Add more tests. Add exception for namespace to as ruleset.

WordPress · Apr 25, 2018 · 6d1ee65 · 6d1ee65
1 parent f0f4a77
commit 6d1ee65
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 8 deletions.
diff --git a/lib/class-wp-rest-block-renderer-controller.php b/lib/class-wp-rest-block-renderer-controller.php
@@ -21,7 +21,6 @@ class WP_REST_Block_Renderer_Controller extends WP_REST_Controller {
 	 * @access public
 	 */
 	public function __construct() {
-		// @codingStandardsIgnoreLine - PHPCS mistakes $this->namespace for the namespace keyword.
 		$this->namespace = 'gutenberg/v1';
 		$this->rest_base = 'block-renderer';
 	}
@@ -38,7 +37,6 @@ public function register_routes() {
 				continue;
 			}
 
-			// @codingStandardsIgnoreLine - PHPCS mistakes $this->namespace for the namespace keyword.
 			register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<name>' . $block_type->name . ')', array(
 				'args'   => array(
 					'name' => array(
@@ -82,10 +80,10 @@ public function register_routes() {
 	public function get_item_permissions_check( $request ) {
 		global $post;
 
-		$post_ID = isset( $request['post_id'] ) ? intval( $request['post_id'] ) : 0;
+		$post_id = isset( $request['post_id'] ) ? intval( $request['post_id'] ) : 0;
 
-		if ( 0 < $post_ID ) {
-			$post = get_post( $post_ID );
+		if ( 0 < $post_id ) {
+			$post = get_post( $post_id );
 			if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) {
 				return new WP_Error( 'gutenberg_block_cannot_read', __( 'Sorry, you are not allowed to read Gutenberg blocks of this post', 'gutenberg' ), array(
 					'status' => rest_authorization_required_code(),
@@ -114,10 +112,10 @@ public function get_item_permissions_check( $request ) {
 	public function get_item( $request ) {
 		global $post;
 
-		$post_ID = isset( $request['post_id'] ) ? intval( $request['post_id'] ) : 0;
+		$post_id = isset( $request['post_id'] ) ? intval( $request['post_id'] ) : 0;
 
-		if ( 0 < $post_ID ) {
-			$post = get_post( $post_ID );
+		if ( 0 < $post_id ) {
+			$post = get_post( $post_id );
 
 			// Set up postdata since this will be needed if post_id was set.
 			setup_postdata( $post );

diff --git a/phpcs.xml.dist b/phpcs.xml.dist
@@ -20,6 +20,9 @@
 	<file>./phpunit</file>
 	<file>gutenberg.php</file>
 
+	<rule ref="PHPCompatibility.PHP.NewKeywords.t_namespaceFound">
+		<exclude-pattern>lib/class-wp-rest-block-renderer-controller.php</exclude-pattern>
+	</rule>
 	<!-- These special comments are markers for the build process -->
 	<rule ref="Squiz.Commenting.InlineComment.WrongStyle">
 		<exclude-pattern>gutenberg.php</exclude-pattern>

diff --git a/phpunit/class-rest-block-renderer-controller-test.php b/phpunit/class-rest-block-renderer-controller-test.php
@@ -40,6 +40,13 @@ class REST_Block_Renderer_Controller_Test extends WP_Test_REST_Controller_Testca
 	 */
 	protected static $post_id;
 
+	/**
+	 * Author test user ID.
+	 *
+	 * @var int
+	 */
+	protected static $author_id;
+
 	/**
 	 * Create test data before the tests run.
 	 *
@@ -52,6 +59,12 @@ public static function wpSetUpBeforeClass( $factory ) {
 			)
 		);
 
+		self::$author_id = $factory->user->create(
+			array(
+				'role' => 'author',
+			)
+		);
+
 		self::$post_id = $factory->post->create( array(
 			'post_title' => 'Test Post',
 		) );
@@ -316,6 +329,38 @@ public function test_get_item_with_post_context() {
 		$this->assertEquals( $expected_title, $data['rendered'] );
 	}
 
+	/**
+	 * Test getting item with invalid post ID.
+	 */
+	public function test_get_item_without_permissions_invalid_post() {
+		wp_set_current_user( self::$user_id );
+
+		$request = new WP_REST_Request( 'GET', '/gutenberg/v1/block-renderer/' . self::$context_block_name );
+		$request->set_param( 'context', 'edit' );
+
+		// Test with invalid post ID.
+		$request->set_param( 'post_id', PHP_INT_MAX );
+		$response = $this->server->dispatch( $request );
+
+		$this->assertErrorResponse( 'gutenberg_block_cannot_read', $response, 403 );
+	}
+
+	/**
+	 * Test getting item without permissions to edit context post.
+	 */
+	public function test_get_item_without_permissions_cannot_edit_post() {
+		wp_set_current_user( self::$author_id );
+
+		$request = new WP_REST_Request( 'GET', '/gutenberg/v1/block-renderer/' . self::$context_block_name );
+		$request->set_param( 'context', 'edit' );
+
+		// Test with private post ID.
+		$request->set_param( 'post_id', self::$post_id );
+		$response = $this->server->dispatch( $request );
+
+		$this->assertErrorResponse( 'gutenberg_block_cannot_read', $response, 403 );
+	}
+
 	/**
 	 * Get item schema.
 	 *