tmdinosaurcenter
/
tainacan
mirror of https://github.com/tainacan/tainacan
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

open context edit #274 

context edit was basicaluu only hiding entity permissions.
No sensitive information. Removed cause needed in front-end
If sensitive info is added, check shoud be done when building response
This commit is contained in:
leogermani 2019-12-09 18:16:35 -03:00
parent 221e6b3ab8
commit 907d0df7b9
9 changed files with 10 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/api/endpoints/class-tainacan-rest-collections-controller.php
View File

@ -252,10 +252,6 @@ class REST_Collections_Controller extends REST_Controller {
* @throws \Exception * @throws \Exception
*/ */
public function get_items_permissions_check($request){ public function get_items_permissions_check($request){
if ( 'edit' === $request['context'] && ! current_user_can($this->collections_repository->get_capabilities()->edit_posts) ) {
return false;
}
return true; return true;
} }
@ -270,10 +266,6 @@ class REST_Collections_Controller extends REST_Controller {
$collection = $this->collections_repository->fetch($request['collection_id']); $collection = $this->collections_repository->fetch($request['collection_id']);
if(($collection instanceof Entities\Collection)) { if(($collection instanceof Entities\Collection)) {
if('edit' === $request['context'] && !$collection->can_edit()) {
return false;
}
return $collection->can_read(); return $collection->can_read();
} }

7
src/api/endpoints/class-tainacan-rest-filters-controller.php
View File

@ -398,9 +398,6 @@ class REST_Filters_Controller extends REST_Controller {
*/ */
public function get_items_permissions_check( $request ) { public function get_items_permissions_check( $request ) {
if(!isset($request['collection_id'])) { if(!isset($request['collection_id'])) {
if ( 'edit' === $request['context'] && ! $this->filter_repository->can_edit( new Entities\Filter() ) ) {
return false;
}
return true; return true;
} }
@ -447,10 +444,6 @@ class REST_Filters_Controller extends REST_Controller {
$filter = $this->filter_repository->fetch($request['filter_id']); $filter = $this->filter_repository->fetch($request['filter_id']);
if(($filter instanceof Entities\Filter)) { if(($filter instanceof Entities\Filter)) {
if('edit' === $request['context'] && !$filter->can_edit()) {
return false;
}
return $filter->can_read(); return $filter->can_read();
} }

4
src/api/endpoints/class-tainacan-rest-item-metadata-controller.php
View File

@ -164,10 +164,6 @@ class REST_Item_Metadata_Controller extends REST_Controller {
$item = $this->item_repository->fetch($request['item_id']); $item = $this->item_repository->fetch($request['item_id']);
if(($item instanceof Entities\Item)) { if(($item instanceof Entities\Item)) {
if('edit' === $request['context'] && !$item->can_edit()) {
return false;
}
return $item->can_read(); return $item->can_read();
} }

8
src/api/endpoints/class-tainacan-rest-items-controller.php
View File

@ -413,10 +413,6 @@ class REST_Items_Controller extends REST_Controller {
$item = $this->items_repository->fetch($request['item_id']); $item = $this->items_repository->fetch($request['item_id']);
if(($item instanceof Entities\Item)) { if(($item instanceof Entities\Item)) {
if('edit' === $request['context'] && !$item->can_edit()) {
return false;
}
return $item->can_read(); return $item->can_read();
} }
@ -431,10 +427,6 @@ class REST_Items_Controller extends REST_Controller {
public function get_items_permissions_check( $request ) { public function get_items_permissions_check( $request ) {
$collection = $this->collections_repository->fetch($request['collection_id']); $collection = $this->collections_repository->fetch($request['collection_id']);
if('edit' === $request['context'] && !is_user_logged_in()) {
return false;
}
if ( isset($request['taxquery']) && !$this->get_items_permissions_check_for_taxonomy($request['taxquery']) ) { if ( isset($request['taxquery']) && !$this->get_items_permissions_check_for_taxonomy($request['taxquery']) ) {
return false; return false;
} }

11
src/api/endpoints/class-tainacan-rest-logs-controller.php
View File

@ -38,17 +38,6 @@ class REST_Logs_Controller extends REST_Controller {
'methods' => \WP_REST_Server::READABLE, 'methods' => \WP_REST_Server::READABLE,
'callback' => array($this, 'get_item'), 'callback' => array($this, 'get_item'),
'permission_callback' => array($this, 'get_item_permissions_check'), 'permission_callback' => array($this, 'get_item_permissions_check'),
'args' => array(
'context' => array(
'type' => 'string',
'default' => 'view',
'description' => 'The context in which the request is made.',
'enum' => array(
'view',
'edit'
)
),
),
), ),
'schema' => [$this, 'get_schema'] 'schema' => [$this, 'get_schema']
) )

8
src/api/endpoints/class-tainacan-rest-metadata-controller.php
View File

@ -180,10 +180,6 @@ class REST_Metadata_Controller extends REST_Controller {
$metadatum = $this->metadatum_repository->fetch($request['metadatum_id']); $metadatum = $this->metadatum_repository->fetch($request['metadatum_id']);
if ( $metadatum instanceof Entities\Metadatum ) { if ( $metadatum instanceof Entities\Metadatum ) {
if ( $request['context'] === 'edit' && ! $metadatum->can_edit() ) {
return false;
}
return $metadatum->can_read(); return $metadatum->can_read();
} }
@ -400,10 +396,6 @@ class REST_Metadata_Controller extends REST_Controller {
if(!isset($request['collection_id'])) { if(!isset($request['collection_id'])) {
if ( 'edit' === $request['context'] && ! $this->metadatum_repository->can_edit( new Entities\Filter() ) ) {
return false;
}
return true; return true;
} }

8
src/api/endpoints/class-tainacan-rest-taxonomies-controller.php
View File

@ -220,10 +220,6 @@ class REST_Taxonomies_Controller extends REST_Controller {
$taxonomy = $this->taxonomy_repository->fetch($request['taxonomy_id']); $taxonomy = $this->taxonomy_repository->fetch($request['taxonomy_id']);
if(($taxonomy instanceof Entities\Taxonomy)) { if(($taxonomy instanceof Entities\Taxonomy)) {
if('edit' === $request['context'] && !$taxonomy->can_edit()) {
return false;
}
return $taxonomy->can_read(); return $taxonomy->can_read();
} }
@ -338,9 +334,7 @@ class REST_Taxonomies_Controller extends REST_Controller {
* @return bool|\WP_Error * @return bool|\WP_Error
*/ */
public function get_items_permissions_check( $request ) { public function get_items_permissions_check( $request ) {
if('edit' === $request['context'] && !is_user_logged_in()) {
return false;
}
// if(!$this->taxonomy_repository->can_read($this->taxonomy)) { // if(!$this->taxonomy_repository->can_read($this->taxonomy)) {
// return false; // return false;
// } // }

4
src/api/endpoints/class-tainacan-rest-terms-controller.php
View File

@ -358,10 +358,6 @@ class REST_Terms_Controller extends REST_Controller {
$taxonomy = $this->taxonomy_repository->fetch($request['taxonomy_id']); $taxonomy = $this->taxonomy_repository->fetch($request['taxonomy_id']);
if(($taxonomy instanceof Entities\Taxonomy)) { if(($taxonomy instanceof Entities\Taxonomy)) {
if('edit' === $request['context'] && !$taxonomy->can_edit()) {
return false;
}
return $taxonomy->can_read(); return $taxonomy->can_read();
} }

52
tests/test-api-visibility-objects.php
View File

@ -9,7 +9,7 @@ class TAINACAN_REST_Visibilility_Controller extends TAINACAN_UnitApiTestCase {
/* /*
setup initail: initial setup:
create taxonomy_public create taxonomy_public
create term-a-public create term-a-public
create term-b-public create term-b-public
@ -23,43 +23,6 @@ class TAINACAN_REST_Visibilility_Controller extends TAINACAN_UnitApiTestCase {
create item-a create item-a
create item-b create item-b
first-test:
user not logged
get terms of taxonomy_public = 200
get terms of taxonomy_private = 401
get terms on context=edit of taxonomy_public = 401
get terms on context=edit of taxonomy_private = 401
second-test:
user logged
get terms of taxonomy_public = 200
get terms of taxonomy_private = 200
get terms on context=edit of taxonomy_public = 200
get terms on context=edit of taxonomy_private = 200
third-test:
user not logged
get taxonomies = 200 - 1 taxonomy
get taxonomies on context=edit of taxonomy_public = 401
fourth-test:
user logged
get taxonomies = 200 - 2 taxonomies
get taxonomies on context=edit = 200 - 2 taxonomies
fifth-test:
user logged
get items filter by taxonomy_public = 200
get items filter by taxonomy_private = 200
get items on context=edit filter by taxonomy_public = 200
get items on context=edit filter by taxonomy_private = 200
fifth-test:
user not logged
get items filter by taxonomy_public = 200
get items filter by taxonomy_private = 401
get items on context=edit filter by taxonomy_public = 401
get items on context=edit filter by taxonomy_private = 401
*/ */
public $collection; public $collection;
@ -275,7 +238,7 @@ class TAINACAN_REST_Visibilility_Controller extends TAINACAN_UnitApiTestCase {
$response = $this->server->dispatch($request_public_edit); $response = $this->server->dispatch($request_public_edit);
$status = $response->status; $status = $response->status;
$data = $response->get_data(); $data = $response->get_data();
$this->assertEquals(401, $status); $this->assertEquals(200, $status);
//tax private - context=edit: //tax private - context=edit:
$request_private_edit = new \WP_REST_Request( $request_private_edit = new \WP_REST_Request(
@ -324,14 +287,6 @@ class TAINACAN_REST_Visibilility_Controller extends TAINACAN_UnitApiTestCase {
$this->assertEquals(200, $status); $this->assertEquals(200, $status);
$this->assertEquals(1, sizeof($data)); $this->assertEquals(1, sizeof($data));
$request_public_edit = new \WP_REST_Request(
'GET', $this->namespace . '/taxonomies'
);
$request_public_edit->set_query_params(['context' => 'edit']);
$response = $this->server->dispatch($request_public_edit);
$status = $response->status;
$data = $response->get_data();
$this->assertEquals(401, $status);
} }
public function test_get_items_logged() { public function test_get_items_logged() {
@ -426,7 +381,7 @@ class TAINACAN_REST_Visibilility_Controller extends TAINACAN_UnitApiTestCase {
$response = $this->server->dispatch($request_public_edit); $response = $this->server->dispatch($request_public_edit);
$status = $response->status; $status = $response->status;
$data = $response->get_data(); $data = $response->get_data();
$this->assertEquals(401, $status); $this->assertEquals(200, $status);
//tax private: //tax private:
$request_private = new \WP_REST_Request( $request_private = new \WP_REST_Request(
@ -456,6 +411,7 @@ class TAINACAN_REST_Visibilility_Controller extends TAINACAN_UnitApiTestCase {
$data = $response->get_data(); $data = $response->get_data();
$this->assertEquals(401, $status); $this->assertEquals(401, $status);
} }
} }
?> ?>