mirror of
git://develop.git.wordpress.org/
synced 2025-04-13 08:32:10 +02:00
REST API: Limit search_columns for users without list_users.
Props Vortfu, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis. git-svn-id: https://develop.svn.wordpress.org/trunk@56833 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jb Audras
parent
698880552f
commit
26007fbc48
@ -318,6 +318,9 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||
}
|
||||
|
||||
if ( ! empty( $prepared_args['search'] ) ) {
|
||||
if ( ! current_user_can( 'list_users' ) ) {
|
||||
$prepared_args['search_columns'] = array( 'ID', 'user_login', 'user_nicename', 'display_name' );
|
||||
}
|
||||
$prepared_args['search'] = '*' . $prepared_args['search'] . '*';
|
||||
}
|
||||
/**
|
||||
|
||||
@ -691,6 +691,25 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
|
||||
$this->assertSame( $adam_id, $data[0]['id'] );
|
||||
}
|
||||
|
||||
public function test_get_items_search_fields() {
|
||||
$request = new WP_REST_Request( 'GET', '/wp/v2/users' );
|
||||
$request->set_param( 'search', 'yololololo' );
|
||||
$response = rest_get_server()->dispatch( $request );
|
||||
$this->assertCount( 0, $response->get_data() );
|
||||
|
||||
$yolo_id = self::factory()->user->create( array( 'user_email' => 'yololololo@example.localhost' ) );
|
||||
|
||||
wp_set_current_user( self::$user );
|
||||
$request = new WP_REST_Request( 'GET', '/wp/v2/users' );
|
||||
$request->set_param( 'search', 'yololololo' );
|
||||
$response = rest_get_server()->dispatch( $request );
|
||||
$this->assertCount( 1, $response->get_data() );
|
||||
|
||||
wp_set_current_user( self::$editor );
|
||||
$response = rest_get_server()->dispatch( $request );
|
||||
$this->assertCount( 0, $response->get_data() );
|
||||
}
|
||||
|
||||
public function test_get_items_slug_query() {
|
||||
wp_set_current_user( self::$user );
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user