From 07b42e5cb4dc4b10bf8a1c729e8408baea3a9c6d Mon Sep 17 00:00:00 2001 From: Paul Bearne Date: Tue, 19 May 2026 19:35:06 -0400 Subject: [PATCH] Ajax: Add unit tests for wp_ajax_delete_post() Co-authored-by: Junie --- .../includes/ajax-actions/deletePost.php | 149 ++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 tests/phpunit/tests/admin/includes/ajax-actions/deletePost.php diff --git a/tests/phpunit/tests/admin/includes/ajax-actions/deletePost.php b/tests/phpunit/tests/admin/includes/ajax-actions/deletePost.php new file mode 100644 index 0000000000000..28e8142768cec --- /dev/null +++ b/tests/phpunit/tests/admin/includes/ajax-actions/deletePost.php @@ -0,0 +1,149 @@ +user->create( array( 'role' => 'administrator' ) ); + self::$subscriber_id = $factory->user->create( array( 'role' => 'subscriber' ) ); + } + + /** + * Setup before each test method. + */ + public function set_up(): void { + parent::set_up(); + add_action( 'admin_init', 'wp_ajax_delete_post', 1 ); + } + + /** + * Tests successful post deletion. + * + * @ticket 65252 + */ + public function test_delete_post_success(): void { + wp_set_current_user( self::$admin_id ); + + $post_id = $this->factory->post->create(); + + // Ensure post is already in trash, so wp_delete_post() will actually delete it. + wp_trash_post( $post_id ); + + $_POST = array( + 'id' => $post_id, + '_ajax_nonce' => wp_create_nonce( "delete-post_$post_id" ), + ); + + try { + $this->_handleAjax( 'delete_post' ); + } catch ( WPAjaxDieStopException $e ) { + $this->assertSame( '1', $e->getMessage(), 'AJAX response should be 1 (success).' ); + } catch ( WPAjaxDieContinueException $e ) { + $this->assertSame( '1', $e->getMessage(), 'AJAX response should be 1 (success).' ); + } + + $this->assertNull( get_post( $post_id ), 'Post should be deleted.' ); + } + + /** + * Tests post deletion failure due to invalid nonce. + * + * @ticket 65252 + */ + public function test_delete_post_invalid_nonce(): void { + wp_set_current_user( self::$admin_id ); + + $post_id = $this->factory->post->create(); + + $_POST = array( + 'id' => $post_id, + '_ajax_nonce' => 'invalid-nonce', + ); + + $this->expectException( WPAjaxDieStopException::class ); + $this->expectExceptionMessage( '-1' ); + + $this->_handleAjax( 'delete_post' ); + } + + /** + * Tests post deletion failure due to insufficient permissions. + * + * @ticket 65252 + */ + public function test_delete_post_insufficient_permissions(): void { + wp_set_current_user( self::$subscriber_id ); + + $post_id = $this->factory->post->create(); + + $_POST = array( + 'id' => $post_id, + '_ajax_nonce' => wp_create_nonce( "delete-post_$post_id" ), + ); + + try { + $this->_handleAjax( 'delete_post' ); + } catch ( WPAjaxDieStopException $e ) { + $this->assertSame( '-1', $e->getMessage(), 'AJAX response should be -1 (insufficient permissions).' ); + } catch ( WPAjaxDieContinueException $e ) { + $this->assertSame( '-1', $e->getMessage(), 'AJAX response should be -1 (insufficient permissions).' ); + } + + $this->assertNotNull( get_post( $post_id ), 'Post should NOT be deleted.' ); + } + + /** + * Tests post deletion with non-existent ID. + * + * @ticket 65252 + */ + public function test_delete_post_non_existent_id(): void { + wp_set_current_user( self::$admin_id ); + + $post_id = 99999; + + $_POST = array( + 'id' => $post_id, + '_ajax_nonce' => wp_create_nonce( "delete-post_$post_id" ), + ); + + $this->expectException( WPAjaxDieStopException::class ); + $this->expectExceptionMessage( '-1' ); + + $this->_handleAjax( 'delete_post' ); + } +}