|
@@ 271-299 (lines=29) @@
|
| 268 |
|
* |
| 269 |
|
* @since 4.4.0 |
| 270 |
|
*/ |
| 271 |
|
public function test_disconnection_permission() { |
| 272 |
|
|
| 273 |
|
$this->load_rest_endpoints_direct(); |
| 274 |
|
|
| 275 |
|
// Current user doesn't have credentials, so checking permissions should fail |
| 276 |
|
$this->assertInstanceOf( 'WP_Error', Jetpack_Core_Json_Api_Endpoints::disconnect_site_permission_callback() ); |
| 277 |
|
|
| 278 |
|
$user = $this->create_and_get_user(); |
| 279 |
|
|
| 280 |
|
// Add Jetpack capability |
| 281 |
|
$user->add_cap( 'jetpack_disconnect' ); |
| 282 |
|
|
| 283 |
|
// Setup global variables so this is the current user |
| 284 |
|
wp_set_current_user( $user->ID ); |
| 285 |
|
|
| 286 |
|
// User is not admin, so this should still fail |
| 287 |
|
$this->assertInstanceOf( 'WP_Error', Jetpack_Core_Json_Api_Endpoints::manage_modules_permission_check() ); |
| 288 |
|
|
| 289 |
|
// Set user as admin |
| 290 |
|
$user->set_role( 'administrator' ); |
| 291 |
|
|
| 292 |
|
// Reset user and setup globals again to reflect the role change. |
| 293 |
|
wp_set_current_user( 0 ); |
| 294 |
|
wp_set_current_user( $user->ID ); |
| 295 |
|
|
| 296 |
|
// User has capability so this should work this time |
| 297 |
|
$this->assertTrue( Jetpack_Core_Json_Api_Endpoints::disconnect_site_permission_callback() ); |
| 298 |
|
|
| 299 |
|
} |
| 300 |
|
|
| 301 |
|
/** |
| 302 |
|
* Test permission to activate plugins. |
|
@@ 306-338 (lines=33) @@
|
| 303 |
|
* |
| 304 |
|
* @since 4.4.0 |
| 305 |
|
*/ |
| 306 |
|
public function test_plugin_activation_permission() { |
| 307 |
|
|
| 308 |
|
$this->load_rest_endpoints_direct(); |
| 309 |
|
|
| 310 |
|
// Current user doesn't have credentials, so checking permissions should fail |
| 311 |
|
$this->assertInstanceOf( 'WP_Error', REST_Connector::activate_plugins_permission_check() ); |
| 312 |
|
|
| 313 |
|
$user = $this->create_and_get_user(); |
| 314 |
|
|
| 315 |
|
// Add Jetpack capability |
| 316 |
|
$user->add_cap( 'jetpack_admin_page' ); |
| 317 |
|
|
| 318 |
|
// Setup global variables so this is the current user |
| 319 |
|
wp_set_current_user( $user->ID ); |
| 320 |
|
|
| 321 |
|
// Should fail because requires more capabilities |
| 322 |
|
$this->assertInstanceOf( 'WP_Error', REST_Connector::activate_plugins_permission_check() ); |
| 323 |
|
|
| 324 |
|
// Add Jetpack capability |
| 325 |
|
$user->add_cap( 'activate_plugins' ); |
| 326 |
|
// Multisite's require additional primitive capabilities. |
| 327 |
|
if ( is_multisite() ) { |
| 328 |
|
$user->add_cap( 'manage_network_plugins' ); |
| 329 |
|
} |
| 330 |
|
|
| 331 |
|
// Reset current user and setup global variables to refresh the capability we just added. |
| 332 |
|
wp_set_current_user( 0 ); |
| 333 |
|
wp_set_current_user( $user->ID ); |
| 334 |
|
|
| 335 |
|
// User has capability so this should work this time |
| 336 |
|
$this->assertTrue( REST_Connector::activate_plugins_permission_check() ); |
| 337 |
|
|
| 338 |
|
} |
| 339 |
|
|
| 340 |
|
/** |
| 341 |
|
* Test permission to disconnect Jetpack site for a user that is connected. |
Automattic /
jetpack
