Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Switch to using current_user_can function to check capabilities

Browse Source
This commit is contained in:
Tautvidas Sipavičius
2017-11-06 18:09:38 +02:00
parent c9f1d38baa
commit c42cf2f622
4 changed files with 96 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
lib/Config/AccessControl.php
View File

@ -22,8 +22,6 @@ class AccessControl {
function __construct() { function __construct() {
$this->permissions = self::getDefaultPermissions(); $this->permissions = self::getDefaultPermissions();
$this->user_roles = $this->getUserRoles();
$this->user_capabilities = $this->getUserCapabilities();
} }
static function getDefaultPermissions() { static function getDefaultPermissions() {
@ -80,30 +78,8 @@ class AccessControl {
); );
} }
function getUserRoles() {
$user = wp_get_current_user();
return $user->roles;
}
function getUserCapabilities() {
$user = wp_get_current_user();
return array_keys($user->allcaps);
}
function getUserFirstCapability() {
return (!empty($this->user_capabilities)) ?
$this->user_capabilities[0] :
null;
}
function validatePermission($permission) { function validatePermission($permission) {
if($permission === self::NO_ACCESS_RESTRICTION) return true; if($permission === self::NO_ACCESS_RESTRICTION) return true;
foreach($this->user_roles as $role) { return current_user_can($permission);
$role_object = get_role($role);
if($role_object && $role_object->has_cap($permission)) {
return true;
}
}
return false;
} }
} }

49
tests/unit/API/JSON/APITest.php
View File

@ -143,7 +143,6 @@ class APITest extends \MailPoetTest {
'data' => array('test' => 'data') 'data' => array('test' => 'data')
); );
$access_control = new AccessControl(); $access_control = new AccessControl();
$access_control->user_roles = $access_control->permissions[AccessControl::PERMISSION_MANAGE_SETTINGS];
$api = Stub::make( $api = Stub::make(
new \MailPoet\API\JSON\API($access_control), new \MailPoet\API\JSON\API($access_control),
array( array(
@ -179,8 +178,10 @@ class APITest extends \MailPoetTest {
'api_version' => 'v1', 'api_version' => 'v1',
'data' => array('test' => 'data') 'data' => array('test' => 'data')
); );
$access_control = new AccessControl(); $access_control = Stub::make(
$access_control->user_roles = array(); new AccessControl(),
array('validatePermission' => false)
);
$api = new \MailPoet\API\JSON\API($access_control); $api = new \MailPoet\API\JSON\API($access_control);
$api->addEndpointNamespace($namespace['name'], $namespace['version']); $api->addEndpointNamespace($namespace['name'], $namespace['version']);
$api->setRequestData($data); $api->setRequestData($data);
@ -189,22 +190,36 @@ class APITest extends \MailPoetTest {
} }
function testItValidatesGlobalPermission() { function testItValidatesGlobalPermission() {
$access_control = new AccessControl();
$permissions = array( $permissions = array(
'global' => AccessControl::PERMISSION_MANAGE_SETTINGS, 'global' => AccessControl::PERMISSION_MANAGE_SETTINGS,
); );
$access_control->user_roles = array(); $access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return false;
})
)
);
$api = new JSONAPI($access_control); $api = new JSONAPI($access_control);
expect($api->validatePermissions(null, $permissions))->false(); expect($api->validatePermissions(null, $permissions))->false();
$access_control->user_roles = $access_control->permissions[AccessControl::PERMISSION_MANAGE_SETTINGS]; $access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return true;
})
)
);
$api = new JSONAPI($access_control); $api = new JSONAPI($access_control);
expect($api->validatePermissions(null, $permissions))->true(); expect($api->validatePermissions(null, $permissions))->true();
} }
function testItValidatesEndpointMethodPermission() { function testItValidatesEndpointMethodPermission() {
$access_control = new AccessControl();
$permissions = array( $permissions = array(
'global' => null, 'global' => null,
'methods' => array( 'methods' => array(
@ -212,11 +227,27 @@ class APITest extends \MailPoetTest {
) )
); );
$access_control->user_roles = array(); $access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return false;
})
)
);
$api = new JSONAPI($access_control); $api = new JSONAPI($access_control);
expect($api->validatePermissions('test', $permissions))->false(); expect($api->validatePermissions('test', $permissions))->false();
$access_control->user_roles = $access_control->permissions[AccessControl::PERMISSION_MANAGE_SETTINGS]; $access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return true;
})
)
);
$api = new JSONAPI($access_control); $api = new JSONAPI($access_control);
expect($api->validatePermissions('test', $permissions))->true(); expect($api->validatePermissions('test', $permissions))->true();
} }

16
tests/unit/Config/AccessControlTest.php
View File

@ -2,6 +2,9 @@
namespace MailPoet\Test\Config; namespace MailPoet\Test\Config;
use AspectMock\Test as Mock;
use Codeception\Util\Stub;
use Helper\WordPress as WPHelper;
use Helper\WordPressHooks as WPHooksHelper; use Helper\WordPressHooks as WPHooksHelper;
use MailPoet\Config\AccessControl; use MailPoet\Config\AccessControl;
use MailPoet\WP\Hooks; use MailPoet\WP\Hooks;
@ -103,7 +106,18 @@ class AccessControlTest extends \MailPoetTest {
expect(count($permissions))->equals(count($labels)); expect(count($permissions))->equals(count($labels));
} }
function testItValidatesIfUserHasCapability() {
$capability = 'some_capability';
$access_control = new AccessControl();
$func = Mock::func('MailPoet\Config', 'current_user_can', true);
expect($access_control->validatePermission($capability))->true();
$func->verifyInvoked([$capability]);
}
function _after() { function _after() {
WPHooksHelper::releaseAllHooks(); Mock::clean();
WPHelper::releaseAllFunctions();
} }
} }

42
tests/unit/Router/RouterTest.php
View File

@ -95,23 +95,37 @@ class RouterTest extends \MailPoetTest {
} }
function testItValidatesGlobalPermission() { function testItValidatesGlobalPermission() {
$access_control = new AccessControl();
$router = $this->router; $router = $this->router;
$permissions = array( $permissions = array(
'global' => AccessControl::PERMISSION_MANAGE_SETTINGS, 'global' => AccessControl::PERMISSION_MANAGE_SETTINGS,
); );
$access_control->user_roles = array(); $access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return false;
})
)
);
$router->access_control = $access_control; $router->access_control = $access_control;
expect($router->validatePermissions(null, $permissions))->false(); expect($router->validatePermissions(null, $permissions))->false();
$access_control->user_roles = $access_control->permissions[AccessControl::PERMISSION_MANAGE_SETTINGS]; $access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return true;
})
)
);
$router->access_control = $access_control; $router->access_control = $access_control;
expect($router->validatePermissions(null, $permissions))->true(); expect($router->validatePermissions(null, $permissions))->true();
} }
function testItValidatesEndpointActionPermission() { function testItValidatesEndpointActionPermission() {
$access_control = new AccessControl();
$router = $this->router; $router = $this->router;
$permissions = array( $permissions = array(
@ -121,11 +135,27 @@ class RouterTest extends \MailPoetTest {
) )
); );
$access_control->user_roles = array(); $access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return false;
})
)
);
$router->access_control = $access_control; $router->access_control = $access_control;
expect($router->validatePermissions('test', $permissions))->false(); expect($router->validatePermissions('test', $permissions))->false();
$access_control->user_roles = $access_control->permissions[AccessControl::PERMISSION_MANAGE_SETTINGS]; $access_control = Stub::make(
new AccessControl(),
array(
'validatePermission' => Stub::once(function($cap) {
expect($cap)->equals(AccessControl::PERMISSION_MANAGE_SETTINGS);
return true;
})
)
);
$router->access_control = $access_control; $router->access_control = $access_control;
expect($router->validatePermissions('test', $permissions))->true(); expect($router->validatePermissions('test', $permissions))->true();
} }