funtion to check read and write perm and read test

2017-12-26 20:08:15 -02:00 · 2017-12-26 20:08:15 -02:00 · b1f8759a6b
parent 5bbe4ebe7e
commit b1f8759a6b
2 changed files with 126 additions and 2 deletions
--- a/src/classes/repositories/class-tainacan-repository.php
+++ b/src/classes/repositories/class-tainacan-repository.php
@ -65,13 +65,15 @@ abstract class Repository {
 	 * @throws \Exception
 	 */
 	public function insert($obj) {
+		
+		if(!user_can(get_current_user_id(), 'edit'))
+		
 		// validate
 		if ( in_array($obj->get_status(), apply_filters('tainacan-status-validation', ['publish','future','private'])) && !$obj->get_validated()){
 			throw new \Exception('Entities must be validated before you can save them');
            // TODO: Throw Warning saying you must validate object before insert()
 		}
 		
-		
 		$map = $this->get_map();
 		
 		// First iterate through the native post properties
@ -417,6 +419,98 @@ abstract class Repository {
     */
    public abstract function register_post_type();
    
+    /**
+     * Check if $user can edit/create a repository the entity
+     * @param Entities\Entity $entity
+     * @param int|\WP_User $user default is null for the current user
+     * @return boolean
+     */
+    public function can_edit($entity, $user = null) {
+    	if(is_null($user)) {
+    		$user = get_current_user_id();
+    	}
+    	elseif(is_object($user)) {
+    		$user = $user->ID;
+    	}
+    	
+    	$name = $entity::get_post_type();
+    	if($name === false) {
+    		return user_can($user, 'edit');
+    	}
+    	
+    	/*'edit_'.$name,
+    	'edit_'.$name.'s',
+    	'edit_private_'.$name.'s',
+    	'edit_published_'.$name.'s',
+    	'edit_published_'.$name,
+    	'edit_others_'.$name.'s',
+    	'edit_others_'.$name,*/
+    	$status = $entity->get_status();
+    	$owner_id = $entity->WP_Post->post_author;
+    	
+    	/** Treat owner post edit **/
+    	if($user == $owner_id) {
+    		if($status == 'publish') {
+    			return user_can('edit_published_'.$name);
+    		}
+    		else {
+    			return user_can($user, 'edit_'.$name);
+    		}
+    	}
+    	elseif(user_can($user, 'edit_others_'.$name)) {
+    		if($status == 'publish') {
+    			return user_can('edit_published_'.$name);
+    		}
+    		elseif($status == 'private') {
+    			return 'edit_private_'.$name.'s';
+    		}
+    		else {
+    			return true;
+    		}
+    	}
+    	return false;
+    }
+    
+    /**
+     * Check if $user can read the entity
+     * @param Entities\Entity $entity
+     * @param int|\WP_User $user default is null for the current user
+     * @return boolean
+     */
+    public function can_read($entity, $user = null) {
+    	if(is_null($user)) {
+    		$user = get_current_user_id();
+    	}
+    	elseif(is_object($user)) {
+    		$user = $user->ID;
+    	}
+    	
+   		$name = $entity::get_post_type();
+   		if($name === false)
+   		{
+   			return user_can($user, 'read');
+   		}
+    	
+    	$status = $entity->get_status();
+    	
+    	if($status == 'private') {
+    		return user_can($user, 'read_private_'.$name.'s');
+    	}
+    	else {
+    		return user_can($user, 'read_'.$name);
+    	}
+    	return false;
+    }
+    
+    /**
+     * Check if $user can publish the entity
+     * @param Entities\Entity $entity
+     * @param int|\WP_User $user default is null for the current user
+     * @return boolean
+     */
+    public function can_publish($entity, $user = null) {
+    	
+    }
 }

 ?>
--- a/tests/test-collections.php
+++ b/tests/test-collections.php
@ -17,11 +17,41 @@ class Collections extends TAINACAN_UnitTestCase {
 	 * @group permissions
 	 */
 	function test_permissions () {
+		$x = $this->tainacan_entity_factory->create_entity(
+			'collection',
+			array(
+				'name'          => 'testeCaps',
+				'description'   => 'adasdasdsa',
+				'default_order' => 'DESC'
+			),
+			true
+		);
 		$new_user = $this->factory()->user->create(array( 'role' => 'subscriber' ));
 		wp_set_current_user($new_user);
 		$user_id = get_current_user_id();
 		$this->assertEquals($new_user, $user_id);
-		//TODO test collection insert, update, save, fetch permissions
+		
+		global $Tainacan_Collections;
+		$this->assertTrue($Tainacan_Collections->can_read($x));
+		
+		$autor1 = $this->factory()->user->create(array( 'role' => 'author' ));
+		wp_set_current_user($autor1);
+		$autor1_id = get_current_user_id();
+		$x = $this->tainacan_entity_factory->create_entity(
+			'collection',
+			array(
+				'name'          => 'testeCapsOwner',
+				'description'   => 'adasdasdsa',
+				'default_order' => 'DESC'
+			),
+			true
+		);
+		$this->assertEquals($autor1_id, $x->WP_Post->post_author);
+		$autor2 = $this->factory()->user->create(array( 'role' => 'author' ));
+		wp_set_current_user($autor2);
+		$current_user_id = get_current_user_id();
+		$this->assertEquals($autor2, $current_user_id);
+		$this->assertFalse($Tainacan_Collections->can_edit($x, $current_user_id));
 	}
 	
 	/**