sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

REST API: Ensure users with "moderate_comments" capability may edit comments. 

Props meloniq.
Fixes #47024.



git-svn-id: https://develop.svn.wordpress.org/trunk@46433 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
K. Adam White 2019-10-08 04:00:25 +00:00
parent 4e716dbce1
commit e17e5aab68
3 changed files with 46 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
View File

@ -1672,8 +1672,8 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
return false;
}
if ( ! current_user_can( 'moderate_comments' ) ) {
return false;
if ( current_user_can( 'moderate_comments' ) ) {
return true;
}
return current_user_can( 'edit_comment', $comment->comment_ID );

43
tests/phpunit/tests/rest-api/rest-comments-controller.php
View File

@ -13,6 +13,7 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
protected static $superadmin_id;
protected static $admin_id;
protected static $editor_id;
protected static $moderator_id;
protected static $subscriber_id;
protected static $author_id;
@ -27,6 +28,15 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
protected $endpoint;
public static function wpSetUpBeforeClass( $factory ) {
add_role(
'comment_moderator',
'Comment Moderator',
array(
'read' => true,
'moderate_comments' => true,
)
);
self::$superadmin_id = $factory->user->create(
array(
'role' => 'administrator',
@ -43,6 +53,11 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
'role' => 'editor',
)
);
self::$moderator_id = $factory->user->create(
array(
'role' => 'comment_moderator',
)
);
self::$subscriber_id = $factory->user->create(
array(
'role' => 'subscriber',
@ -98,9 +113,12 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
}
public static function wpTearDownAfterClass() {
remove_role( 'comment_moderator' );
self::delete_user( self::$superadmin_id );
self::delete_user( self::$admin_id );
self::delete_user( self::$editor_id );
self::delete_user( self::$moderator_id );
self::delete_user( self::$subscriber_id );
self::delete_user( self::$author_id );
@ -2480,6 +2498,31 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
$this->assertErrorResponse( 'rest_cannot_edit', $response, 401 );
}
/**
* @ticket 47024
*/
public function test_update_comment_when_can_moderate_comments() {
wp_set_current_user( self::$moderator_id );
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
$params = array(
'content' => 'Updated comment.',
'date' => '2019-10-07T23:14:25',
);
$request->add_header( 'content-type', 'application/json' );
$request->set_body( wp_json_encode( $params ) );
$response = rest_get_server()->dispatch( $request );
$this->assertEquals( 200, $response->get_status() );
$comment = $response->get_data();
$updated = get_comment( self::$approved_id );
$this->assertEquals( $params['content'], $updated->comment_content );
$this->assertEquals( self::$post_id, $comment['post'] );
$this->assertEquals( '2019-10-07T23:14:25', $comment['date'] );
}
public function test_update_comment_private_post_invalid_permission() {
$private_comment_id = $this->factory->comment->create(
array(

2
tests/qunit/fixtures/wp-api-generated.js
View File

@ -2304,7 +2304,7 @@ mockedApiResponse.Schema = {
}
]
},
"/wp/v2/media/(?P<id>[\\d+])/post-process": {
"/wp/v2/media/(?P<id>[\\d]+)/post-process": {
"namespace": "wp/v2",
"methods": [
"POST"