diff --git a/lib/endpoints/class-wp-rest-users-controller.php b/lib/endpoints/class-wp-rest-users-controller.php index a2aabe2e22..599852fb67 100644 --- a/lib/endpoints/class-wp-rest-users-controller.php +++ b/lib/endpoints/class-wp-rest-users-controller.php @@ -192,10 +192,6 @@ public function create_item( $request ) { return new WP_Error( 'rest_user_exists', __( 'Cannot create existing user.' ), array( 'status' => 400 ) ); } - if ( ! empty( $request['role'] ) && ! isset( $wp_roles->role_objects[ $request['role'] ] ) ) { - return new WP_Error( 'rest_user_invalid_role', __( 'Role is invalid.' ), array( 'status' => 400 ) ); - } - $user = $this->prepare_item_for_database( $request ); if ( is_multisite() ) { @@ -538,7 +534,7 @@ protected function prepare_item_for_database( $request ) { $prepared_user->description = $request['description']; } if ( isset( $request['role'] ) ) { - $prepared_user->role = sanitize_text_field( $request['role'] ); + $prepared_user->role = $request['role']; } if ( isset( $request['url'] ) ) { $prepared_user->user_url = $request['url']; @@ -557,10 +553,6 @@ protected function prepare_item_for_database( $request ) { protected function check_role_update( $user_id, $role ) { global $wp_roles; - if ( ! isset( $wp_roles->role_objects[ $role ] ) ) { - return new WP_Error( 'rest_user_invalid_role', __( 'Role is invalid.' ), array( 'status' => 400 ) ); - } - $potential_role = $wp_roles->role_objects[ $role ]; // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. @@ -595,6 +587,8 @@ public function get_item_schema() { ); } + global $wp_roles; + $schema = array( '$schema' => 'http://json-schema.org/draft-04/schema#', 'title' => 'user', @@ -688,6 +682,12 @@ public function get_item_schema() { 'description' => 'Roles assigned to the user.', 'type' => 'array', 'context' => array( 'view', 'edit' ), + 'readonly' => true, + ), + 'role' => array( + 'description' => 'Role assigned to the user.', + 'type' => 'string', + 'enum' => array_keys( $wp_roles->role_objects ), ), 'slug' => array( 'description' => 'An alphanumeric identifier for the object unique to its type.', diff --git a/tests/test-rest-users-controller.php b/tests/test-rest-users-controller.php index d7279a5017..268505b22b 100644 --- a/tests/test-rest-users-controller.php +++ b/tests/test-rest-users-controller.php @@ -412,7 +412,7 @@ public function test_create_user_invalid_role() { $request->set_body_params( $params ); $response = $this->server->dispatch( $request ); - $this->assertErrorResponse( 'rest_user_invalid_role', $response, 400 ); + $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); } public function test_update_item() { @@ -612,7 +612,7 @@ public function test_update_user_role_invalid_role() { $request->set_param( 'role', 'BeSharp' ); $response = $this->server->dispatch( $request ); - $this->assertErrorResponse( 'rest_user_invalid_role', $response, 400 ); + $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); $user = get_userdata( $this->editor ); $this->assertArrayHasKey( 'editor', $user->caps ); @@ -763,7 +763,7 @@ public function test_get_item_schema() { $data = $response->get_data(); $properties = $data['properties']; - $this->assertEquals( 16, count( $properties ) ); + $this->assertEquals( 17, count( $properties ) ); $this->assertArrayHasKey( 'avatar_urls', $properties ); $this->assertArrayHasKey( 'capabilities', $properties ); $this->assertArrayHasKey( 'description', $properties ); @@ -779,6 +779,8 @@ public function test_get_item_schema() { $this->assertArrayHasKey( 'slug', $properties ); $this->assertArrayHasKey( 'url', $properties ); $this->assertArrayHasKey( 'username', $properties ); + $this->assertArrayHasKey( 'roles', $properties ); + $this->assertArrayHasKey( 'role', $properties ); } public function test_get_additional_field_registration() {