Changeset 14034
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-members/classes/class-bp-members-rest-controller.php
r14028 r14034 244 244 $member = reset( $member_query->results ); 245 245 246 $member = $this->prepare_item_for_response( $member, $request ); 247 $response = rest_ensure_response( $member ); 248 249 return $response; 246 $member = $this->prepare_item_for_response( $member, $request ); 247 248 return rest_ensure_response( $member ); 250 249 } 251 250 … … 258 257 * @since 15.0.0 259 258 * 260 * @param 259 * @param WP_REST_Request $request Full details about the request. 261 260 * @return true|WP_Error 262 261 */ … … 281 280 ) 282 281 ); 283 } elseif ( 'edit' === $request->get_param( 'context' ) ) { 284 if ( get_current_user_id() === $user->ID || bp_current_user_can( 'list_users' ) ) { 285 $retval = true; 286 } else { 287 $retval = new WP_Error( 288 'bp_rest_authorization_required', 289 __( 'Sorry, you are not allowed to view members with the edit context.', 'buddypress' ), 290 array( 291 'status' => rest_authorization_required_code(), 292 ) 293 ); 294 } 295 } else { 282 } elseif ( get_current_user_id() === $user->ID && ! bp_is_user_spammer( $user->ID ) ) { 283 $retval = true; 284 } elseif ( 'edit' === $request->get_param( 'context' ) && ! bp_current_user_can( 'list_users' ) ) { 285 $retval = new WP_Error( 286 'bp_rest_authorization_required', 287 __( 'Sorry, you are not allowed to view members with the edit context.', 'buddypress' ), 288 array( 'status' => rest_authorization_required_code() ) 289 ); 290 } elseif ( bp_current_user_can( 'bp_moderate' ) || ! bp_is_user_spammer( $user->ID ) ) { 296 291 $retval = true; 297 292 } -
trunk/tests/phpunit/testcases/members/test-controller.php
r14026 r14034 37 37 ) 38 38 ); 39 $request->set_param( 'context', 'view' );40 39 $response = $this->server->dispatch( $request ); 41 40 … … 65 64 ) 66 65 ); 67 $request->set_param( 'context', 'view' );68 66 $response = $this->server->dispatch( $request ); 69 67 … … 115 113 116 114 $members = $response->get_data(); 115 117 116 $this->assertNotEmpty( $members ); 118 119 $this->assertTrue( 3 === count( $members ) ); 117 $this->assertCount( 3, $members ); 120 118 121 119 $latest_activities = wp_list_pluck( $members, 'last_activity', 'id' ); … … 138 136 139 137 $request = new WP_REST_Request( 'GET', $this->endpoint_url ); 138 $request->set_param( 'context', 'view' ); 140 139 $request->set_query_params( 141 140 array( … … 146 145 ); 147 146 148 $request->set_param( 'context', 'view' );149 147 $response = $this->server->dispatch( $request ); 150 148 … … 183 181 184 182 $request = new WP_REST_Request( 'GET', $this->endpoint_url ); 183 $request->set_param( 'context', 'view' ); 185 184 $request->set_query_params( 186 185 array( … … 188 187 ) 189 188 ); 190 $request->set_param( 'context', 'view' );191 189 $response = $this->server->dispatch( $request ); 192 190 … … 541 539 542 540 $this->assertErrorResponse( 'bp_rest_member_invalid_id', $response, 404 ); 541 } 542 543 /** 544 * @group get_item 545 */ 546 public function test_get_spammed_user() { 547 $u = static::factory()->user->create(); 548 549 // Spam the user. 550 bp_core_process_spammer_status( $u, 'spam' ); 551 552 $this->assertTrue( bp_is_user_spammer( $u ) ); 553 554 $request = new WP_REST_Request( 'GET', sprintf( $this->endpoint_url . '/%d', $u ) ); 555 $request->set_param( 'context', 'view' ); 556 $response = $this->server->dispatch( $request ); 557 558 $this->assertErrorResponse( 'bp_rest_authorization_required', $response, rest_authorization_required_code() ); 559 } 560 561 /** 562 * @group get_item 563 */ 564 public function test_get_spammed_user_with_random_logged_in_user() { 565 $u = static::factory()->user->create(); 566 $u2 = static::factory()->user->create(); 567 568 // Spam the user. 569 bp_core_process_spammer_status( $u, 'spam' ); 570 571 $this->assertTrue( bp_is_user_spammer( $u ) ); 572 573 wp_set_current_user( $u2 ); 574 575 $request = new WP_REST_Request( 'GET', sprintf( $this->endpoint_url . '/%d', $u ) ); 576 $request->set_param( 'context', 'view' ); 577 $response = $this->server->dispatch( $request ); 578 579 $this->assertErrorResponse( 'bp_rest_authorization_required', $response, rest_authorization_required_code() ); 580 } 581 582 /** 583 * @group get_item 584 */ 585 public function test_get_spammed_user_with_spammed_user() { 586 $u = static::factory()->user->create(); 587 588 // Spam the user. 589 bp_core_process_spammer_status( $u, 'spam' ); 590 591 $this->assertTrue( bp_is_user_spammer( $u ) ); 592 593 wp_set_current_user( $u ); 594 595 $request = new WP_REST_Request( 'GET', sprintf( $this->endpoint_url . '/%d', $u ) ); 596 $request->set_param( 'context', 'view' ); 597 $response = $this->server->dispatch( $request ); 598 599 $this->assertErrorResponse( 'bp_rest_authorization_required', $response, rest_authorization_required_code() ); 600 } 601 602 /** 603 * @group get_item 604 */ 605 public function test_get_spammed_user_as_admin() { 606 $u = static::factory()->user->create(); 607 608 // Spam the user. 609 bp_core_process_spammer_status( $u, 'spam' ); 610 611 $this->assertTrue( bp_is_user_spammer( $u ) ); 612 613 wp_set_current_user( $this->user ); 614 615 $request = new WP_REST_Request( 'GET', sprintf( $this->endpoint_url . '/%d', $u ) ); 616 $request->set_param( 'context', 'view' ); 617 $response = $this->server->dispatch( $request ); 618 619 $this->assertEquals( 200, $response->get_status() ); 620 621 $member = $response->get_data(); 622 623 $this->assertNotEmpty( $member ); 624 $this->assertSame( $u, $member['id'] ); 543 625 } 544 626
Note: See TracChangeset
for help on using the changeset viewer.