, SergeyBiryukov, TimothyBlynJacobs.
Fixes #52076.

File:

• trunk/tests/phpunit/tests/user/capabilities.php (modified) (7 diffs)

trunk/tests/phpunit/tests/user/capabilities.php

@@ -13 +13 @@
      */
     protected static $users = array(
+        'anonymous'     => null,
         'administrator' => null,
         'editor'        => null,
@@ -32 +33 @@
     public static function wpSetUpBeforeClass( WP_UnitTest_Factory $factory ) {
         self::$users       = array(
+            'anonymous'     => new WP_User( 0 ),
             'administrator' => $factory->user->create_and_get( array( 'role' => 'administrator' ) ),
             'editor'        => $factory->user->create_and_get( array( 'role' => 'editor' ) ),
@@ -343 +345 @@
     }
 
+    /**
+     * Data provider for testing a single site install's roles.
+     *
+     * @return array[] {
+     *     Arguments for test.
+     *
+     *     @type string $role The role to test for.
+     * }
+     */
+    function data_single_site_roles_to_check() {
+        return array(
+            array( 'anonymous' ),
+            array( 'administrator' ),
+            array( 'editor' ),
+            array( 'author' ),
+            array( 'contributor' ),
+            array( 'subscriber' ),
+        );
+    }
+
     protected function getAllCapsAndRoles() {
         return $this->getPrimitiveCapsAndRoles() + $this->getMetaCapsAndRoles();
@@ -392 +414 @@
 
         foreach ( self::$users as $role => $user ) {
-
-            // Make sure the user is valid.
-            $this->assertTrue( $user->exists(), "User with {$role} role does not exist" );
+            if ( 'anonymous' === $role ) {
+                // The anonymous role does not exist.
+                $this->assertFalse( $user->exists(), "User with {$role} role should not exist" );
+            } else {
+                // Make sure the user is valid.
+                $this->assertTrue( $user->exists(), "User with {$role} role does not exist" );
+            }
 
             $user_caps = $user->allcaps;
@@ -564 +590 @@
     /**
      * Test miscellaneous capabilities of all user roles.
-     */
-    function test_other_caps_for_all_roles() {
-        foreach ( self::$users as $role => $user ) {
-            // Make sure the user is valid.
-            $this->assertTrue( $user->exists(), "User with {$role} role does not exist" );
-
-            // Make sure the role name is correct.
-            $this->assertSame( array( $role ), $user->roles, "User should only have the {$role} role" );
-
-            $this->assertFalse( $user->has_cap( 'start_a_fire' ), "User with the {$role} role should not have a custom capability" );
-            $this->assertFalse( user_can( $user, 'start_a_fire' ), "User with the {$role} role should not have a custom capability" );
-
-            $this->assertFalse( $user->has_cap( 'do_not_allow' ), "User with the {$role} role should not have the do_not_allow capability" );
-            $this->assertFalse( user_can( $user, 'do_not_allow' ), "User with the {$role} role should not have the do_not_allow capability" );
-
-            $this->assertTrue( $user->has_cap( 'exist' ), "User with the {$role} role should have the exist capability" );
-            $this->assertTrue( user_can( $user, 'exist' ), "User with the {$role} role should have the exist capability" );
-        }
+     *
+     * @dataProvider data_single_site_roles_to_check
+     */
+    function test_other_caps_for_all_roles( $role ) {
+        $user   = self::$users[ $role ];
+        $old_id = wp_get_current_user()->ID;
+        wp_set_current_user( $user->ID );
+
+        // Make sure the role name is correct.
+        $expected_roles = array( $role );
+        if ( 'anonymous' === $role ) {
+            //  Anonymous role does not exist, user roles should be empty.
+            $expected_roles = array();
+        }
+        $this->assertSame( $expected_roles, $user->roles, "User should only have the {$role} role" );
+
+        $this->assertFalse( $user->has_cap( 'start_a_fire' ), "User with the {$role} role should not have a custom capability (test via WP_User->has_cap() method)." );
+        $this->assertFalse( user_can( $user, 'start_a_fire' ), "User with the {$role} role should not have a custom capability (test by user object)." );
+        $this->assertFalse( user_can( $user->ID, 'start_a_fire' ), "User with the {$role} role should not have a custom capability (test by user ID)." );
+        $this->assertFalse( current_user_can( 'start_a_fire' ), "User with the {$role} role should not have a custom capability (test by current user)." );
+
+        $this->assertFalse( $user->has_cap( 'do_not_allow' ), "User with the {$role} role should not have the do_not_allow capability (test via WP_User->has_cap() method)." );
+        $this->assertFalse( user_can( $user, 'do_not_allow' ), "User with the {$role} role should not have the do_not_allow capability (test by user object)." );
+        $this->assertFalse( user_can( $user->ID, 'do_not_allow' ), "User with the {$role} role should not have the do_not_allow capability (test by user ID)." );
+        $this->assertFalse( current_user_can( 'do_not_allow' ), "User with the {$role} role should not have the do_not_allow capability (test by current user)." );
+
+        $this->assertTrue( $user->has_cap( 'exist' ), "User with the {$role} role should have the exist capability (test via WP_User->has_cap() method)." );
+        $this->assertTrue( user_can( $user, 'exist' ), "User with the {$role} role should have the exist capability (test by user object)." );
+        $this->assertTrue( user_can( $user->ID, 'exist' ), "User with the {$role} role should have the exist capability (test by user ID)." );
+        $this->assertTrue( current_user_can( 'exist' ), "User with the {$role} role should have the exist capability (test by current user)." );
+
+        wp_set_current_user( $old_id );
+    }
+
+    /**
+     * Test user exists/does not exist as expected.
+     *
+     * @dataProvider data_single_site_roles_to_check
+     */
+    function test_user_exists_in_database( $role ) {
+        $user     = self::$users[ $role ];
+        $expected = true;
+
+        if ( 'anonymous' === $role ) {
+            $expected = false;
+        }
+
+        $this->assertSame( $expected, $user->exists() );
     }
 
@@ -595 +651 @@
             $user->remove_cap( 'do_not_allow' );
             $this->assertFalse( $has_cap, "User with the {$role} role should not have the do_not_allow capability" );
+
+            # Test adding the cap via a filter
+            add_filter( 'user_has_cap', array( $this, 'grant_do_not_allow' ), 10, 4 );
+            $has_cap = $user->has_cap( 'do_not_allow' );
+            remove_filter( 'user_has_cap', array( $this, 'grant_do_not_allow' ), 10, 4 );
+            $this->assertFalse( $has_cap, "User with the {$role} role should not have the do_not_allow capability" );
+
+            if ( 'anonymous' === $role ) {
+                // The anonymous role does not exist.
+                continue;
+            }
 
             # Test adding the cap to the user's role
@@ -602 +669 @@
             $role_obj->remove_cap( 'do_not_allow' );
             $this->assertFalse( $has_cap, "User with the {$role} role should not have the do_not_allow capability" );
-
-            # Test adding the cap via a filter
-            add_filter( 'user_has_cap', array( $this, 'grant_do_not_allow' ), 10, 4 );
-            $has_cap = $user->has_cap( 'do_not_allow' );
-            remove_filter( 'user_has_cap', array( $this, 'grant_do_not_allow' ), 10, 4 );
-            $this->assertFalse( $has_cap, "User with the {$role} role should not have the do_not_allow capability" );
-
         }
     }