@@ 899-910 (lines=12) @@ | ||
896 | $this->assertArrayNotHasKey( 'administrator', $user->caps ); |
|
897 | } |
|
898 | ||
899 | public function test_update_user_role_invalid_privilege_escalation() { |
|
900 | wp_set_current_user( $this->editor ); |
|
901 | ||
902 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $this->editor ) ); |
|
903 | $request->set_param( 'roles', array( 'administrator' ) ); |
|
904 | $response = $this->server->dispatch( $request ); |
|
905 | ||
906 | $this->assertErrorResponse( 'rest_cannot_edit_roles', $response, 403 ); |
|
907 | $user = get_userdata( $this->editor ); |
|
908 | $this->assertArrayHasKey( 'editor', $user->caps ); |
|
909 | $this->assertArrayNotHasKey( 'administrator', $user->caps ); |
|
910 | } |
|
911 | ||
912 | public function test_update_user_role_invalid_privilege_deescalation() { |
|
913 | if ( is_multisite() ) { |
|
@@ 953-966 (lines=14) @@ | ||
950 | } |
|
951 | ||
952 | ||
953 | public function test_update_user_role_invalid_role() { |
|
954 | wp_set_current_user( $this->user ); |
|
955 | $this->allow_user_to_manage_multisite(); |
|
956 | ||
957 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $this->editor ) ); |
|
958 | $request->set_param( 'roles', array( 'BeSharp' ) ); |
|
959 | $response = $this->server->dispatch( $request ); |
|
960 | ||
961 | $this->assertErrorResponse( 'rest_user_invalid_role', $response, 400 ); |
|
962 | ||
963 | $user = get_userdata( $this->editor ); |
|
964 | $this->assertArrayHasKey( 'editor', $user->caps ); |
|
965 | $this->assertArrayNotHasKey( 'BeSharp', $user->caps ); |
|
966 | } |
|
967 | ||
968 | public function test_update_user_without_permission() { |
|
969 | wp_set_current_user( $this->editor ); |