vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-05-19 18:54:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

REST API: Add update and delete endpoints to /users/me

Browse Source 
Now that /users/me is a standalone resource, it should have all the standard endpoints for a resource.

Props pento.
Fixes #38521 (hopefully).


git-svn-id: https://develop.svn.wordpress.org/trunk@39092 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan McCue
2016-11-02 06:52:30 +00:00
parent 603d38f02e
commit 1f9c6904bc
2 changed files with 173 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
tests/phpunit/tests/rest-api/rest-users-controller.php
View File

@@ -956,6 +956,15 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
$user = get_userdata( self::$editor );
$this->assertArrayHasKey( 'editor', $user->caps );
$this->assertArrayNotHasKey( 'administrator', $user->caps );
$request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' );
$request->set_param( 'roles', array( 'administrator' ) );
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_cannot_edit_roles', $response, 403 );
$user = get_userdata( self::$editor );
$this->assertArrayHasKey( 'editor', $user->caps );
$this->assertArrayNotHasKey( 'administrator', $user->caps );
}
public function test_update_user_role_invalid_privilege_deescalation() {
@@ -976,6 +985,16 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
$user = get_userdata( $user_id );
$this->assertArrayHasKey( 'administrator', $user->caps );
$this->assertArrayNotHasKey( 'editor', $user->caps );
$request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' );
$request->set_param( 'roles', array( 'editor' ) );
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_user_invalid_role', $response, 403 );
$user = get_userdata( $user_id );
$this->assertArrayHasKey( 'administrator', $user->caps );
$this->assertArrayNotHasKey( 'editor', $user->caps );
}
public function test_update_user_role_privilege_deescalation_multisite() {
@@ -996,6 +1015,20 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
$new_data = $response->get_data();
$this->assertEquals( 'editor', $new_data['roles'][0] );
$this->assertNotEquals( 'administrator', $new_data['roles'][0] );
$user_id = $this->factory->user->create( array( 'role' => 'administrator' ) );
wp_set_current_user( $user_id );
$user = wp_get_current_user();
update_site_option( 'site_admins', array( $user->user_login ) );
$request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' );
$request->set_param( 'roles', array( 'editor' ) );
$response = $this->server->dispatch( $request );
$new_data = $response->get_data();
$this->assertEquals( 'editor', $new_data['roles'][0] );
$this->assertNotEquals( 'administrator', $new_data['roles'][0] );
}
@@ -1012,6 +1045,16 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
$user = get_userdata( self::$editor );
$this->assertArrayHasKey( 'editor', $user->caps );
$this->assertArrayNotHasKey( 'BeSharp', $user->caps );
$request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' );
$request->set_param( 'roles', array( 'BeSharp' ) );
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_user_invalid_role', $response, 400 );
$user = get_userdata( self::$editor );
$this->assertArrayHasKey( 'editor', $user->caps );
$this->assertArrayNotHasKey( 'BeSharp', $user->caps );
}
public function test_update_user_without_permission() {
@@ -1029,6 +1072,13 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_cannot_edit', $response, 403 );
$request = new WP_REST_Request( 'PUT', '/wp/v2/users/me' );
$request->add_header( 'content-type', 'application/x-www-form-urlencoded' );
$request->set_body_params( $params );
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_user_invalid_argument', $response, 400 );
}
public function test_update_user_invalid_id() {
@@ -1066,6 +1116,22 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
$this->assertEquals( 'Deleted User', $data['name'] );
}
public function test_delete_current_item() {
$user_id = $this->factory->user->create( array( 'role' => 'administrator', 'display_name' => 'Deleted User' ) );
wp_set_current_user( $user_id );
$user = wp_get_current_user();
update_site_option( 'site_admins', array( $user->user_login ) );
$request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
$request['force'] = true;
$response = $this->server->dispatch( $request );
$this->assertEquals( 200, $response->get_status() );
$data = $response->get_data();
$this->assertEquals( 'Deleted User', $data['name'] );
}
public function test_delete_item_no_trash() {
$user_id = $this->factory->user->create( array( 'display_name' => 'Deleted User' ) );
@@ -1082,6 +1148,23 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
$this->assertNotEmpty( $user );
}
public function test_delete_current_item_no_trash() {
$user_id = $this->factory->user->create( array( 'role' => 'administrator' ) );
wp_set_current_user( $user_id );
$user = wp_get_current_user();
update_site_option( 'site_admins', array( $user->user_login ) );
$userdata = get_userdata( $user_id ); // cache for later
$request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_trash_not_supported', $response, 501 );
// Ensure the user still exists
$user = get_user_by( 'id', $user_id );
$this->assertNotEmpty( $user );
}
public function test_delete_user_without_permission() {
$user_id = $this->factory->user->create();
@@ -1093,6 +1176,12 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_user_cannot_delete', $response, 403 );
$request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
$request['force'] = true;
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_user_cannot_delete', $response, 403 );
}
public function test_delete_user_invalid_id() {