sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

REST API: Declare unfiltered_html capability in links. 

Because user capabilities can be modified at runtime, the REST API needs to expose them in some evaluated but declarative manner for clients to interpret. JSON Hyper Schema targetSchema provides an appropriate paradigm for doing so.

Merges [43682] to trunk.

Props timothyblynjacobs.

Fixes #45014.


git-svn-id: https://develop.svn.wordpress.org/trunk@43974 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Aaron Jorbin 2018-12-11 04:12:56 +00:00
parent 891394af73
commit 7f544b912b
2 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
View File

@ -1781,6 +1781,10 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
$rels[] = 'https://api.w.org/action-publish';
}
if ( current_user_can( 'unfiltered_html' ) ) {
$rels[] = 'https://api.w.org/action-unfiltered-html';
}
if ( 'post' === $post_type->name ) {
if ( current_user_can( $post_type->cap->edit_others_posts ) && current_user_can( $post_type->cap->publish_posts ) ) {
$rels[] = 'https://api.w.org/action-sticky';
@ -2190,6 +2194,22 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
);
}
$links[] = array(
'rel' => 'https://api.w.org/action-unfiltered-html',
'title' => __( 'The current user can post unfiltered HTML markup and JavaScript.' ),
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
'content' => array(
'raw' => array(
'type' => 'string',
),
),
),
),
);
if ( 'post' === $this->post_type ) {
$links[] = array(
'rel' => 'https://api.w.org/action-sticky',

36
tests/phpunit/tests/rest-api/rest-posts-controller.php
View File

@ -3992,6 +3992,42 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
$this->assertArrayHasKey( 'https://api.w.org/action-assign-tags', $links );
}
public function test_assign_unfiltered_html_action_superadmin() {
$post_id = self::factory()->post->create();
wp_set_current_user( self::$superadmin_id );
$request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id );
$request->set_param( 'context', 'edit' );
$response = rest_do_request( $request );
$links = $response->get_links();
$this->assertArrayHasKey( 'https://api.w.org/action-unfiltered-html', $links );
}
public function test_assign_unfiltered_html_action_editor() {
$post_id = self::factory()->post->create();
wp_set_current_user( self::$editor_id );
$request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id );
$request->set_param( 'context', 'edit' );
$response = rest_do_request( $request );
$links = $response->get_links();
// Editors can only unfiltered html on single site.
if ( is_multisite() ) {
$this->assertArrayNotHasKey( 'https://api.w.org/action-unfiltered-html', $links );
} else {
$this->assertArrayHasKey( 'https://api.w.org/action-unfiltered-html', $links );
}
}
public function test_assign_unfiltered_html_action_author() {
$post_id = self::factory()->post->create();
wp_set_current_user( self::$author_id );
$request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . $post_id );
$request->set_param( 'context', 'edit' );
$response = rest_do_request( $request );
$links = $response->get_links();
// Authors can't ever unfiltered html
$this->assertArrayNotHasKey( 'https://api.w.org/action-unfiltered-html', $links );
}
public function tearDown() {
_unregister_post_type( 'youseeeme' );
if ( isset( $this->attachment_id ) ) {