From 196745c114d3619676f8e1e81e523beb3bfbd969 Mon Sep 17 00:00:00 2001 From: Paulo Pinto Date: Thu, 18 Apr 2024 15:55:51 +0100 Subject: [PATCH] Implement delete capability --- includes/event/event-capabilities.php | 31 +++++++++++++++++++++++++++ phpcs.xml | 2 +- tests/event/event-capabilities.php | 25 +++++++++++++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) diff --git a/includes/event/event-capabilities.php b/includes/event/event-capabilities.php index 0289c3b2..bdb50e81 100644 --- a/includes/event/event-capabilities.php +++ b/includes/event/event-capabilities.php @@ -11,6 +11,7 @@ class Event_Capabilities { private const CREATE = 'create_translation_event'; private const EDIT = 'edit_translation_event'; + private const DELETE = 'delete_translation_event'; /** * All the capabilities that concern an Event. @@ -18,6 +19,7 @@ class Event_Capabilities { private const CAPS = array( self::CREATE, self::EDIT, + self::DELETE, ); private Event_Repository_Interface $event_repository; @@ -55,6 +57,15 @@ private function has_cap( string $cap, array $args, WP_User $user ): bool { return false; } return $this->has_edit( $user, $event ); + case self::DELETE: + if ( ! isset( $args[2] ) || ! is_int( $args[2] ) ) { + return false; + } + $event = $this->event_repository->get_event( $args[2] ); + if ( ! $event ) { + return false; + } + return $this->has_delete( $user, $event ); } return false; @@ -102,6 +113,26 @@ private function has_edit( WP_User $user, Event $event ): bool { return false; } + /** + * Evaluate whether a user can delete a specific event. + * + * @param WP_User $user User for which we're evaluating the capability. + * @param Event $event Event for which we're evaluating the capability. + * @return bool + */ + private function has_delete( WP_User $user, Event $event ): bool { + // Must be able to edit in order to delete. + if ( ! $this->has_edit( $user, $event ) ) { + return false; + } + + if ( user_can( $user->ID, 'manage_options' ) ) { + return true; + } + + return false; + } + /** * Evaluate whether a user is a GlotPress admin. * diff --git a/phpcs.xml b/phpcs.xml index 397d4995..b76a7278 100644 --- a/phpcs.xml +++ b/phpcs.xml @@ -13,7 +13,7 @@ - + diff --git a/tests/event/event-capabilities.php b/tests/event/event-capabilities.php index 4f60432c..aac67a24 100644 --- a/tests/event/event-capabilities.php +++ b/tests/event/event-capabilities.php @@ -85,4 +85,29 @@ public function test_cannot_edit_event_with_stats() { $this->assertFalse( current_user_can( 'edit_translation_event', $event_id ) ); } + + public function test_cannot_delete_if_cannot_edit() { + $this->set_normal_user_as_current(); + $non_author_user_id = get_current_user_id(); + $this->set_normal_user_as_current(); // This user is the author. + + $event_id = $this->event_factory->create_active(); + $this->assertFalse( user_can( $non_author_user_id, 'delete_translation_event', $event_id ) ); + } + + public function test_cannot_delete_without_manage_options_capability() { + $this->set_normal_user_as_current(); + + $event_id = $this->event_factory->create_active(); + + $this->assertFalse( current_user_can( 'delete_translation_event', $event_id ) ); + } + + public function test_can_delete_with_manage_options_capability() { + $this->set_admin_user_as_current(); + + $event_id = $this->event_factory->create_active(); + + $this->assertFalse( current_user_can( 'delete_translation_event', $event_id ) ); + } }