From bcc7f9e093145ed9c635ad1fcc15d7b5b074058e Mon Sep 17 00:00:00 2001
From: Scott Taylor <wonderboymusic@git.wordpress.org>
Date: Fri, 16 Jan 2015 01:48:36 +0000
Subject: [PATCH] In `WP_User`, `->get_role_caps()` and
 `->update_user_level_from_caps()` must be called inside `->add_cap()` and
 `->remove_cap()` after updating user meta. `->has_cap()` checks are currently
 failing directly after calling `->add_cap()`.

Adds unit test.

Props rachelbaker.
Fixes #28374.


git-svn-id: https://develop.svn.wordpress.org/trunk@31190 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/capabilities.php          |  9 +++++++--
 tests/phpunit/tests/user/capabilities.php | 16 ++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/capabilities.php b/src/wp-includes/capabilities.php
index 56ca7738a0..aa3bb2af2f 100644
--- a/src/wp-includes/capabilities.php
+++ b/src/wp-includes/capabilities.php
@@ -934,6 +934,8 @@ class WP_User {
 	public function add_cap( $cap, $grant = true ) {
 		$this->caps[$cap] = $grant;
 		update_user_meta( $this->ID, $this->cap_key, $this->caps );
+		$this->get_role_caps();
+		$this->update_user_level_from_caps();
 	}
 
 	/**
@@ -945,10 +947,13 @@ class WP_User {
 	 * @param string $cap Capability name.
 	 */
 	public function remove_cap( $cap ) {
-		if ( ! isset( $this->caps[$cap] ) )
+		if ( ! isset( $this->caps[ $cap ] ) ) {
 			return;
-		unset( $this->caps[$cap] );
+		}
+		unset( $this->caps[ $cap ] );
 		update_user_meta( $this->ID, $this->cap_key, $this->caps );
+		$this->get_role_caps();
+		$this->update_user_level_from_caps();
 	}
 
 	/**
diff --git a/tests/phpunit/tests/user/capabilities.php b/tests/phpunit/tests/user/capabilities.php
index ad50d64f3c..6903441752 100644
--- a/tests/phpunit/tests/user/capabilities.php
+++ b/tests/phpunit/tests/user/capabilities.php
@@ -694,4 +694,20 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
 
 		wp_set_current_user( $old_uid );
 	}
+
+	/**
+	 * @ticket 28374
+	 */
+	function test_current_user_edit_caps() {
+		$user = new WP_User( $this->factory->user->create( array( 'role' => 'contributor' ) ) );
+		wp_set_current_user( $user->ID );
+
+		$user->add_cap( 'publish_posts' );
+		$user->add_cap( 'publish_pages' );
+		$this->assertTrue( $user->has_cap( 'publish_posts' ) );
+		$this->assertTrue( $user->has_cap( 'publish_pages' ) );
+
+		$user->remove_cap( 'publish_pages' );
+		$this->assertFalse( $user->has_cap( 'publish_pages' ) );
+	}
 }