When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it.

Fixes #33694


git-svn-id: https://develop.svn.wordpress.org/trunk@35747 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn
2015-11-29 02:24:15 +00:00
parent 518805f447
commit da2acf666a
2 changed files with 50 additions and 10 deletions

View File

@@ -981,6 +981,40 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
$this->assertTrue( current_user_can( 'edit_user', $user->ID ) );
}
/**
* @ticket 33694
*/
function test_contributor_cannot_edit_scheduled_post() {
// Add a contributor
$contributor = $this->factory->user->create_and_get( array(
'role' => 'contributor',
) );
// Give them a scheduled post
$post = $this->factory->post->create_and_get( array(
'post_author' => $contributor->ID,
'post_status' => 'future',
) );
// Ensure contributor can't edit or trash the post
$this->assertFalse( user_can( $contributor->ID, 'edit_post', $post->ID ) );
$this->assertFalse( user_can( $contributor->ID, 'delete_post', $post->ID ) );
// Test the tests
$this->assertTrue( defined( 'EMPTY_TRASH_DAYS' ) );
$this->assertNotEmpty( EMPTY_TRASH_DAYS );
// Trash it
$trashed = wp_trash_post( $post->ID );
$this->assertNotEmpty( $trashed );
// Ensure contributor can't edit, un-trash, or delete the post
$this->assertFalse( user_can( $contributor->ID, 'edit_post', $post->ID ) );
$this->assertFalse( user_can( $contributor->ID, 'delete_post', $post->ID ) );
}
function test_multisite_administrator_with_manage_network_users_can_edit_users() {
if ( ! is_multisite() ) {
$this->markTestSkipped( 'Test only runs in multisite' );