mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-06-28 22:30:04 +00:00
REST API: Require the reassign parameter when deleting users.
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts. This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost. Props jeremyfelt. Fixes #39000. git-svn-id: https://develop.svn.wordpress.org/trunk@39426 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -1639,7 +1639,8 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
|
||||
|
||||
$userdata = get_userdata( $user_id ); // cache for later
|
||||
$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
|
||||
$request['force'] = true;
|
||||
$request->set_param( 'force', true );
|
||||
$request->set_param( 'reassign', false );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertEquals( 200, $response->get_status() );
|
||||
@@ -1657,6 +1658,7 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
|
||||
$userdata = get_userdata( $user_id ); // cache for later
|
||||
|
||||
$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
|
||||
$request->set_param( 'reassign', false );
|
||||
$response = $this->server->dispatch( $request );
|
||||
$this->assertErrorResponse( 'rest_trash_not_supported', $response, 501 );
|
||||
|
||||
@@ -1678,6 +1680,7 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
|
||||
|
||||
$request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
|
||||
$request['force'] = true;
|
||||
$request->set_param( 'reassign', false );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertEquals( 200, $response->get_status() );
|
||||
@@ -1694,6 +1697,7 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
|
||||
update_site_option( 'site_admins', array( $user->user_login ) );
|
||||
|
||||
$request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
|
||||
$request->set_param( 'reassign', false );
|
||||
$response = $this->server->dispatch( $request );
|
||||
$this->assertErrorResponse( 'rest_trash_not_supported', $response, 501 );
|
||||
|
||||
@@ -1714,12 +1718,14 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
|
||||
|
||||
$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
|
||||
$request['force'] = true;
|
||||
$request->set_param( 'reassign', false );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'rest_user_cannot_delete', $response, 403 );
|
||||
|
||||
$request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
|
||||
$request['force'] = true;
|
||||
$request->set_param( 'reassign', false );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'rest_user_cannot_delete', $response, 403 );
|
||||
@@ -1731,6 +1737,7 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
|
||||
|
||||
$request = new WP_REST_Request( 'DELETE', '/wp/v2/users/100' );
|
||||
$request['force'] = true;
|
||||
$request->set_param( 'reassign', false );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'rest_user_invalid_id', $response, 404 );
|
||||
@@ -1778,6 +1785,96 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
|
||||
$this->assertErrorResponse( 'rest_user_invalid_reassign', $response, 400 );
|
||||
}
|
||||
|
||||
public function test_delete_user_invalid_reassign_passed_as_string() {
|
||||
$user_id = $this->factory->user->create();
|
||||
|
||||
$this->allow_user_to_manage_multisite();
|
||||
wp_set_current_user( self::$user );
|
||||
|
||||
$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
|
||||
$request['force'] = true;
|
||||
$request->set_param( 'reassign', 'null' );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
|
||||
}
|
||||
|
||||
public function test_delete_user_reassign_passed_as_boolean_false_trashes_post() {
|
||||
$user_id = $this->factory->user->create();
|
||||
|
||||
$this->allow_user_to_manage_multisite();
|
||||
wp_set_current_user( self::$user );
|
||||
|
||||
$test_post = $this->factory->post->create(array(
|
||||
'post_author' => $user_id,
|
||||
));
|
||||
|
||||
$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
|
||||
$request['force'] = true;
|
||||
$request->set_param( 'reassign', false );
|
||||
$this->server->dispatch( $request );
|
||||
|
||||
$test_post = get_post( $test_post );
|
||||
$this->assertEquals( 'trash', $test_post->post_status );
|
||||
}
|
||||
|
||||
public function test_delete_user_reassign_passed_as_string_false_trashes_post() {
|
||||
$user_id = $this->factory->user->create();
|
||||
|
||||
$this->allow_user_to_manage_multisite();
|
||||
wp_set_current_user( self::$user );
|
||||
|
||||
$test_post = $this->factory->post->create(array(
|
||||
'post_author' => $user_id,
|
||||
));
|
||||
|
||||
$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
|
||||
$request['force'] = true;
|
||||
$request->set_param( 'reassign', 'false' );
|
||||
$this->server->dispatch( $request );
|
||||
|
||||
$test_post = get_post( $test_post );
|
||||
$this->assertEquals( 'trash', $test_post->post_status );
|
||||
}
|
||||
|
||||
public function test_delete_user_reassign_passed_as_empty_string_trashes_post() {
|
||||
$user_id = $this->factory->user->create();
|
||||
|
||||
$this->allow_user_to_manage_multisite();
|
||||
wp_set_current_user( self::$user );
|
||||
|
||||
$test_post = $this->factory->post->create(array(
|
||||
'post_author' => $user_id,
|
||||
));
|
||||
|
||||
$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
|
||||
$request['force'] = true;
|
||||
$request->set_param( 'reassign', '' );
|
||||
$this->server->dispatch( $request );
|
||||
|
||||
$test_post = get_post( $test_post );
|
||||
$this->assertEquals( 'trash', $test_post->post_status );
|
||||
}
|
||||
|
||||
public function test_delete_user_reassign_passed_as_0_reassigns_author() {
|
||||
$user_id = $this->factory->user->create();
|
||||
|
||||
$this->allow_user_to_manage_multisite();
|
||||
wp_set_current_user( self::$user );
|
||||
|
||||
$test_post = $this->factory->post->create(array(
|
||||
'post_author' => $user_id,
|
||||
));
|
||||
|
||||
$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
|
||||
$request['force'] = true;
|
||||
$request->set_param( 'reassign', 0 );
|
||||
$this->server->dispatch( $request );
|
||||
|
||||
$test_post = get_post( $test_post );
|
||||
$this->assertEquals( 0, $test_post->post_author );
|
||||
}
|
||||
|
||||
public function test_get_item_schema() {
|
||||
$request = new WP_REST_Request( 'OPTIONS', '/wp/v2/users' );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
Reference in New Issue
Block a user