|
@@ 899-910 (lines=12) @@
|
| 896 |
|
$this->assertArrayNotHasKey( 'administrator', $user->caps ); |
| 897 |
|
} |
| 898 |
|
|
| 899 |
|
public function test_update_user_role_invalid_privilege_escalation() { |
| 900 |
|
wp_set_current_user( $this->editor ); |
| 901 |
|
|
| 902 |
|
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $this->editor ) ); |
| 903 |
|
$request->set_param( 'roles', array( 'administrator' ) ); |
| 904 |
|
$response = $this->server->dispatch( $request ); |
| 905 |
|
|
| 906 |
|
$this->assertErrorResponse( 'rest_cannot_edit_roles', $response, 403 ); |
| 907 |
|
$user = get_userdata( $this->editor ); |
| 908 |
|
$this->assertArrayHasKey( 'editor', $user->caps ); |
| 909 |
|
$this->assertArrayNotHasKey( 'administrator', $user->caps ); |
| 910 |
|
} |
| 911 |
|
|
| 912 |
|
public function test_update_user_role_invalid_privilege_deescalation() { |
| 913 |
|
if ( is_multisite() ) { |
|
@@ 953-966 (lines=14) @@
|
| 950 |
|
} |
| 951 |
|
|
| 952 |
|
|
| 953 |
|
public function test_update_user_role_invalid_role() { |
| 954 |
|
wp_set_current_user( $this->user ); |
| 955 |
|
$this->allow_user_to_manage_multisite(); |
| 956 |
|
|
| 957 |
|
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $this->editor ) ); |
| 958 |
|
$request->set_param( 'roles', array( 'BeSharp' ) ); |
| 959 |
|
$response = $this->server->dispatch( $request ); |
| 960 |
|
|
| 961 |
|
$this->assertErrorResponse( 'rest_user_invalid_role', $response, 400 ); |
| 962 |
|
|
| 963 |
|
$user = get_userdata( $this->editor ); |
| 964 |
|
$this->assertArrayHasKey( 'editor', $user->caps ); |
| 965 |
|
$this->assertArrayNotHasKey( 'BeSharp', $user->caps ); |
| 966 |
|
} |
| 967 |
|
|
| 968 |
|
public function test_update_user_without_permission() { |
| 969 |
|
wp_set_current_user( $this->editor ); |
WP-API /
WP-API
