|
@@ 806-817 (lines=12) @@
|
| 803 |
|
$this->assertArrayNotHasKey( 'administrator', $user->caps ); |
| 804 |
|
} |
| 805 |
|
|
| 806 |
|
public function test_update_user_role_invalid_privilege_escalation() { |
| 807 |
|
wp_set_current_user( $this->editor ); |
| 808 |
|
|
| 809 |
|
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $this->editor ) ); |
| 810 |
|
$request->set_param( 'roles', array( 'administrator' ) ); |
| 811 |
|
$response = $this->server->dispatch( $request ); |
| 812 |
|
|
| 813 |
|
$this->assertErrorResponse( 'rest_cannot_edit_roles', $response, 403 ); |
| 814 |
|
$user = get_userdata( $this->editor ); |
| 815 |
|
$this->assertArrayHasKey( 'editor', $user->caps ); |
| 816 |
|
$this->assertArrayNotHasKey( 'administrator', $user->caps ); |
| 817 |
|
} |
| 818 |
|
|
| 819 |
|
public function test_update_user_role_invalid_privilege_deescalation() { |
| 820 |
|
if ( is_multisite() ) { |
|
@@ 860-873 (lines=14) @@
|
| 857 |
|
} |
| 858 |
|
|
| 859 |
|
|
| 860 |
|
public function test_update_user_role_invalid_role() { |
| 861 |
|
wp_set_current_user( $this->user ); |
| 862 |
|
$this->allow_user_to_manage_multisite(); |
| 863 |
|
|
| 864 |
|
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $this->editor ) ); |
| 865 |
|
$request->set_param( 'roles', array( 'BeSharp' ) ); |
| 866 |
|
$response = $this->server->dispatch( $request ); |
| 867 |
|
|
| 868 |
|
$this->assertErrorResponse( 'rest_user_invalid_role', $response, 400 ); |
| 869 |
|
|
| 870 |
|
$user = get_userdata( $this->editor ); |
| 871 |
|
$this->assertArrayHasKey( 'editor', $user->caps ); |
| 872 |
|
$this->assertArrayNotHasKey( 'BeSharp', $user->caps ); |
| 873 |
|
} |
| 874 |
|
|
| 875 |
|
public function test_update_user_without_permission() { |
| 876 |
|
wp_set_current_user( $this->editor ); |
WP-API /
WP-API
