Index: wp-testcase/test-xmlrpc-api/test_wp_editPost.php
===================================================================
--- wp-testcase/test-xmlrpc-api/test_wp_editPost.php	(revision 0)
+++ wp-testcase/test-xmlrpc-api/test_wp_editPost.php	(working copy)
@@ -0,0 +1,124 @@
+<?php
+include_once(ABSPATH . 'wp-admin/includes/admin.php');
+include_once(ABSPATH . WPINC . '/class-IXR.php');
+include_once(ABSPATH . WPINC . '/class-wp-xmlrpc-server.php');
+
+class TestXMLRPCServer_wp_editPost extends WPTestCase {
+	var $user_ids = array();
+
+	function setUp() {
+
+		parent::setUp();
+		// keep track of users we create
+		$this->user_ids = array();
+		$this->_flush_roles();
+
+		$this->orig_users = get_users_of_blog();
+		add_filter( 'pre_option_enable_xmlrpc', '__return_true' );
+
+		$this->_make_user( 'subscriber', 'subscriber', 'subscriber' );
+		$this->_make_user( 'contributor', 'contributor', 'contributor' );
+		$this->_make_user( 'author', 'author', 'author' );
+		$this->_make_user( 'editor', 'editor', 'editor' );
+
+		$this->myxmlrpcserver = new wp_xmlrpc_server();
+	}
+
+	function tearDown() {
+		parent::tearDown();
+		// delete any users that were created during tests
+		foreach ($this->user_ids as $id)
+			wp_delete_user($id);
+
+		remove_filter( 'pre_option_enable_xmlrpc', '__return_true' );
+	}
+
+	function _flush_roles() {
+		// we want to make sure we're testing against the db, not just in-memory data
+		// this will flush everything and reload it from the db
+		unset( $GLOBALS['wp_user_roles'] );
+	}
+
+	function test_invalid_username_password() {
+		$result = $this->myxmlrpcserver->wp_editPost( array( 1, 'username', 'password' ) );
+		$this->assertInstanceOf( 'IXR_Error', $result );
+		$this->assertEquals( 403, $result->code );
+	}
+
+	function test_edit_own_post() {
+		$contributor_id = get_user_by( 'login', 'contributor' )->ID;
+		$post = array( 'post_title' => 'Post test', 'post_author' => $contributor_id );
+		$post_id = wp_insert_post( $post );
+
+		$new_title = 'Post test (updated)';
+		$post2 = array( 'post_title' => $new_title );
+		$result = $this->myxmlrpcserver->wp_editPost( array( 1, 'contributor', 'contributor', $post_id, $post2 ) );
+		$this->assertNotInstanceOf( 'IXR_Error', $result );
+		$this->assertTrue($result);
+
+		$out = wp_get_single_post( $post_id );
+		$this->assertEquals( $new_title, $out->post_title );
+	}
+
+	function test_capable_edit_others_post() {
+		$contributor_id = get_user_by( 'login', 'contributor' )->ID;
+		$post = array( 'post_title' => 'Post test', 'post_author' => $contributor_id );
+		$post_id = wp_insert_post( $post );
+
+		$new_title = 'Post test (updated)';
+		$post2 = array( 'post_title' => $new_title );
+		$result = $this->myxmlrpcserver->wp_editPost( array( 1, 'editor', 'editor', $post_id, $post2 ) );
+		$this->assertNotInstanceOf( 'IXR_Error', $result );
+		$this->assertTrue($result);
+
+		$out = wp_get_single_post( $post_id );
+		$this->assertEquals( $new_title, $out->post_title );
+	}
+
+	function test_incapable_edit_others_post() {
+		$author_id = get_user_by( 'login', 'author' )->ID;
+		$original_title = 'Post test';
+		$post = array( 'post_title' => $original_title, 'post_author' => $author_id );
+		$post_id = wp_insert_post( $post );
+
+		$new_title = 'Post test (updated)';
+		$post2 = array( 'post_title' => $new_title );
+		$result = $this->myxmlrpcserver->wp_editPost( array( 1, 'contributor', 'contributor', $post_id, $post2 ) );
+		$this->assertInstanceOf( 'IXR_Error', $result );
+		$this->assertEquals( 401, $result->code );
+
+		$out = wp_get_single_post( $post_id );
+		$this->assertEquals( $original_title, $out->post_title );
+	}
+
+	function test_capable_reassign_author() {
+		$contributor_id = get_user_by( 'login', 'contributor' )->ID;
+		$post = array( 'post_title' => 'Post test', 'post_author' => $contributor_id );
+		$post_id = wp_insert_post( $post );
+
+		$author_id = get_user_by( 'login', 'author' )->ID;
+		$post2 = array( 'post_author' => $author_id );
+		$result = $this->myxmlrpcserver->wp_editPost( array( 1, 'editor', 'editor', $post_id, $post2 ) );
+		$this->assertNotInstanceOf( 'IXR_Error', $result );
+		$this->assertTrue($result);
+
+		$out = wp_get_single_post( $post_id );
+		$this->assertEquals( $author_id, $out->post_author );
+	}
+
+	function test_incapable_reassign_author() {
+		$contributor_id = get_user_by( 'login', 'contributor' )->ID;
+		$post = array( 'post_title' => 'Post test', 'post_author' => $contributor_id );
+		$post_id = wp_insert_post( $post );
+
+		$author_id = get_user_by( 'login', 'author' )->ID;
+		$post2 = array( 'post_author' => $author_id );
+		$result = $this->myxmlrpcserver->wp_editPost( array( 1, 'contributor', 'contributor', $post_id, $post2 ) );
+		$this->assertInstanceOf( 'IXR_Error', $result );
+		$this->assertEquals( 401, $result->code );
+
+		$out = wp_get_single_post( $post_id );
+		$this->assertEquals( $contributor_id, $out->post_author );
+	}
+
+}
Index: wp-testcase/test-xmlrpc-api/test_wp_newPost.php
===================================================================
--- wp-testcase/test-xmlrpc-api/test_wp_newPost.php	(revision 526)
+++ wp-testcase/test-xmlrpc-api/test_wp_newPost.php	(working copy)
@@ -15,6 +15,13 @@
 
 		$this->orig_users = get_users_of_blog();
 		add_filter( 'pre_option_enable_xmlrpc', '__return_true' );
+
+		$this->_make_user( 'subscriber', 'subscriber', 'subscriber' );
+		$this->_make_user( 'contributor', 'contributor', 'contributor' );
+		$this->_make_user( 'author', 'author', 'author' );
+		$this->_make_user( 'editor', 'editor', 'editor' );
+
+		$this->myxmlrpcserver = new wp_xmlrpc_server();
 	}
 
 	function tearDown() {
@@ -33,27 +40,81 @@
 	}
 
 	function test_invalid_username_password() {
-		$myxmlrpcserver = new wp_xmlrpc_server();
-		$result = $myxmlrpcserver->wp_newPost( array( 1, 'username', 'password' ) );
+		$result = $this->myxmlrpcserver->wp_newPost( array( 1, 'username', 'password' ) );
 		$this->assertInstanceOf( 'IXR_Error', $result );
 		$this->assertEquals( 403, $result->code );
 	}
 
 	function test_incapable_user() {
-		$this->_make_user( 'subscriber', 'subscriber', 'subscriber' );
-		$myxmlrpcserver = new wp_xmlrpc_server();
-		$result = $myxmlrpcserver->wp_newPost( array( 1, 'subscriber', 'subscriber' ) );
+		$result = $this->myxmlrpcserver->wp_newPost( array( 1, 'subscriber', 'subscriber' ) );
 		$this->assertInstanceOf( 'IXR_Error', $result );
 		$this->assertEquals( 401, $result->code );
 	}
 
 	function test_no_content() {
-		$this->_make_user( 'author', 'author', 'author' );
-		$myxmlrpcserver = new wp_xmlrpc_server();
-		$result = $myxmlrpcserver->wp_newPost( array( 1, 'author', 'author' ) );
+		$result = $this->myxmlrpcserver->wp_newPost( array( 1, 'author', 'author' ) );
 		$this->assertInstanceOf( 'IXR_Error', $result );
 		$this->assertEquals( 500, $result->code );
 		$this->assertEquals( 'Content, title, and excerpt are empty.', $result->message );
 	}
 
-}
\ No newline at end of file
+	function test_basic_content() {
+		$post = array( 'post_title' => 'Test' );
+		$result = $this->myxmlrpcserver->wp_newPost( array( 1, 'author', 'author', $post ) );
+		$this->assertNotInstanceOf( 'IXR_Error', $result );
+		$this->assertStringMatchesFormat( '%d', $result );
+	}
+
+	function test_ignore_id() {
+		$post = array( 'post_title' => 'Test', 'ID' => 103948 );
+		$result = $this->myxmlrpcserver->wp_newPost( array( 1, 'author', 'author', $post ) );
+		$this->assertNotInstanceOf( 'IXR_Error', $result );
+		$this->assertNotEquals( '103948', $result );
+	}
+
+	function test_capable_publish() {
+		$post = array( 'post_title' => 'Test', 'post_status' => 'publish' );
+		$result = $this->myxmlrpcserver->wp_newPost( array( 1, 'author', 'author', $post ) );
+		$this->assertNotInstanceOf( 'IXR_Error', $result );
+	}
+
+	function test_incapable_publish() {
+		$post = array( 'post_title' => 'Test', 'post_status' => 'publish' );
+		$result = $this->myxmlrpcserver->wp_newPost( array( 1, 'contributor', 'contributor', $post ) );
+		$this->assertInstanceOf( 'IXR_Error', $result );
+		$this->assertEquals( 401, $result->code );
+	}
+
+	function test_capable_other_author() {
+		$other_author_id = get_user_by( 'login', 'author' )->ID;
+		$post = array( 'post_title' => 'Test', 'post_author' => $other_author_id );
+		$result = $this->myxmlrpcserver->wp_newPost( array( 1, 'editor', 'editor', $post ) );
+		$this->assertNotInstanceOf( 'IXR_Error', $result );
+	}
+
+	function test_incapable_other_author() {
+		$other_author_id = get_user_by( 'login', 'author' )->ID;
+		$post = array( 'post_title' => 'Test', 'post_author' => $other_author_id );
+		$result = $this->myxmlrpcserver->wp_newPost( array( 1, 'contributor', 'contributor', $post ) );
+		$this->assertInstanceOf( 'IXR_Error', $result );
+		$this->assertEquals( 401, $result->code );
+	}
+
+	function test_invalid_author() {
+		$post = array( 'post_title' => 'Test', 'post_author' => 99999999 );
+		$result = $this->myxmlrpcserver->wp_newPost( array( 1, 'editor', 'editor', $post ) );
+		$this->assertInstanceOf( 'IXR_Error', $result );
+		$this->assertEquals( 404, $result->code );
+	}
+
+	function test_empty_author() {
+		$my_author_id = get_user_by( 'login', 'author' )->ID;
+		$post = array( 'post_title' => 'Test' );
+		$result = $this->myxmlrpcserver->wp_newPost( array( 1, 'author', 'author', $post ) );
+		$this->assertNotInstanceOf( 'IXR_Error', $result );
+
+		$out = wp_get_single_post( $result );
+		$this->assertEquals( $my_author_id, $out->post_author );
+	}
+
+}