vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-14 01:24:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Don't default to current user for capability checks when dealing with a post without an author (post_author = 0).

Browse Source 
Undoes [12053]. While it risks breakage, this is a far safer and saner default for these situations.

props danielbachhuber.
fixes #27020.


git-svn-id: https://develop.svn.wordpress.org/trunk@27390 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin
2014-03-04 03:08:54 +00:00
parent 1329d5ebc0
commit 5edec1d792
3 changed files with 59 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tests/phpunit/tests/user/mapMetaCap.php
View File

@@ -232,4 +232,18 @@ class Tests_User_MapMetaCap extends WP_UnitTestCase {
$this->assertEquals( array( 'update_core' ), map_meta_cap( 'update_core', $this->user_id ) );
$this->assertEquals( array( 'edit_plugins' ), map_meta_cap( 'edit_plugins', $this->user_id ) );
}
/**
* Test a post without an author.
*
* @ticket 27020
*/
function test_authorless_posts_capabilties() {
$post_id = $this->factory->post->create( array( 'post_author' => 0, 'post_type' => 'post', 'post_status' => 'publish' ) );
$editor = $this->factory->user->create( array( 'role' => 'editor' ) );
$this->assertEquals( array( 'edit_others_posts', 'edit_published_posts' ), map_meta_cap( 'edit_post', $editor, $post_id ) );
$this->assertEquals( array( 'delete_others_posts', 'delete_published_posts' ), map_meta_cap( 'delete_post', $editor, $post_id ) );
}
}