WP-API / WP-API

		$this->assertContains( '<' . $next_link . '>; rel="next"', $headers['Link'] );

	}

	public function test_get_items_private_filter_query_var() {

		// Private query vars inaccessible to unauthorized users

		wp_set_current_user( 0 );

		$draft_id = $this->factory->post->create( array( 'post_status' => 'draft' ) );

		$request = new WP_REST_Request( 'GET', '/wp/v2/posts' );

		$request->set_param( 'filter', array( 'post_status' => 'draft' ) );

		$response = $this->server->dispatch( $request );

		$data = $response->get_data();

		$this->assertCount( 1, $data );

		$this->assertEquals( $this->post_id, $data[0]['id'] );

		// But they are accessible to authorized users

		wp_set_current_user( $this->editor_id );

		$response = $this->server->dispatch( $request );

		$data = $response->get_data();

		$this->assertCount( 1, $data );

		$this->assertEquals( $draft_id, $data[0]['id'] );

	}

	public function test_get_items_invalid_context() {

		$request = new WP_REST_Request( 'GET', '/wp/v2/posts' );

		$this->assertEquals( $pw_before, $user->user_pass );

	}

	public function test_update_user_role() {

		$user_id = $this->factory->user->create( array( 'role' => 'administrator' ) );

		wp_set_current_user( $this->user );

		$this->allow_user_to_manage_multisite();

		$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $user_id ) );

		$request->set_param( 'roles', array( 'editor' ) );

		$response = $this->server->dispatch( $request );

		$new_data = $response->get_data();

		$this->assertEquals( 'editor', $new_data['roles'][0] );

		$this->assertNotEquals( 'administrator', $new_data['roles'][0] );

		$user = get_userdata( $user_id );

		$this->assertArrayHasKey( 'editor', $user->caps );

		$this->assertArrayNotHasKey( 'administrator', $user->caps );

	}

	public function test_update_user_role_invalid_privilege_escalation() {

		wp_set_current_user( $this->editor );