mirror of
git://develop.git.wordpress.org/
synced 2025-03-15 01:19:51 +01:00
REST API: Declare unfiltered_html
capability in links.
Because user capabilities can be modified at runtime, the REST API needs to expose them in some evaluated but declarative manner for clients to interpret. JSON Hyper Schema `targetSchema` provides an appropriate paradigm for doing so. Props timothyblynjacobs. Fixes #45014. git-svn-id: https://develop.svn.wordpress.org/branches/5.0@43682 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
9dd758a32d
commit
d3488487cd
@ -1770,6 +1770,10 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
$rels[] = 'https://api.w.org/action-publish';
|
||||
}
|
||||
|
||||
if ( current_user_can( 'unfiltered_html' ) ) {
|
||||
$rels[] = 'https://api.w.org/action-unfiltered-html';
|
||||
}
|
||||
|
||||
if ( 'post' === $post_type->name ) {
|
||||
if ( current_user_can( $post_type->cap->edit_others_posts ) && current_user_can( $post_type->cap->publish_posts ) ) {
|
||||
$rels[] = 'https://api.w.org/action-sticky';
|
||||
@ -2179,6 +2183,22 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||
);
|
||||
}
|
||||
|
||||
$links[] = array(
|
||||
'rel' => 'https://api.w.org/action-unfiltered-html',
|
||||
'title' => __( 'The current user can post unfiltered HTML markup and JavaScript.' ),
|
||||
'href' => $href,
|
||||
'targetSchema' => array(
|
||||
'type' => 'object',
|
||||
'properties' => array(
|
||||
'content' => array(
|
||||
'raw' => array(
|
||||
'type' => 'string',
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
);
|
||||
|
||||
if ( 'post' === $this->post_type ) {
|
||||
$links[] = array(
|
||||
'rel' => 'https://api.w.org/action-sticky',
|
||||
|
@ -3590,6 +3590,42 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
|
||||
$this->assertArrayHasKey( 'https://api.w.org/action-assign-tags', $links );
|
||||
}
|
||||
|
||||
public function test_assign_unfiltered_html_action_superadmin() {
|
||||
$post_id = self::factory()->post->create();
|
||||
wp_set_current_user( self::$superadmin_id );
|
||||
$request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id );
|
||||
$request->set_param( 'context', 'edit' );
|
||||
$response = rest_do_request( $request );
|
||||
$links = $response->get_links();
|
||||
$this->assertArrayHasKey( 'https://api.w.org/action-unfiltered-html', $links );
|
||||
}
|
||||
|
||||
public function test_assign_unfiltered_html_action_editor() {
|
||||
$post_id = self::factory()->post->create();
|
||||
wp_set_current_user( self::$editor_id );
|
||||
$request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id );
|
||||
$request->set_param( 'context', 'edit' );
|
||||
$response = rest_do_request( $request );
|
||||
$links = $response->get_links();
|
||||
// Editors can only unfiltered html on single site.
|
||||
if ( is_multisite() ) {
|
||||
$this->assertArrayNotHasKey( 'https://api.w.org/action-unfiltered-html', $links );
|
||||
} else {
|
||||
$this->assertArrayHasKey( 'https://api.w.org/action-unfiltered-html', $links );
|
||||
}
|
||||
}
|
||||
|
||||
public function test_assign_unfiltered_html_action_author() {
|
||||
$post_id = self::factory()->post->create();
|
||||
wp_set_current_user( self::$author_id );
|
||||
$request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id );
|
||||
$request->set_param( 'context', 'edit' );
|
||||
$response = rest_do_request( $request );
|
||||
$links = $response->get_links();
|
||||
// Authors can't ever unfiltered html
|
||||
$this->assertArrayNotHasKey( 'https://api.w.org/action-unfiltered-html', $links );
|
||||
}
|
||||
|
||||
public function tearDown() {
|
||||
_unregister_post_type( 'youseeeme' );
|
||||
if ( isset( $this->attachment_id ) ) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user