Changeset 58227
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php
r58079 r58227 237 237 * 238 238 * @since 5.8.0 239 * @since 6.6.0 Allow users with edit_posts capability to read templates. 239 240 * 240 241 * @param WP_REST_Request $request Full details about the request. … … 242 243 */ 243 244 public function get_items_permissions_check( $request ) { 244 return $this->permissions_check( $request ); 245 if ( current_user_can( 'edit_posts' ) ) { 246 return true; 247 } 248 foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { 249 if ( current_user_can( $post_type->cap->edit_posts ) ) { 250 return true; 251 } 252 } 253 254 return new WP_Error( 255 'rest_cannot_manage_templates', 256 __( 'Sorry, you are not allowed to access the templates on this site.', 'default' ), 257 array( 258 'status' => rest_authorization_required_code(), 259 ) 260 ); 245 261 } 246 262 … … 278 294 * 279 295 * @since 5.8.0 296 * @since 6.6.0 Allow users with edit_posts capability to read individual templates. 280 297 * 281 298 * @param WP_REST_Request $request Full details about the request. … … 283 300 */ 284 301 public function get_item_permissions_check( $request ) { 285 return $this->permissions_check( $request ); 302 if ( current_user_can( 'edit_posts' ) ) { 303 return true; 304 } 305 foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { 306 if ( current_user_can( $post_type->cap->edit_posts ) ) { 307 return true; 308 } 309 } 310 311 return new WP_Error( 312 'rest_cannot_manage_templates', 313 __( 'Sorry, you are not allowed to access the templates on this site.', 'default' ), 314 array( 315 'status' => rest_authorization_required_code(), 316 ) 317 ); 286 318 } 287 319 -
trunk/tests/phpunit/tests/rest-api/wpRestTemplatesController.php
r58079 r58227 15 15 */ 16 16 protected static $admin_id; 17 protected static $editor_id; 18 protected static $subscriber_id; 17 19 private static $template_post; 18 20 private static $template_part_post; … … 24 26 */ 25 27 public static function wpSetupBeforeClass( $factory ) { 26 self::$admin_id = $factory->user->create(28 self::$admin_id = $factory->user->create( 27 29 array( 28 30 'role' => 'administrator', 31 ) 32 ); 33 self::$editor_id = $factory->user->create( 34 array( 35 'role' => 'editor', 36 ) 37 ); 38 self::$subscriber_id = $factory->user->create( 39 array( 40 'role' => 'subscriber', 29 41 ) 30 42 ); … … 167 179 * @covers WP_REST_Templates_Controller::get_items 168 180 */ 169 public function test_get_items_ no_permission() {170 wp_set_current_user( 0);181 public function test_get_items_editor() { 182 wp_set_current_user( self::$editor_id ); 171 183 $request = new WP_REST_Request( 'GET', '/wp/v2/templates' ); 172 184 $response = rest_get_server()->dispatch( $request ); 173 $this->assertErrorResponse( 'rest_cannot_manage_templates', $response, 401 ); 174 } 175 176 /** 177 * @covers WP_REST_Templates_Controller::get_item 178 */ 179 public function test_get_item() { 180 wp_set_current_user( self::$admin_id ); 181 $request = new WP_REST_Request( 'GET', '/wp/v2/templates/default//my_template' ); 182 $response = rest_get_server()->dispatch( $request ); 183 $data = $response->get_data(); 184 unset( $data['content'] ); 185 unset( $data['_links'] ); 185 $data = $response->get_data(); 186 186 187 187 $this->assertSame( … … 207 207 'original_source' => 'site', 208 208 ), 209 $this->find_and_normalize_template_by_id( $data, 'default//my_template' ) 210 ); 211 } 212 213 /** 214 * @covers WP_REST_Templates_Controller::get_items 215 */ 216 public function test_get_items_no_permission_subscriber() { 217 wp_set_current_user( self::$subscriber_id ); 218 $request = new WP_REST_Request( 'GET', '/wp/v2/templates' ); 219 $response = rest_get_server()->dispatch( $request ); 220 $this->assertErrorResponse( 'rest_cannot_manage_templates', $response, 403 ); 221 } 222 223 /** 224 * @covers WP_REST_Templates_Controller::get_items 225 */ 226 public function test_get_items_no_permission() { 227 wp_set_current_user( 0 ); 228 $request = new WP_REST_Request( 'GET', '/wp/v2/templates' ); 229 $response = rest_get_server()->dispatch( $request ); 230 $this->assertErrorResponse( 'rest_cannot_manage_templates', $response, 401 ); 231 } 232 233 /** 234 * @covers WP_REST_Templates_Controller::get_item 235 */ 236 public function test_get_item() { 237 wp_set_current_user( self::$admin_id ); 238 $request = new WP_REST_Request( 'GET', '/wp/v2/templates/default//my_template' ); 239 $response = rest_get_server()->dispatch( $request ); 240 $data = $response->get_data(); 241 unset( $data['content'] ); 242 unset( $data['_links'] ); 243 244 $this->assertSame( 245 array( 246 'id' => 'default//my_template', 247 'theme' => 'default', 248 'slug' => 'my_template', 249 'source' => 'custom', 250 'origin' => null, 251 'type' => 'wp_template', 252 'description' => 'Description of my template.', 253 'title' => array( 254 'raw' => 'My Template', 255 'rendered' => 'My Template', 256 ), 257 'status' => 'publish', 258 'wp_id' => self::$template_post->ID, 259 'has_theme_file' => false, 260 'is_custom' => true, 261 'author' => 0, 262 'modified' => mysql_to_rfc3339( self::$template_post->post_modified ), 263 'author_text' => 'Test Blog', 264 'original_source' => 'site', 265 ), 209 266 $data 210 267 ); 268 } 269 270 /** 271 * @covers WP_REST_Templates_Controller::get_item 272 */ 273 public function test_get_item_editor() { 274 wp_set_current_user( self::$editor_id ); 275 $request = new WP_REST_Request( 'GET', '/wp/v2/templates/default//my_template' ); 276 $response = rest_get_server()->dispatch( $request ); 277 $data = $response->get_data(); 278 unset( $data['content'] ); 279 unset( $data['_links'] ); 280 281 $this->assertSame( 282 array( 283 'id' => 'default//my_template', 284 'theme' => 'default', 285 'slug' => 'my_template', 286 'source' => 'custom', 287 'origin' => null, 288 'type' => 'wp_template', 289 'description' => 'Description of my template.', 290 'title' => array( 291 'raw' => 'My Template', 292 'rendered' => 'My Template', 293 ), 294 'status' => 'publish', 295 'wp_id' => self::$template_post->ID, 296 'has_theme_file' => false, 297 'is_custom' => true, 298 'author' => 0, 299 'modified' => mysql_to_rfc3339( self::$template_post->post_modified ), 300 'author_text' => 'Test Blog', 301 'original_source' => 'site', 302 ), 303 $data 304 ); 305 } 306 307 /** 308 * @covers WP_REST_Templates_Controller::get_item 309 */ 310 public function test_get_item_subscriber() { 311 wp_set_current_user( self::$subscriber_id ); 312 $request = new WP_REST_Request( 'GET', '/wp/v2/templates/default//my_template' ); 313 $response = rest_get_server()->dispatch( $request ); 314 $response = rest_get_server()->dispatch( $request ); 315 $this->assertErrorResponse( 'rest_cannot_manage_templates', $response, 403 ); 211 316 } 212 317
Note: See TracChangeset
for help on using the changeset viewer.