validate caps on roles endpoint #274
This commit is contained in:
leogermani
parent
58621f3538
commit
0b1460cd1a
|
|
@ -46,7 +46,8 @@ class REST_Roles_Controller extends REST_Controller {
|
|||
),
|
||||
'capabilities' => array(
|
||||
'description' => __('Array of capabilities, where the keys are capability slugs and values are booleans', 'tainacan'),
|
||||
'required' => false
|
||||
'required' => false,
|
||||
'validate_callback' => [$this, 'validate_roles_capabilities_arg']
|
||||
),
|
||||
)
|
||||
),
|
||||
|
|
@ -70,7 +71,8 @@ class REST_Roles_Controller extends REST_Controller {
|
|||
),
|
||||
'capabilities' => array(
|
||||
'description' => __('Array of capabilities, where the keys are capability slugs and values are booleans', 'tainacan'),
|
||||
'required' => false
|
||||
'required' => false,
|
||||
'validate_callback' => [$this, 'validate_roles_capabilities_arg']
|
||||
),
|
||||
)
|
||||
),
|
||||
|
|
@ -328,6 +330,18 @@ class REST_Roles_Controller extends REST_Controller {
|
|||
return false;
|
||||
}
|
||||
|
||||
public function validate_roles_capabilities_arg($value, $request, $param) {
|
||||
if ( is_array($value) ) {
|
||||
foreach ($value as $cap => $val) {
|
||||
if ( ! in_array($cap, \tainacan_roles()->get_all_caps_slugs() ) ) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $item
|
||||
* @param \WP_REST_Request $request
|
||||
|
|
|
|||
|
|
@ -117,6 +117,47 @@ class TAINACAN_REST_Roles_Controller extends TAINACAN_UnitApiTestCase {
|
|||
|
||||
}
|
||||
|
||||
public function test_edit_role_validation() {
|
||||
|
||||
$request = new \WP_REST_Request('POST', $this->namespace . '/roles');
|
||||
|
||||
$request->set_query_params(['name' => 'New role']);
|
||||
|
||||
$create = $this->server->dispatch($request);
|
||||
//var_dump($create);
|
||||
$this->assertEquals( 201, $create->get_status() );
|
||||
|
||||
$request = new \WP_REST_Request('PATCH', $this->namespace . '/roles/tainacan-new-role');
|
||||
|
||||
$request->set_query_params(
|
||||
[
|
||||
'name' => 'Changed name',
|
||||
'capabilities' => [
|
||||
'manage_options' => true
|
||||
]
|
||||
]
|
||||
);
|
||||
|
||||
$response = $this->server->dispatch($request);
|
||||
|
||||
$this->assertEquals( 400, $response->get_status() );
|
||||
|
||||
|
||||
$request = new \WP_REST_Request('PATCH', $this->namespace . '/roles/tainacan-new-role');
|
||||
|
||||
$request->set_query_params(
|
||||
[
|
||||
'name' => 'Changed name',
|
||||
'add_cap' => 'manage_options'
|
||||
]
|
||||
);
|
||||
|
||||
$response = $this->server->dispatch($request);
|
||||
|
||||
$this->assertEquals( 400, $response->get_status() );
|
||||
|
||||
}
|
||||
|
||||
public function test_get_role() {
|
||||
$request = new \WP_REST_Request('GET', $this->namespace . '/roles/administrator');
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue