Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/03/2024 06:19:06 PM (5 months ago)
Author:
espellcaste
Message:

A user is no longer de-authenticated when making REST API requests.

We are introducing a new BP_LoggedIn_User class to fetch data about a BuddyPress logged-in user. This new addition fixes an issue where a user could be de-authenticated when making REST API requests.

Props dcavins, DJPaul, johnjamesjacoby, and imath.

Closes https://github.com/buddypress/buddypress/pull/395
See #9229 and #9145
Fixes #7658

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/tests/phpunit/testcases/groups/activity.php

    r14026 r14070  
    117117        $old_user = get_current_user_id();
    118118        $u        = self::factory()->user->create();
    119         self::set_current_user( $u );
     119        wp_set_current_user( $u );
    120120
    121121        $group = self::factory()->group->create_and_get();
     
    143143        $this->assertSame( $expected, $a['activities'][0]->action );
    144144
    145         self::set_current_user( $old_user );
     145        wp_set_current_user( $old_user );
    146146    }
    147147
     
    153153        $old_user = get_current_user_id();
    154154        $u        = self::factory()->user->create();
    155         self::set_current_user( $u );
     155        wp_set_current_user( $u );
    156156
    157157        $group = self::factory()->group->create_and_get();
     
    179179        $this->assertSame( $expected, $a['activities'][0]->action );
    180180
    181         self::set_current_user( $old_user );
     181        wp_set_current_user( $old_user );
    182182    }
    183183
     
    189189        $old_user = get_current_user_id();
    190190        $u        = self::factory()->user->create();
    191         self::set_current_user( $u );
     191        wp_set_current_user( $u );
    192192
    193193        $group = self::factory()->group->create_and_get();
     
    216216        $this->assertSame( $expected, $a['activities'][0]->action );
    217217
    218         self::set_current_user( $old_user );
     218        wp_set_current_user( $old_user );
    219219    }
    220220
     
    226226        $old_user = get_current_user_id();
    227227        $u        = self::factory()->user->create();
    228         self::set_current_user( $u );
     228        wp_set_current_user( $u );
    229229
    230230        $group = self::factory()->group->create_and_get();
     
    252252        $this->assertSame( $expected, $a['activities'][0]->action );
    253253
    254         self::set_current_user( $old_user );
     254        wp_set_current_user( $old_user );
    255255    }
    256256
     
    357357        );
    358358
    359         self::set_current_user( $u1 );
     359        wp_set_current_user( $u1 );
    360360        if ( bp_has_activities( array( 'in' => $a ) ) ) {
    361361            while ( bp_activities() ) :
     
    366366        }
    367367
    368         self::set_current_user( $u2 );
     368        wp_set_current_user( $u2 );
    369369        if ( bp_has_activities( array( 'in' => $a ) ) ) {
    370370            while ( bp_activities() ) :
     
    375375        }
    376376
    377         self::set_current_user( $old_user );
     377        wp_set_current_user( $old_user );
    378378    }
    379379
     
    400400        $original_user = bp_loggedin_user_id();
    401401
    402         self::set_current_user( $u1 );
     402        wp_set_current_user( $u1 );
    403403
    404404        $g = self::factory()->group->create();
     
    432432
    433433        // User can delete his own activity.
    434         self::set_current_user( $u2 );
     434        wp_set_current_user( $u2 );
    435435        $this->assertTrue( bp_activity_user_can_delete( $activity ) );
    436436
    437437        // Activity from site admins can't be deleted by non site admins.
    438         self::set_current_user( $u2 );
     438        wp_set_current_user( $u2 );
    439439        $this->assertFalse( bp_activity_user_can_delete( $activity_b ) );
    440440
    441441        // Activity from site admins can be deleted by other site admins.
    442442        $site_admin = self::factory()->user->create( array( 'role' => 'administrator' ) );
    443         self::set_current_user( $site_admin );
     443        wp_set_current_user( $site_admin );
    444444        $this->assertTrue( bp_activity_user_can_delete( $activity_b ) );
    445445
    446446        // Group creator can delete activity.
    447         self::set_current_user( $u1 );
     447        wp_set_current_user( $u1 );
    448448        $this->assertTrue( bp_activity_user_can_delete( $activity ) );
    449449
    450450        // Logged-out user can't delete activity.
    451         self::set_current_user( 0 );
     451        wp_set_current_user( 0 );
    452452        $this->assertFalse( bp_activity_user_can_delete( $activity ) );
    453453
    454454        // Misc user can't delete activity.
    455455        $misc_user = self::factory()->user->create();
    456         self::set_current_user( $misc_user );
     456        wp_set_current_user( $misc_user );
    457457        $this->assertFalse( bp_activity_user_can_delete( $activity ) );
    458458
     
    460460        $misc_user_2 = self::factory()->user->create();
    461461        self::add_user_to_group( $misc_user_2, $g );
    462         self::set_current_user( $misc_user_2 );
     462        wp_set_current_user( $misc_user_2 );
    463463        $this->assertFalse( bp_activity_user_can_delete( $activity ) );
    464464
     
    466466        $misc_user_3 = self::factory()->user->create();
    467467        self::add_user_to_group( $misc_user_3, $g, array( 'is_mod' => true ) );
    468         self::set_current_user( $misc_user_3 );
     468        wp_set_current_user( $misc_user_3 );
    469469        $this->assertTrue( bp_activity_user_can_delete( $activity ) );
    470470
     
    472472        $misc_user_4 = self::factory()->user->create();
    473473        self::add_user_to_group( $misc_user_4, $g, array( 'is_admin' => true ) );
    474         self::set_current_user( $misc_user_4 );
     474        wp_set_current_user( $misc_user_4 );
    475475        $this->assertTrue( bp_activity_user_can_delete( $activity ) );
    476476
    477         self::set_current_user( $original_user );
     477        wp_set_current_user( $original_user );
    478478    }
    479479
     
    486486        $original_user = bp_loggedin_user_id();
    487487
    488         self::set_current_user( $u1 );
     488        wp_set_current_user( $u1 );
    489489
    490490        $g  = self::factory()->group->create();
     
    523523        self::add_user_to_group( $u2, $g, array( 'is_admin' => true ) );
    524524
    525         self::set_current_user( $u2 );
     525        wp_set_current_user( $u2 );
    526526        $this->assertFalse( bp_activity_user_can_delete( $activity ), 'Group Admins or Mods shouldn not be able to delete activities that are not attached to a group' );
    527527
     
    537537        $this->assertFalse( bp_activity_user_can_delete( $activity ), 'Group Admins or Mods should not be able to delete another group activities.' );
    538538
    539         self::set_current_user( $original_user );
     539        wp_set_current_user( $original_user );
    540540    }
    541541}
Note: See TracChangeset for help on using the changeset viewer.