From 813c5e4d39137a750f6f41febae5f72ca4c95cb4 Mon Sep 17 00:00:00 2001 From: Paulo Pinto Date: Wed, 17 Apr 2024 15:45:27 +0100 Subject: [PATCH] Implement create capability --- includes/event/event-capabilities.php | 8 ++++++-- includes/event/event-form-handler.php | 2 +- includes/routes/event/create.php | 5 +++++ phpcs.xml | 3 +++ tests/event/event-capabilities.php | 19 +++++++++++++++++-- 5 files changed, 32 insertions(+), 5 deletions(-) diff --git a/includes/event/event-capabilities.php b/includes/event/event-capabilities.php index 27b455ef..4a6928ce 100644 --- a/includes/event/event-capabilities.php +++ b/includes/event/event-capabilities.php @@ -2,6 +2,7 @@ namespace Wporg\TranslationEvents\Event; +use GP; use WP_User; class Event_Capabilities { @@ -21,8 +22,11 @@ private function has_cap( string $cap, array $args, WP_User $user ): bool { } private function has_create( WP_User $user ): bool { - // TODO. - return true; + return $this->has_gp_crud( $user ); + } + + private function has_gp_crud( WP_User $user ): bool { + return apply_filters( 'gp_translation_events_can_crud_event', GP::$permission->user_can( $user, 'admin' ) ); } public function register_hooks(): void { diff --git a/includes/event/event-form-handler.php b/includes/event/event-form-handler.php index 3592d333..6d899c0a 100644 --- a/includes/event/event-form-handler.php +++ b/includes/event/event-form-handler.php @@ -37,7 +37,7 @@ public function handle( array $form_data ): void { * @param bool $can_crud_event Whether the user can create, edit, or delete an event. */ $can_crud_event = apply_filters( 'gp_translation_events_can_crud_event', GP::$permission->current_user_can( 'admin' ) ); - if ( 'create_event' === $action && ( ! $can_crud_event ) ) { + if ( 'create_event' === $action && ( ! current_user_can( 'create_translation_event' ) ) ) { wp_send_json_error( esc_html__( 'The user does not have permission to create an event.', 'gp-translation-events' ), 403 ); } if ( 'edit_event' === $action ) { diff --git a/includes/routes/event/create.php b/includes/routes/event/create.php index 3bd04fa7..540f7e78 100644 --- a/includes/routes/event/create.php +++ b/includes/routes/event/create.php @@ -16,6 +16,11 @@ public function handle(): void { wp_safe_redirect( wp_login_url( home_url( $wp->request ) ) ); exit; } + + if ( ! current_user_can( 'create_translation_event' ) ) { + $this->die_with_error( 'You do not have permission to create events.' ); + } + $event_page_title = 'Create Event'; $event_form_name = 'create_event'; $css_show_url = 'hide-event-url'; diff --git a/phpcs.xml b/phpcs.xml index 83bfe44b..7af8b427 100644 --- a/phpcs.xml +++ b/phpcs.xml @@ -12,6 +12,9 @@ ./wporg-gp-translation-events.php + + + diff --git a/tests/event/event-capabilities.php b/tests/event/event-capabilities.php index 3896ced3..1cb90f9b 100644 --- a/tests/event/event-capabilities.php +++ b/tests/event/event-capabilities.php @@ -4,7 +4,6 @@ use GP_UnitTestCase; use Wporg\TranslationEvents\Attendee\Attendee_Repository; -use Wporg\TranslationEvents\Event\Event_Capabilities; use Wporg\TranslationEvents\Event\Event_Repository; use Wporg\TranslationEvents\Tests\Event_Factory; use Wporg\TranslationEvents\Tests\Stats_Factory; @@ -16,6 +15,22 @@ public function setUp(): void { $this->stats_factory = new Stats_Factory(); $this->attendee_repository = new Attendee_Repository(); $this->event_repository = new Event_Repository( $this->attendee_repository ); - $this->capilities = new Event_Capabilities(); + } + + public function test_cannot_create_if_no_crud_permission() { + $this->set_normal_user_as_current(); + + add_filter( 'gp_translation_events_can_crud_event', '__return_false' ); + + $this->assertFalse( current_user_can( 'create_translation_event' ) ); + } + + public function test_can_create_if_crud_permission() { + $this->set_normal_user_as_current(); + get_current_user_id(); + + add_filter( 'gp_translation_events_can_crud_event', '__return_true' ); + + $this->assertTrue( current_user_can( 'create_translation_event' ) ); } }