App Passwords: Introduce fine grained capabilities.

Previously, all permission checks for using app passwords were implemented using `edit_user`. This commit introduces a series of more fine grained meta capabilities that should be used instead: `create_app_password`, `list_app_passwords`, `read_app_password`, `edit_app_password`, `delete_app_password` and `delete_app_passwords`. These capabilities all map to `edit_user` by default, but may now be customized by developers.

Props johnbillion, TimothyBlynJacobs.
Fixes #51703.


git-svn-id: https://develop.svn.wordpress.org/trunk@50114 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Timothy Jacobs
2021-01-31 19:02:30 +00:00
parent dad20f8424
commit c8f974f2f5
4 changed files with 114 additions and 13 deletions

View File

@@ -190,7 +190,7 @@ class WP_Test_REST_Application_Passwords_Controller extends WP_Test_REST_Control
wp_set_current_user( self::$subscriber_id );
$response = rest_do_request( sprintf( '/wp/v2/users/%d/application-passwords', self::$admin ) );
$this->assertErrorResponse( 'rest_cannot_manage_application_passwords', $response, 403 );
$this->assertErrorResponse( 'rest_cannot_list_application_passwords', $response, 403 );
}
/**
@@ -272,7 +272,7 @@ class WP_Test_REST_Application_Passwords_Controller extends WP_Test_REST_Control
$uuid = $item['uuid'];
$response = rest_do_request( sprintf( '/wp/v2/users/%d/application-passwords/%s', self::$admin, $uuid ) );
$this->assertErrorResponse( 'rest_cannot_manage_application_passwords', $response, 403 );
$this->assertErrorResponse( 'rest_cannot_read_application_password', $response, 403 );
}
/**
@@ -394,7 +394,7 @@ class WP_Test_REST_Application_Passwords_Controller extends WP_Test_REST_Control
$request = new WP_REST_Request( 'POST', sprintf( '/wp/v2/users/%d/application-passwords', self::$admin ) );
$request->set_body_params( array( 'name' => 'App' ) );
$response = rest_do_request( $request );
$this->assertErrorResponse( 'rest_cannot_manage_application_passwords', $response, 403 );
$this->assertErrorResponse( 'rest_cannot_create_application_passwords', $response, 403 );
}
/**
@@ -500,7 +500,7 @@ class WP_Test_REST_Application_Passwords_Controller extends WP_Test_REST_Control
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d/application-passwords/%s', self::$admin, $uuid ) );
$request->set_body_params( array( 'name' => 'New App' ) );
$response = rest_do_request( $request );
$this->assertErrorResponse( 'rest_cannot_manage_application_passwords', $response, 403 );
$this->assertErrorResponse( 'rest_cannot_edit_application_password', $response, 403 );
}
/**
@@ -643,7 +643,7 @@ class WP_Test_REST_Application_Passwords_Controller extends WP_Test_REST_Control
$uuid = $item['uuid'];
$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d/application-passwords/%s', self::$admin, $uuid ) );
$response = rest_do_request( $request );
$this->assertErrorResponse( 'rest_cannot_manage_application_passwords', $response, 403 );
$this->assertErrorResponse( 'rest_cannot_delete_application_password', $response, 403 );
}
/**
@@ -747,7 +747,7 @@ class WP_Test_REST_Application_Passwords_Controller extends WP_Test_REST_Control
$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d/application-passwords', self::$admin ) );
$response = rest_do_request( $request );
$this->assertErrorResponse( 'rest_cannot_manage_application_passwords', $response, 403 );
$this->assertErrorResponse( 'rest_cannot_delete_application_passwords', $response, 403 );
}
/**

View File

@@ -522,7 +522,13 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
$expected['delete_user'],
$expected['edit_user_meta'],
$expected['delete_user_meta'],
$expected['add_user_meta']
$expected['add_user_meta'],
$expected['create_app_password'],
$expected['list_app_passwords'],
$expected['read_app_password'],
$expected['edit_app_password'],
$expected['delete_app_passwords'],
$expected['delete_app_password']
);
$expected = array_keys( $expected );