tests: check additional roles in testPasswordProtectedPost()

justlevine · justlevine · commit b9e25bf13a22 · 2024-03-28T07:40:04.000Z
diff --git a/tests/wpunit/PostObjectQueriesTest.php b/tests/wpunit/PostObjectQueriesTest.php
@@ -2411,19 +2411,32 @@ public function testQueryPostBySlugWithNonAsciiSlug() {
 	}
 
 	public function testPasswordProtectedPost() {
+		$subscriber = $this->factory()->user->create(
+			[
+				'role' => 'subscriber',
+			]
+		);
+
+		$post_author_one = $this->factory()->user->create(
+			[
+				'role' => 'author',
+			]
+		);
+
+		$post_author_two = $this->factory()->user->create(
+			[
+				'role' => 'author',
+			]
+		);
+
 		$post = $this->factory()->post->create_and_get(
 			[
 				'post_type'   => 'post',
 				'post_status' => 'publish',
 				'post_password'    => 'mypassword',
 				'title'       => 'Password Protected post',
 				'content'     => 'Some content',
-			]
-		);
-
-		$subscriber = $this->factory()->user->create(
-			[
-				'role' => 'subscriber',
+				'post_author' => $post_author_one,
 			]
 		);
 
@@ -2453,6 +2466,7 @@ public function testPasswordProtectedPost() {
 		$this->assertNull( $actual['data']['post']['password'], 'Password should be null when unauthenticated' );
 
 		// Test password protected post as a subscriber.
+		wp_set_current_user( $subscriber );
 		$actual = $this->graphql( [
 			'query' => $query,
 			'variables' => [
@@ -2461,10 +2475,41 @@ public function testPasswordProtectedPost() {
 		] );
 
 		$this->assertArrayNotHasKey( 'errors', $actual );
-		$this->assertEquals( $post->post_title, $actual['data']['post']['title'], 'Title should be returned when unauthenticated' );
-		$this->assertEquals( 'publish', $actual['data']['post']['status'], 'Status should be "publish" when unauthenticated' );
-		$this->assertNull( $actual['data']['post']['content'], 'Content should be null when unauthenticated' );
-		$this->assertNull( $actual['data']['post']['password'], 'Password should be null when unauthenticated' );
+		$this->assertEquals( $post->post_title, $actual['data']['post']['title'], 'Title should be returned when lacking permissions' );
+		$this->assertEquals( 'publish', $actual['data']['post']['status'], 'Status should be "publish" when lacking permissions' );
+		$this->assertNull( $actual['data']['post']['content'], 'Content should be null when lacking permissions' );
+		$this->assertNull( $actual['data']['post']['password'], 'Password should be null when lacking permissions' );
+
+		// Test password protected post as different author.
+		wp_set_current_user( $post_author_two );
+		$actual = $this->graphql( [
+			'query' => $query,
+			'variables' => [
+				'id' => $post->ID,
+			],
+		] );
+
+		$this->assertArrayNotHasKey( 'errors', $actual );
+		$this->assertEquals( $post->post_title, $actual['data']['post']['title'], 'Title should be returned when lacking permissions' );
+		$this->assertEquals( 'publish', $actual['data']['post']['status'], 'Status should be "publish" when lacking permissions' );
+		$this->assertNull( $actual['data']['post']['content'], 'Content should be null when lacking permissions' );
+		$this->assertNull( $actual['data']['post']['password'], 'Password should be null when lacking permissions' );
+
+		// Test password protected post as current author.
+		wp_set_current_user( $post_author_one );
+
+		$actual = $this->graphql( [
+			'query'     => $query,
+			'variables' => [
+				'id' => $post->ID,
+			],
+		] );
+
+		$this->assertArrayNotHasKey( 'errors', $actual );
+		$this->assertEquals( $post->post_title, $actual['data']['post']['title'], 'Title should be returned when authenticated' );
+		$this->assertEquals( 'publish', $actual['data']['post']['status'], 'Status should be "publish" when authenticated' );
+		$this->assertNotEmpty( $actual['data']['post']['content'], 'Content should be returned when authenticated' );
+		$this->assertEquals( $post->post_password, $actual['data']['post']['password'], 'Password should be returned when authenticated' );
 
 		// Test password protected post as admin.
 		wp_set_current_user( $this->admin );
