Skip to content
This repository was archived by the owner on Sep 24, 2018. It is now read-only.

Permit logged-in users to query for media #1973

Merged
joehoyle merged 2 commits into from
Jan 8, 2016
Merged

Permit logged-in users to query for media #1973

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3456d61
Failing test case for #1959
danielbachhuber Jan 8, 2016
db71a55
Default to `inherit` when querying attachments
danielbachhuber Jan 8, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions lib/endpoints/class-wp-rest-posts-controller.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1604,7 +1604,7 @@ public function get_collection_params() {
),
);
$params['status'] = array(
'default' => 'publish',
'default' => 'attachment' === $this->post_type ? 'inherit' : 'publish',
Copy link
Copy Markdown
Member

@joehoyle joehoyle Jan 8, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I do a request logged out for /media and there's a bunch of posts with post_status=inherit which are attached to private posts, what does the response look like? Does it just remove the attachments I can't view (thus I get 6 results rather than the default 10) or do I get an error, or somethign else?

Copy link
Copy Markdown
Member Author

@danielbachhuber danielbachhuber Jan 8, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it just remove the attachments I can't view (thus I get 6 results rather than the default 10)

Yes, which is a consistent pattern we have throughout the controllers.

Copy link
Copy Markdown
Member

@joehoyle joehoyle Jan 8, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

'description' => __( 'Limit result set to posts assigned a specific status.' ),
'sanitize_callback' => 'sanitize_key',
'type' => 'string',
Expand All @@ -1625,7 +1625,7 @@ public function get_collection_params() {
* @return WP_Error|bool
*/
public function validate_user_can_query_private_statuses( $value, $request, $parameter ) {
if ( 'publish' === $value ) {
if ( 'publish' === $value || ( 'attachment' === $this->post_type && 'inherit' === $value ) ) {
return true;
}
$post_type_obj = get_post_type_object( $this->post_type );
Expand Down
27 changes: 27 additions & 0 deletions tests/test-rest-attachments-controller.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,33 @@ public function test_get_items() {
$this->check_get_posts_response( $response );
}

public function test_get_items_logged_in_editor() {
wp_set_current_user( $this->editor_id );
$id1 = $this->factory->attachment->create_object( $this->test_file, 0, array(
'post_mime_type' => 'image/jpeg',
'post_excerpt' => 'A sample caption',
) );
$draft_post = $this->factory->post->create( array( 'post_status' => 'draft' ) );
$id2 = $this->factory->attachment->create_object( $this->test_file, $draft_post, array(
'post_mime_type' => 'image/jpeg',
'post_excerpt' => 'A sample caption',
) );
$published_post = $this->factory->post->create( array( 'post_status' => 'publish' ) );
$id3 = $this->factory->attachment->create_object( $this->test_file, $published_post, array(
'post_mime_type' => 'image/jpeg',
'post_excerpt' => 'A sample caption',
) );
$request = new WP_REST_Request( 'GET', '/wp/v2/media' );
$response = $this->server->dispatch( $request );

$data = $response->get_data();
$this->assertCount( 3, $data );
$ids = wp_list_pluck( $data, 'id' );
$this->assertTrue( in_array( $id1, $ids ) );
$this->assertTrue( in_array( $id2, $ids ) );
$this->assertTrue( in_array( $id3, $ids ) );
}

public function test_get_items_parent() {
$post_id = $this->factory->post->create( array( 'post_title' => 'Test Post' ) );
$attachment_id = $this->factory->attachment->create_object( $this->test_file, $post_id, array(
Expand Down