Address review-body nits: defensive output coercion and test cleanup

PatelUtkarsh · PatelUtkarsh · commit d1fc2e07b7c1 · 2026-05-15T19:23:13.000+05:30
- Filter Ability_Get_Alerts results to the declared status enum
  (STATUS_ENABLED / STATUS_DISABLED) so a third-party-trashed alert or
  future broadening of Alerts::get_alerts() doesn't leak a non-enum
  status into the response and violate the output schema.
- Normalize empty alert_meta to stdClass in Ability_Create_Alert output,
  mirroring the coerce in Ability_Get_Alerts. Currently unreachable
  because Alert::save() always writes the merged trigger keys, but the
  coerce is cheap defense and keeps the JSON output consistent.
- Add Test_Ability_Update_Settings::test_write_targets_network_option_when_network_activated
  -- mirror of the read-side coverage in
  Test_Abilities::test_is_enabled_reads_network_option_when_network_activated,
  proves update-settings writes land in wp_stream_network on network-
  activated multisite and do not touch the per-site option.
- Merge duplicate Test_Abilities::test_load_abilities_instantiates_each_slug
  and test_load_abilities_populates_all_slugs into a single test that
  covers both population and instantiation in one pass.
diff --git a/abilities/class-ability-create-alert.php b/abilities/class-ability-create-alert.php
@@ -181,12 +181,22 @@ public function execute( $input = null ) {
 			);
 		}
 
+		// Normalize alert_meta to stdClass when empty so the response satisfies
+		// the declared object output schema. Reachable in theory if a future
+		// Alert::save() change ever leaves alert_meta unwritten -- today the
+		// call always persists the merged trigger keys, but the coerce is cheap
+		// defense and keeps the JSON output consistent with get-alerts.
+		$persisted_meta = get_post_meta( $post_id, 'alert_meta', true );
+		$alert_meta     = is_array( $persisted_meta ) && ! empty( $persisted_meta )
+			? $persisted_meta
+			: new \stdClass();
+
 		return array(
 			'id'         => (int) $post_id,
 			'status'     => (string) get_post_status( $post_id ),
 			'title'      => (string) get_the_title( $post_id ),
 			'alert_type' => get_post_meta( $post_id, 'alert_type', true ),
-			'alert_meta' => (array) get_post_meta( $post_id, 'alert_meta', true ),
+			'alert_meta' => $alert_meta,
 		);
 	}
 }
diff --git a/abilities/class-ability-get-alerts.php b/abilities/class-ability-get-alerts.php
@@ -114,8 +114,18 @@ public function execute( $input = null ) {
 
 		$alerts = $this->plugin->alerts->get_alerts( $statuses );
 
+		// Output enum is fixed (STATUS_ENABLED / STATUS_DISABLED). Alerts::get_alerts()
+		// only fetches those two statuses today, but a third party could trash an
+		// alert post or wire up a custom status. Defensive filter keeps the
+		// response schema-valid for any downstream changes.
+		$allowed_statuses = array( Alerts::STATUS_ENABLED, Alerts::STATUS_DISABLED );
+
 		$out = array();
 		foreach ( $alerts as $alert ) {
+			if ( ! in_array( (string) $alert->status, $allowed_statuses, true ) ) {
+				continue;
+			}
+
 			// Alert::$alert_meta defaults to array(); an empty PHP array() also
 			// JSON-encodes as a list ([]), which violates the declared object
 			// output schema. Normalize empty/non-array values to a real object
diff --git a/tests/phpunit/abilities/test-class-ability-update-settings.php b/tests/phpunit/abilities/test-class-ability-update-settings.php
@@ -151,4 +151,72 @@ public function test_unknown_keys_are_dropped_when_mixed_with_valid() {
 		$stored = (array) get_option( $option_key );
 		$this->assertArrayNotHasKey( 'malicious_key', $stored );
 	}
+
+	/**
+	 * On network-activated multisite, writes must land in wp_stream_network
+	 * (the authoritative store that is_enabled() and the admin UI read from),
+	 * NOT in the per-site wp_stream option. The ability runs in REST where
+	 * is_network_admin() is always false, so without Settings::update_all_setting_values()
+	 * routing the write would silently target the per-site option and ghost-
+	 * save. Mirrors the read-side coverage in
+	 * Test_Abilities::test_is_enabled_reads_network_option_when_network_activated.
+	 *
+	 * @group ms-required
+	 */
+	public function test_write_targets_network_option_when_network_activated() {
+		if ( ! is_multisite() ) {
+			$this->markTestSkipped( 'Requires multisite.' );
+		}
+
+		wp_set_current_user( $this->admin_user_id );
+
+		$network_key      = $this->plugin->settings->network_options_key;
+		$per_site_key     = $this->plugin->settings->option_key;
+		$original_network = get_site_option( $network_key, false );
+		$original_site    = get_option( $per_site_key, false );
+
+		// Force network-activated so update_all_setting_values() chooses the
+		// site-option write path.
+		add_filter( 'wp_stream_is_network_activated', '__return_true' );
+
+		// Reset both stores to a known baseline.
+		update_site_option( $network_key, array( 'general_records_ttl' => 30 ) );
+		update_option( $per_site_key, array( 'general_records_ttl' => 30 ) );
+
+		try {
+			$result = $this->ability->execute(
+				array(
+					'settings' => array( 'general_records_ttl' => 90 ),
+				)
+			);
+
+			$this->assertIsArray( $result, 'Update must succeed.' );
+
+			$stored_network  = (array) get_site_option( $network_key, array() );
+			$stored_per_site = (array) get_option( $per_site_key, array() );
+
+			$this->assertSame(
+				90,
+				(int) ( $stored_network['general_records_ttl'] ?? 0 ),
+				'Write must land in the network option on network-activated multisite.'
+			);
+			$this->assertSame(
+				30,
+				(int) ( $stored_per_site['general_records_ttl'] ?? 0 ),
+				'Per-site option must NOT be touched on network-activated multisite.'
+			);
+		} finally {
+			remove_filter( 'wp_stream_is_network_activated', '__return_true' );
+			if ( false === $original_network ) {
+				delete_site_option( $network_key );
+			} else {
+				update_site_option( $network_key, $original_network );
+			}
+			if ( false === $original_site ) {
+				delete_option( $per_site_key );
+			} else {
+				update_option( $per_site_key, $original_site );
+			}
+		}//end try
+	}
 }
diff --git a/tests/phpunit/test-class-abilities.php b/tests/phpunit/test-class-abilities.php
@@ -217,20 +217,17 @@ public function test_load_abilities_instantiates_each_slug() {
 
 		$this->assertCount( 11, $abilities->abilities );
 
-		foreach ( $abilities->abilities as $name => $ability ) {
-			$this->assertInstanceOf( __NAMESPACE__ . '\\Ability', $ability );
-			$this->assertSame( $name, $ability->get_name() );
-		}
-	}
-
-	public function test_load_abilities_populates_all_slugs() {
-		$abilities = new Abilities( $this->plugin );
-
-		$abilities->load_abilities();
-
-		$this->assertCount( 11, $abilities->abilities );
+		// Every slug declared by the loader must produce an Ability instance
+		// keyed under "stream/{slug}", and each instance must report the
+		// matching get_name(). Combines the population check (key presence)
+		// with the instantiation check (instanceof + get_name) in one pass.
 		foreach ( $abilities->get_ability_slugs() as $slug ) {
-			$this->assertArrayHasKey( 'stream/' . $slug, $abilities->abilities );
+			$expected_name = 'stream/' . $slug;
+			$this->assertArrayHasKey( $expected_name, $abilities->abilities );
+
+			$ability = $abilities->abilities[ $expected_name ];
+			$this->assertInstanceOf( __NAMESPACE__ . '\\Ability', $ability );
+			$this->assertSame( $expected_name, $ability->get_name() );
 		}
 	}
 
