Changeset 59048 for trunk/tests/phpunit/tests/rest-api/rest-global-styles-controller.php

Timestamp:

09/18/2024 05:17:05 AM (19 months ago)

Author:

ramonopoly

Message:

Global Styles: allow read access to users with edit_posts capabilities

This patch any role that can edit a post, including custom post types, or edit theme options to read global styles from the API. This enables read-only access to global styles in the post editor. Test coverage in included.

Props ramonopoly, peterwilsoncc, mukesh27, aaronrobertshaw, mamaduka, spacedmonkey, talldanwp, timothyblynjacobs.
Fixes #62042.

File:

• trunk/tests/phpunit/tests/rest-api/rest-global-styles-controller.php (modified) (7 diffs)

trunk/tests/phpunit/tests/rest-api/rest-global-styles-controller.php

@@ -20 +20 @@
      * @var int
      */
+    protected static $editor_id;
+
+    /**
+     * @var int
+     */
     protected static $subscriber_id;
+
+    /**
+     * @var int
+     */
+    protected static $theme_manager_id;
 
     /**
@@ -55 +65 @@
         );
 
+        self::$editor_id = $factory->user->create(
+            array(
+                'role' => 'editor',
+            )
+        );
+
         self::$subscriber_id = $factory->user->create(
             array(
@@ -60 +76 @@
             )
         );
+
+        self::$theme_manager_id = $factory->user->create(
+            array(
+                'role' => 'subscriber',
+            )
+        );
+
+        // Add the 'edit_theme_options' capability to the theme manager (subscriber).
+        $theme_manager_id = get_user_by( 'id', self::$theme_manager_id );
+        if ( $theme_manager_id instanceof WP_User ) {
+            $theme_manager_id->add_cap( 'edit_theme_options' );
+        }
 
         // This creates the global styles for the current theme.
@@ -79 +107 @@
 
     /**
-     *
+     * Clean up after our tests run.
      */
     public static function wpTearDownAfterClass() {
         self::delete_user( self::$admin_id );
+        self::delete_user( self::$editor_id );
         self::delete_user( self::$subscriber_id );
+        self::delete_user( self::$theme_manager_id );
     }
 
@@ -265 +295 @@
         $request  = new WP_REST_Request( 'GET', '/wp/v2/global-styles/themes/tt1-blocks' );
         $response = rest_get_server()->dispatch( $request );
-        $this->assertErrorResponse( 'rest_cannot_manage_global_styles', $response, 401 );
+        $this->assertErrorResponse( 'rest_cannot_read_global_styles', $response, 401 );
     }
 
@@ -271 +301 @@
      * @covers WP_REST_Global_Styles_Controller::get_theme_item
      * @ticket 54516
-     */
-    public function test_get_theme_item_permission_check() {
+     * @ticket 62042
+     */
+    public function test_get_theme_item_subscriber_permission_check() {
         wp_set_current_user( self::$subscriber_id );
         $request  = new WP_REST_Request( 'GET', '/wp/v2/global-styles/themes/tt1-blocks' );
         $response = rest_get_server()->dispatch( $request );
-        $this->assertErrorResponse( 'rest_cannot_manage_global_styles', $response, 403 );
+        $this->assertErrorResponse( 'rest_cannot_read_global_styles', $response, 403 );
+    }
+
+    /**
+     * @covers WP_REST_Global_Styles_Controller::get_theme_item
+     * @ticket 62042
+     */
+    public function test_get_theme_item_editor_permission_check() {
+        wp_set_current_user( self::$editor_id );
+        $request  = new WP_REST_Request( 'GET', '/wp/v2/global-styles/themes/tt1-blocks' );
+        $response = rest_get_server()->dispatch( $request );
+        // Checks that the response has the expected keys.
+        $data  = $response->get_data();
+        $links = $response->get_links();
+        $this->assertArrayHasKey( 'settings', $data, 'Data does not have "settings" key' );
+        $this->assertArrayHasKey( 'styles', $data, 'Data does not have "styles" key' );
+        $this->assertArrayHasKey( 'self', $links, 'Links do not have a "self" key' );
+    }
+
+    /**
+     * @covers WP_REST_Global_Styles_Controller_Gutenberg::get_theme_item
+     * @ticket 62042
+     */
+    public function test_get_theme_item_theme_options_manager_permission_check() {
+        wp_set_current_user( self::$theme_manager_id );
+        switch_theme( 'emptytheme' );
+        $request  = new WP_REST_Request( 'GET', '/wp/v2/global-styles/themes/emptytheme' );
+        $response = rest_get_server()->dispatch( $request );
+        // Checks that the response has the expected keys.
+        $data  = $response->get_data();
+        $links = $response->get_links();
+        $this->assertArrayHasKey( 'settings', $data, 'Data does not have "settings" key' );
+        $this->assertArrayHasKey( 'styles', $data, 'Data does not have "styles" key' );
+        $this->assertArrayHasKey( 'self', $links, 'Links do not have a "self" key' );
     }
 
@@ -608 +672 @@
      * of saving via the API.
      *
-     * @covers WP_REST_Global_Styles_Controller_Gutenberg::update_item
+     * @covers WP_REST_Global_Styles_Controller::update_item
      * @ticket 61312
      * @ticket 61451