From d66ba1ee7a9135c2c704044a16be668a2f0a034d Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Mon, 31 Oct 2016 11:10:37 +0000 Subject: [PATCH] REST API: Allow a CSV list of user roles to be passed to `/users`. After [39048], this changes explicitly parses the list of user roles as slugs, and adds tests. Props jnylen0. Fixes #38557. git-svn-id: https://develop.svn.wordpress.org/trunk@39056 602fd350-edb4-49c9-b593-d223f7449a82 --- .../class-wp-rest-users-controller.php | 3 +++ .../tests/rest-api/rest-users-controller.php | 20 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php index d366c70371..45769808db 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php @@ -1010,6 +1010,9 @@ class WP_REST_Users_Controller extends WP_REST_Controller { 'type' => 'string', ), 'context' => array( 'edit' ), + 'arg_options' => array( + 'sanitize_callback' => 'wp_parse_slug_list', + ), ), 'password' => array( 'description' => __( 'Password for the resource (never included).' ), diff --git a/tests/phpunit/tests/rest-api/rest-users-controller.php b/tests/phpunit/tests/rest-api/rest-users-controller.php index 436f017975..23429c29c2 100644 --- a/tests/phpunit/tests/rest-api/rest-users-controller.php +++ b/tests/phpunit/tests/rest-api/rest-users-controller.php @@ -908,6 +908,26 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase { $this->assertArrayNotHasKey( 'administrator', $user->caps ); } + public function test_update_user_multiple_roles() { + $user_id = $this->factory->user->create( array( 'role' => 'administrator' ) ); + + wp_set_current_user( self::$user ); + $this->allow_user_to_manage_multisite(); + + $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/users/%d', $user_id ) ); + $request->set_param( 'roles', 'author,editor' ); + $response = $this->server->dispatch( $request ); + + $new_data = $response->get_data(); + + $this->assertEquals( array( 'author', 'editor' ), $new_data['roles'] ); + + $user = get_userdata( $user_id ); + $this->assertArrayHasKey( 'author', $user->caps ); + $this->assertArrayHasKey( 'editor', $user->caps ); + $this->assertArrayNotHasKey( 'administrator', $user->caps ); + } + public function test_update_user_role_invalid_privilege_escalation() { wp_set_current_user( self::$editor );