@@ 806-817 (lines=12) @@ | ||
803 | $this->assertArrayNotHasKey( 'administrator', $user->caps ); |
|
804 | } |
|
805 | ||
806 | public function test_update_user_role_invalid_privilege_escalation() { |
|
807 | wp_set_current_user( $this->editor ); |
|
808 | ||
809 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $this->editor ) ); |
|
810 | $request->set_param( 'roles', array( 'administrator' ) ); |
|
811 | $response = $this->server->dispatch( $request ); |
|
812 | ||
813 | $this->assertErrorResponse( 'rest_cannot_edit_roles', $response, 403 ); |
|
814 | $user = get_userdata( $this->editor ); |
|
815 | $this->assertArrayHasKey( 'editor', $user->caps ); |
|
816 | $this->assertArrayNotHasKey( 'administrator', $user->caps ); |
|
817 | } |
|
818 | ||
819 | public function test_update_user_role_invalid_privilege_deescalation() { |
|
820 | if ( is_multisite() ) { |
|
@@ 860-873 (lines=14) @@ | ||
857 | } |
|
858 | ||
859 | ||
860 | public function test_update_user_role_invalid_role() { |
|
861 | wp_set_current_user( $this->user ); |
|
862 | $this->allow_user_to_manage_multisite(); |
|
863 | ||
864 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $this->editor ) ); |
|
865 | $request->set_param( 'roles', array( 'BeSharp' ) ); |
|
866 | $response = $this->server->dispatch( $request ); |
|
867 | ||
868 | $this->assertErrorResponse( 'rest_user_invalid_role', $response, 400 ); |
|
869 | ||
870 | $user = get_userdata( $this->editor ); |
|
871 | $this->assertArrayHasKey( 'editor', $user->caps ); |
|
872 | $this->assertArrayNotHasKey( 'BeSharp', $user->caps ); |
|
873 | } |
|
874 | ||
875 | public function test_update_user_without_permission() { |
|
876 | wp_set_current_user( $this->editor ); |