Skip to content

Commit 1bea54e

Browse files
pattonwebzpattonwebz
authored
Merge pull request #1699 from equalizedigital/william/add-some-tests-for-rest-api-callbacks
Add tests for rest api callbacks
2 parents 7239efc + 5afbb03 commit 1bea54e

2 files changed

Lines changed: 119 additions & 2 deletions

File tree

phpunit.dev.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
<directory>./vendor/</directory>
2323
<directory>./node_modules/</directory>
2424
<directory>./dist/</directory>
25+
<directory>./tools/</directory>
2526
<file>./includes/wcag.php</file>
2627
</exclude>
2728
</coverage>

tests/phpunit/includes/classes/RestApiEndpointsTest.php

Lines changed: 118 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,13 @@ class RestApiEndpointsTest extends WP_UnitTestCase {
2525
*/
2626
protected static $limited_id;
2727

28+
/**
29+
* Subscriber user ID (no edit_posts capability).
30+
*
31+
* @var int
32+
*/
33+
protected static $subscriber_id;
34+
2835
/**
2936
* Post ID used for tests.
3037
*
@@ -76,8 +83,9 @@ public static function wpSetUpBeforeClass( $factory ) {
7683
// Ensure plugin DB table exists for tests (normally created via admin_init).
7784
( new \EDAC\Admin\Update_Database() )->edac_update_database();
7885

79-
self::$admin_id = $factory->user->create( [ 'role' => 'administrator' ] );
80-
self::$limited_id = $factory->user->create( [ 'role' => 'subscriber' ] );
86+
self::$admin_id = $factory->user->create( [ 'role' => 'administrator' ] );
87+
self::$limited_id = $factory->user->create( [ 'role' => 'subscriber' ] );
88+
self::$subscriber_id = $factory->user->create( [ 'role' => 'subscriber' ] );
8189
// Give limited user edit_posts but not edit_others_posts so they cannot edit this post.
8290
$user = new WP_User( self::$limited_id );
8391
$user->add_cap( 'edit_posts' );
@@ -215,4 +223,112 @@ public function test_limited_user_can_manage_own_post() {
215223
$this->assertArrayHasKey( 'success', $data2 );
216224
$this->assertTrue( $data2['success'] );
217225
}
226+
227+
/**
228+
* Verify permissions and payload shape for scans stats endpoint.
229+
*
230+
* @return void
231+
*/
232+
public function test_scans_stats_permissions_and_payload() {
233+
$this->assertNotNull( $this->server );
234+
235+
wp_set_current_user( self::$admin_id );
236+
$request = new WP_REST_Request( 'GET', '/accessibility-checker/v1/scans-stats' );
237+
$response = $this->server->dispatch( $request );
238+
$this->assertSame( 200, $response->get_status(), 'Admin should be allowed to access scans stats.' );
239+
$data = $response->get_data();
240+
$this->assertIsArray( $data );
241+
$this->assertArrayHasKey( 'success', $data );
242+
$this->assertTrue( $data['success'] );
243+
$this->assertArrayHasKey( 'stats', $data );
244+
// Verify stats structure is an array.
245+
$this->assertIsArray( $data['stats'] );
246+
247+
wp_set_current_user( self::$subscriber_id );
248+
$request2 = new WP_REST_Request( 'GET', '/accessibility-checker/v1/scans-stats' );
249+
$response2 = $this->server->dispatch( $request2 );
250+
$this->assertSame( 403, $response2->get_status(), 'Subscriber without edit_posts should be denied scans stats access.' );
251+
}
252+
253+
/**
254+
* Verify permissions and payload shape for clear cached scans stats endpoint.
255+
*
256+
* @return void
257+
*/
258+
public function test_clear_cached_scans_stats_permissions_and_payload() {
259+
$this->assertNotNull( $this->server );
260+
261+
wp_set_current_user( self::$admin_id );
262+
$request = new WP_REST_Request( 'POST', '/accessibility-checker/v1/clear-cached-scans-stats' );
263+
$response = $this->server->dispatch( $request );
264+
$this->assertSame( 200, $response->get_status(), 'Admin should be allowed to clear cached scans stats.' );
265+
$data = $response->get_data();
266+
$this->assertIsArray( $data );
267+
$this->assertArrayHasKey( 'success', $data );
268+
$this->assertTrue( $data['success'] );
269+
270+
wp_set_current_user( self::$subscriber_id );
271+
$request2 = new WP_REST_Request( 'POST', '/accessibility-checker/v1/clear-cached-scans-stats' );
272+
$response2 = $this->server->dispatch( $request2 );
273+
$this->assertSame( 403, $response2->get_status(), 'Subscriber without publish_posts should be denied cache clear.' );
274+
}
275+
276+
/**
277+
* Verify scans stats by post type endpoint handles allowed and disallowed post types.
278+
*
279+
* @return void
280+
*/
281+
public function test_scans_stats_by_post_type_status_codes() {
282+
$this->assertNotNull( $this->server );
283+
284+
wp_set_current_user( self::$admin_id );
285+
286+
$disallowed_request = new WP_REST_Request( 'GET', '/accessibility-checker/v1/scans-stats-by-post-type/page' );
287+
$disallowed_response = $this->server->dispatch( $disallowed_request );
288+
$this->assertSame( 400, $disallowed_response->get_status(), 'Non-scannable post type should return 400.' );
289+
$disallowed_data = $disallowed_response->get_data();
290+
$this->assertIsArray( $disallowed_data );
291+
$this->assertArrayHasKey( 'message', $disallowed_data );
292+
293+
$allowed_request = new WP_REST_Request( 'GET', '/accessibility-checker/v1/scans-stats-by-post-type/post' );
294+
$allowed_response = $this->server->dispatch( $allowed_request );
295+
$this->assertSame( 200, $allowed_response->get_status(), 'Scannable post type should return 200.' );
296+
$allowed_data = $allowed_response->get_data();
297+
$this->assertIsArray( $allowed_data );
298+
$this->assertArrayHasKey( 'success', $allowed_data );
299+
$this->assertTrue( $allowed_data['success'] );
300+
$this->assertArrayHasKey( 'stats', $allowed_data );
301+
}
302+
303+
/**
304+
* Verify scans stats by post types endpoint permissions and payload shape.
305+
*
306+
* @return void
307+
*/
308+
public function test_scans_stats_by_post_types_permissions_and_payload() {
309+
$this->assertNotNull( $this->server );
310+
311+
wp_set_current_user( self::$admin_id );
312+
$request = new WP_REST_Request( 'GET', '/accessibility-checker/v1/scans-stats-by-post-types' );
313+
$response = $this->server->dispatch( $request );
314+
$this->assertSame( 200, $response->get_status(), 'Admin should be allowed to access scans stats by post types.' );
315+
$data = $response->get_data();
316+
$this->assertIsArray( $data );
317+
$this->assertArrayHasKey( 'success', $data );
318+
$this->assertTrue( $data['success'] );
319+
$this->assertArrayHasKey( 'stats', $data );
320+
// Verify stats structure is an array keyed by post type.
321+
$this->assertIsArray( $data['stats'] );
322+
if ( ! empty( $data['stats'] ) ) {
323+
foreach ( $data['stats'] as $post_type => $stat ) {
324+
$this->assertIsString( $post_type );
325+
$this->assertTrue( $stat === false || is_array( $stat ) );
326+
}
327+
}
328+
329+
wp_set_current_user( self::$subscriber_id );
330+
$request2 = new WP_REST_Request( 'GET', '/accessibility-checker/v1/scans-stats-by-post-types' );
331+
$response2 = $this->server->dispatch( $request2 );
332+
$this->assertSame( 403, $response2->get_status(), 'Subscriber without edit_posts should be denied scans stats by post types.' );
333+
}
218334
}

0 commit comments

Comments
 (0)