Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Switch to using current_user_can function to check capabilities

Browse Source
This commit is contained in:
Tautvidas Sipavičius
2017-11-06 18:09:38 +02:00
parent c9f1d38baa
commit c42cf2f622
4 changed files with 96 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
tests/unit/API/JSON/APITest.php
View File

@@ -143,7 +143,6 @@ class APITest extends \MailPoetTest {
'data' => array('test' => 'data')
);
$access_control = new AccessControl();
$access_control->user_roles = $access_control->permissions[AccessControl::PERMISSION_MANAGE_SETTINGS];
$api = Stub::make(
new \MailPoet\API\JSON\API($access_control),
array(
@@ -179,8 +178,10 @@ class APITest extends \MailPoetTest {
'api_version' => 'v1',
'data' => array('test' => 'data')
);
$access_control = new AccessControl();
$access_control->user_roles = array();
$access_control = Stub::make(
new AccessControl(),
array('validatePermission' => false)
);
$api = new \MailPoet\API\JSON\API($access_control);
$api->addEndpointNamespace($namespace['name'], $namespace['version']);
$api->setRequestData($data);
@@ -189,22 +190,36 @@ class APITest extends \MailPoetTest {
}
function testItValidatesGlobalPermission() {
$access_control = new AccessControl();
$permissions = array(
'global' => AccessControl::PERMISSION_MANAGE_SETTINGS,
);
$access_control->user_roles = array();
$access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return false;
})
)
);
$api = new JSONAPI($access_control);
expect($api->validatePermissions(null, $permissions))->false();
$access_control->user_roles = $access_control->permissions[AccessControl::PERMISSION_MANAGE_SETTINGS];
$access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return true;
})
)
);
$api = new JSONAPI($access_control);
expect($api->validatePermissions(null, $permissions))->true();
}
function testItValidatesEndpointMethodPermission() {
$access_control = new AccessControl();
$permissions = array(
'global' => null,
'methods' => array(
@@ -212,11 +227,27 @@ class APITest extends \MailPoetTest {
)
);
$access_control->user_roles = array();
$access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return false;
})
)
);
$api = new JSONAPI($access_control);
expect($api->validatePermissions('test', $permissions))->false();
$access_control->user_roles = $access_control->permissions[AccessControl::PERMISSION_MANAGE_SETTINGS];
$access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return true;
})
)
);
$api = new JSONAPI($access_control);
expect($api->validatePermissions('test', $permissions))->true();
}
@@ -245,4 +276,4 @@ class APITest extends \MailPoetTest {
WPHooksHelper::releaseAllHooks();
wp_delete_user($this->wp_user_id);
}
}
}