@@ 523-539 (lines=17) @@ | ||
520 | $this->assertContains( '<' . $next_link . '>; rel="next"', $headers['Link'] ); |
|
521 | } |
|
522 | ||
523 | public function test_get_items_private_filter_query_var() { |
|
524 | // Private query vars inaccessible to unauthorized users |
|
525 | wp_set_current_user( 0 ); |
|
526 | $draft_id = $this->factory->post->create( array( 'post_status' => 'draft' ) ); |
|
527 | $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); |
|
528 | $request->set_param( 'filter', array( 'post_status' => 'draft' ) ); |
|
529 | $response = $this->server->dispatch( $request ); |
|
530 | $data = $response->get_data(); |
|
531 | $this->assertCount( 1, $data ); |
|
532 | $this->assertEquals( $this->post_id, $data[0]['id'] ); |
|
533 | // But they are accessible to authorized users |
|
534 | wp_set_current_user( $this->editor_id ); |
|
535 | $response = $this->server->dispatch( $request ); |
|
536 | $data = $response->get_data(); |
|
537 | $this->assertCount( 1, $data ); |
|
538 | $this->assertEquals( $draft_id, $data[0]['id'] ); |
|
539 | } |
|
540 | ||
541 | public function test_get_items_invalid_context() { |
|
542 | $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); |
@@ 879-897 (lines=19) @@ | ||
876 | $this->assertEquals( $pw_before, $user->user_pass ); |
|
877 | } |
|
878 | ||
879 | public function test_update_user_role() { |
|
880 | $user_id = $this->factory->user->create( array( 'role' => 'administrator' ) ); |
|
881 | ||
882 | wp_set_current_user( $this->user ); |
|
883 | $this->allow_user_to_manage_multisite(); |
|
884 | ||
885 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $user_id ) ); |
|
886 | $request->set_param( 'roles', array( 'editor' ) ); |
|
887 | $response = $this->server->dispatch( $request ); |
|
888 | ||
889 | $new_data = $response->get_data(); |
|
890 | ||
891 | $this->assertEquals( 'editor', $new_data['roles'][0] ); |
|
892 | $this->assertNotEquals( 'administrator', $new_data['roles'][0] ); |
|
893 | ||
894 | $user = get_userdata( $user_id ); |
|
895 | $this->assertArrayHasKey( 'editor', $user->caps ); |
|
896 | $this->assertArrayNotHasKey( 'administrator', $user->caps ); |
|
897 | } |
|
898 | ||
899 | public function test_update_user_role_invalid_privilege_escalation() { |
|
900 | wp_set_current_user( $this->editor ); |