Implement delete capability

WordPress · Apr 18, 2024 · 196745c · 196745c
1 parent dbc66e4
commit 196745c
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 1 deletion.
diff --git a/includes/event/event-capabilities.php b/includes/event/event-capabilities.php
@@ -11,13 +11,15 @@
 class Event_Capabilities {
 	private const CREATE = 'create_translation_event';
 	private const EDIT   = 'edit_translation_event';
+	private const DELETE = 'delete_translation_event';
 
 	/**
 	 * All the capabilities that concern an Event.
 	 */
 	private const CAPS = array(
 		self::CREATE,
 		self::EDIT,
+		self::DELETE,
 	);
 
 	private Event_Repository_Interface $event_repository;
@@ -55,6 +57,15 @@ private function has_cap( string $cap, array $args, WP_User $user ): bool {
 					return false;
 				}
 				return $this->has_edit( $user, $event );
+			case self::DELETE:
+				if ( ! isset( $args[2] ) || ! is_int( $args[2] ) ) {
+					return false;
+				}
+				$event = $this->event_repository->get_event( $args[2] );
+				if ( ! $event ) {
+					return false;
+				}
+				return $this->has_delete( $user, $event );
 		}
 
 		return false;
@@ -102,6 +113,26 @@ private function has_edit( WP_User $user, Event $event ): bool {
 		return false;
 	}
 
+	/**
+	 * Evaluate whether a user can delete a specific event.
+	 *
+	 * @param WP_User $user  User for which we're evaluating the capability.
+	 * @param Event   $event Event for which we're evaluating the capability.
+	 * @return bool
+	 */
+	private function has_delete( WP_User $user, Event $event ): bool {
+		// Must be able to edit in order to delete.
+		if ( ! $this->has_edit( $user, $event ) ) {
+			return false;
+		}
+
+		if ( user_can( $user->ID, 'manage_options' ) ) {
+			return true;
+		}
+
+		return false;
+	}
+
 	/**
 	 * Evaluate whether a user is a GlotPress admin.
 	 *

diff --git a/phpcs.xml b/phpcs.xml
@@ -13,7 +13,7 @@
 
     <rule ref="WordPress">
         <properties>
-            <property name="custom_capabilities[]" value="create_translation_event,edit_translation_event"/>
+            <property name="custom_capabilities[]" value="create_translation_event,edit_translation_event,delete_translation_event"/>
         </properties>
         <exclude name="Squiz.Commenting.ClassComment.Missing"/>
         <exclude name="Squiz.Commenting.FileComment.Missing"/>

diff --git a/tests/event/event-capabilities.php b/tests/event/event-capabilities.php
@@ -85,4 +85,29 @@ public function test_cannot_edit_event_with_stats() {
 
 		$this->assertFalse( current_user_can( 'edit_translation_event', $event_id ) );
 	}
+
+	public function test_cannot_delete_if_cannot_edit() {
+		$this->set_normal_user_as_current();
+		$non_author_user_id = get_current_user_id();
+		$this->set_normal_user_as_current(); // This user is the author.
+
+		$event_id = $this->event_factory->create_active();
+		$this->assertFalse( user_can( $non_author_user_id, 'delete_translation_event', $event_id ) );
+	}
+
+	public function test_cannot_delete_without_manage_options_capability() {
+		$this->set_normal_user_as_current();
+
+		$event_id = $this->event_factory->create_active();
+
+		$this->assertFalse( current_user_can( 'delete_translation_event', $event_id ) );
+	}
+
+	public function test_can_delete_with_manage_options_capability() {
+		$this->set_admin_user_as_current();
+
+		$event_id = $this->event_factory->create_active();
+
+		$this->assertFalse( current_user_can( 'delete_translation_event', $event_id ) );
+	}
 }