mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-03-15 01:19:51 +01:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity

REST API: Declare unfiltered_html capability in links.

Browse Source 
Because user capabilities can be modified at runtime, the REST API needs to expose them in some evaluated but declarative manner for clients to interpret. JSON Hyper Schema `targetSchema` provides an appropriate paradigm for doing so.

Props timothyblynjacobs.
Fixes #45014.


git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43682 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Daniel Bachhuber 2018-10-08 22:44:05 +00:00
parent 9dd758a32d
commit d3488487cd
2 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
View File

@ -1770,6 +1770,10 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
$rels[] = 'https://api.w.org/action-publish';
}
if ( current_user_can( 'unfiltered_html' ) ) {
$rels[] = 'https://api.w.org/action-unfiltered-html';
}
if ( 'post' === $post_type->name ) {
if ( current_user_can( $post_type->cap->edit_others_posts ) && current_user_can( $post_type->cap->publish_posts ) ) {
$rels[] = 'https://api.w.org/action-sticky';
@ -2179,6 +2183,22 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
);
}
$links[] = array(
'rel' => 'https://api.w.org/action-unfiltered-html',
'title' => __( 'The current user can post unfiltered HTML markup and JavaScript.' ),
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
'content' => array(
'raw' => array(
'type' => 'string',
),
),
),
),
);
if ( 'post' === $this->post_type ) {
$links[] = array(
'rel' => 'https://api.w.org/action-sticky',

36
tests/phpunit/tests/rest-api/rest-posts-controller.php
View File

@ -3590,6 +3590,42 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
$this->assertArrayHasKey( 'https://api.w.org/action-assign-tags', $links );
}
public function test_assign_unfiltered_html_action_superadmin() {
$post_id = self::factory()->post->create();
wp_set_current_user( self::$superadmin_id );
$request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id );
$request->set_param( 'context', 'edit' );
$response = rest_do_request( $request );
$links = $response->get_links();
$this->assertArrayHasKey( 'https://api.w.org/action-unfiltered-html', $links );
}
public function test_assign_unfiltered_html_action_editor() {
$post_id = self::factory()->post->create();
wp_set_current_user( self::$editor_id );
$request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id );
$request->set_param( 'context', 'edit' );
$response = rest_do_request( $request );
$links = $response->get_links();
// Editors can only unfiltered html on single site.
if ( is_multisite() ) {
$this->assertArrayNotHasKey( 'https://api.w.org/action-unfiltered-html', $links );
} else {
$this->assertArrayHasKey( 'https://api.w.org/action-unfiltered-html', $links );
}
}
public function test_assign_unfiltered_html_action_author() {
$post_id = self::factory()->post->create();
wp_set_current_user( self::$author_id );
$request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id );
$request->set_param( 'context', 'edit' );
$response = rest_do_request( $request );
$links = $response->get_links();
// Authors can't ever unfiltered html
$this->assertArrayNotHasKey( 'https://api.w.org/action-unfiltered-html', $links );
}
public function tearDown() {
_unregister_post_type( 'youseeeme' );
if ( isset( $this->attachment_id ) ) {