mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-02-07 08:04:27 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Tests: Add comments to clarify a REST API test for password protected posts.

Browse Source 
Authenticated users should only be allowed to read password protected content if they have the `edit_post` meta capability for the post. In other words, the content of a password protected post created by an Editor should not be viewable by a Contributor.

This commit aims to clarify the usage of a negative assertion `assertStringNotContainsString()` and describe the intention behind the test to avoid confusion.

Follow-up to [50717].

Fixes #56681.

git-svn-id: https://develop.svn.wordpress.org/trunk@54396 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2022-10-05 14:47:07 +00:00
parent b56106b814
commit aac3784618
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tests/phpunit/tests/rest-api/rest-posts-controller.php
View File

@ -1954,8 +1954,14 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
$this->assertErrorResponse( 'rest_forbidden', $response, 401 ); $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
} }
/**
* Tests that authenticated users are only allowed to read password protected content
* if they have the 'edit_post' meta capability for the post.
*/
public function test_get_post_draft_edit_context() { public function test_get_post_draft_edit_context() {
$post_content = 'Hello World!'; $post_content = 'Hello World!';
// Create a password protected post as an Editor.
self::factory()->post->create( self::factory()->post->create(
array( array(
'post_title' => 'Hola', 'post_title' => 'Hola',
@ -1965,6 +1971,8 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
'post_author' => self::$editor_id, 'post_author' => self::$editor_id,
) )
); );
// Create a draft with the Latest Posts block as a Contributor.
$draft_id = self::factory()->post->create( $draft_id = self::factory()->post->create(
array( array(
'post_status' => 'draft', 'post_status' => 'draft',
@ -1972,11 +1980,18 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
'post_content' => '<!-- wp:latest-posts {"displayPostContent":true} /--> <!-- wp:latest-posts {"displayPostContent":true,"displayPostContentRadio":"full_post"} /-->', 'post_content' => '<!-- wp:latest-posts {"displayPostContent":true} /--> <!-- wp:latest-posts {"displayPostContent":true,"displayPostContentRadio":"full_post"} /-->',
) )
); );
// Set the current user to Contributor and request the draft for editing.
wp_set_current_user( self::$contributor_id ); wp_set_current_user( self::$contributor_id );
$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', $draft_id ) ); $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', $draft_id ) );
$request->set_param( 'context', 'edit' ); $request->set_param( 'context', 'edit' );
$response = rest_get_server()->dispatch( $request ); $response = rest_get_server()->dispatch( $request );
$data = $response->get_data(); $data = $response->get_data();
/*
* Verify that the content of a password protected post created by an Editor
* is not viewable by a Contributor.
*/
$this->assertStringNotContainsString( $post_content, $data['content']['rendered'] ); $this->assertStringNotContainsString( $post_content, $data['content']['rendered'] );
} }