vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-31 02:34:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

REST API: Add support for comments of password-protected posts.

Browse Source 
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.

Props flixos90, jnylen0.
Fixes #38692.

git-svn-id: https://develop.svn.wordpress.org/trunk@39349 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Joe Hoyle
2016-11-23 16:14:08 +00:00
parent 24abde4e54
commit 5d7118d63e
3 changed files with 172 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
tests/phpunit/tests/rest-api/rest-comments-controller.php
View File

@@ -146,6 +146,7 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
'page',
'parent',
'parent_exclude',
'password',
'per_page',
'post',
'search',
@@ -167,6 +168,69 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
$this->assertCount( 7, $comments );
}
/**
* @ticket 38692
*/
public function test_get_items_with_password() {
wp_set_current_user( 0 );
$args = array(
'comment_approved' => 1,
'comment_post_ID' => self::$password_id,
);
$password_comment = $this->factory->comment->create( $args );
$request = new WP_REST_Request( 'GET', '/wp/v2/comments' );
$request->set_param( 'password', 'toomanysecrets' );
$request->set_param( 'post', self::$password_id );
$response = $this->server->dispatch( $request );
$this->assertEquals( 200, $response->get_status() );
$collection_data = $response->get_data();
$this->assertTrue( in_array( $password_comment, wp_list_pluck( $collection_data, 'id' ), true ) );
}
/**
* @ticket 38692
*/
public function test_get_items_with_password_without_post() {
wp_set_current_user( 0 );
$args = array(
'comment_approved' => 1,
'comment_post_ID' => self::$password_id,
);
$password_comment = $this->factory->comment->create( $args );
$request = new WP_REST_Request( 'GET', '/wp/v2/comments' );
$request->set_param( 'password', 'toomanysecrets' );
$response = $this->server->dispatch( $request );
$this->assertEquals( 200, $response->get_status() );
$collection_data = $response->get_data();
$this->assertFalse( in_array( $password_comment, wp_list_pluck( $collection_data, 'id' ), true ) );
}
/**
* @ticket 38692
*/
public function test_get_items_with_password_with_multiple_post() {
wp_set_current_user( 0 );
$args = array(
'comment_approved' => 1,
'comment_post_ID' => self::$password_id,
);
$password_comment = $this->factory->comment->create( $args );
$request = new WP_REST_Request( 'GET', '/wp/v2/comments' );
$request->set_param( 'password', 'toomanysecrets' );
$request->set_param( 'post', array( self::$password_id, self::$post_id ) );
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_cannot_read_post', $response, 401 );
}
public function test_get_password_items_without_edit_post_permission() {
wp_set_current_user( 0 );
@@ -853,6 +917,25 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
$this->assertErrorResponse( 'rest_cannot_read', $response, 403 );
}
/**
* @ticket 38692
*/
public function test_get_comment_with_password_with_valid_password() {
wp_set_current_user( self::$subscriber_id );
$args = array(
'comment_approved' => 1,
'comment_post_ID' => self::$password_id,
);
$password_comment = $this->factory->comment->create( $args );
$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/comments/%s', $password_comment ) );
$request->set_param( 'password', 'toomanysecrets' );
$response = $this->server->dispatch( $request );
$this->assertEquals( 200, $response->get_status() );
}
public function test_create_item() {
wp_set_current_user( self::$admin_id );
@@ -1727,6 +1810,44 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
$this->assertErrorResponse( 'comment_content_column_length', $response, 400 );
}
public function test_create_comment_without_password() {
wp_set_current_user( self::$subscriber_id );
$params = array(
'post' => self::$password_id,
'author_name' => 'Bleeding Gums Murphy',
'author_email' => 'murphy@gingivitis.com',
'author_url' => 'http://jazz.gingivitis.com',
'content' => 'This isn\'t a saxophone. It\'s an umbrella.',
);
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
$request->add_header( 'content-type', 'application/json' );
$request->set_body( wp_json_encode( $params ) );
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_cannot_read_post', $response, 403 );
}
public function test_create_comment_with_password() {
add_filter( 'rest_allow_anonymous_comments', '__return_true' );
$params = array(
'post' => self::$password_id,
'author_name' => 'Bleeding Gums Murphy',
'author_email' => 'murphy@gingivitis.com',
'author_url' => 'http://jazz.gingivitis.com',
'content' => 'This isn\'t a saxophone. It\'s an umbrella.',
'password' => 'toomanysecrets',
);
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
$request->add_header( 'content-type', 'application/json' );
$request->set_body( wp_json_encode( $params ) );
$response = $this->server->dispatch( $request );
$this->assertEquals( 201, $response->get_status() );
}
public function test_update_item() {
$post_id = $this->factory->post->create();