WordPress.org
Get WordPress

Make WordPress Core

Changeset 54396


Ignore:
Timestamp:
10/05/2022 02:47:07 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Tests: Add comments to clarify a REST API test for password protected posts.

Authenticated users should only be allowed to read password protected content if they have the edit_post meta capability for the post. In other words, the content of a password protected post created by an Editor should not be viewable by a Contributor.

This commit aims to clarify the usage of a negative assertion assertStringNotContainsString() and describe the intention behind the test to avoid confusion.

Follow-up to [50717].

Fixes #56681.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/tests/phpunit/tests/rest-api/rest-posts-controller.php

    r54090 r54396  
    19551955    }
    19561956
     1957    /**
     1958     * Tests that authenticated users are only allowed to read password protected content
     1959     * if they have the 'edit_post' meta capability for the post.
     1960     */
    19571961    public function test_get_post_draft_edit_context() {
    19581962        $post_content = 'Hello World!';
     1963
     1964        // Create a password protected post as an Editor.
    19591965        self::factory()->post->create(
    19601966            array(
     
    19661972            )
    19671973        );
     1974
     1975        // Create a draft with the Latest Posts block as a Contributor.
    19681976        $draft_id = self::factory()->post->create(
    19691977            array(
     
    19731981            )
    19741982        );
     1983
     1984        // Set the current user to Contributor and request the draft for editing.
    19751985        wp_set_current_user( self::$contributor_id );
    19761986        $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', $draft_id ) );
     
    19781988        $response = rest_get_server()->dispatch( $request );
    19791989        $data     = $response->get_data();
     1990
     1991        /*
     1992         * Verify that the content of a password protected post created by an Editor
     1993         * is not viewable by a Contributor.
     1994         */
    19801995        $this->assertStringNotContainsString( $post_content, $data['content']['rendered'] );
    19811996    }
Note: See TracChangeset for help on using the changeset viewer.