Merge pull request #44 from asdfdotdev/development

Add v1.7.1 updates

README.md

@@ -1,6 +1,6 @@
 <p align="center" style="padding-bottom:20px"><img src="img/utm-dot-codes-logo.png" width="400"></p><p>&nbsp;</p>
 
-[![Build Status](https://travis-ci.org/asdfdotdev/utm.codes.svg?branch=master)](https://travis-ci.org/asdfdotdev/utm.codes) [![codecov](https://codecov.io/gh/asdfdotdev/utm.codes/branch/master/graph/badge.svg)](https://codecov.io/gh/asdfdotdev/utm.codes) [![RIPS CodeRisk](https://coderisk.com/wp/plugin/utm-dot-codes/badge "RIPS CodeRisk")](https://coderisk.com/wp/plugin/utm-dot-codes) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/5ed065c06159462cbd425fb39f9b7fd0)](https://app.codacy.com/app/chrislarrycarl/utm.codes)
+[![Build Status](https://travis-ci.org/asdfdotdev/utm.codes.svg?branch=master)](https://travis-ci.org/asdfdotdev/utm.codes) [![codecov](https://codecov.io/gh/asdfdotdev/utm.codes/branch/master/graph/badge.svg)](https://codecov.io/gh/asdfdotdev/utm.codes) [![RIPS CodeRisk](https://coderisk.com/wp/plugin/utm-dot-codes/badge "RIPS CodeRisk")](https://coderisk.com/wp/plugin/utm-dot-codes)
 
 Welcome to the developer repository for utm.codes, a WordPress plugin that makes creating analytics friendly marketing links quick and easy.
 

README.txt

@@ -3,9 +3,9 @@ Contributors: chrislarrycarl
 Donate link: https://utm.codes/pricing/
 Tags: analytics, utm codes, analytics, google analytics, campaign marketing, link generator
 Requires at least: 4.7.0
-Tested up to: 5.4.0
+Tested up to: 5.4.2
 Requires PHP: 5.6.0
-Stable tag: 1.7.0
+Stable tag: 1.7.1
 License: GPLv2
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -97,6 +97,12 @@ That isn't a question. But thank you.
 
 == Changelog ==
 
+= 1.7.1 =
+
+- Cleanup permissions
+- Update dependencies
+- Increment tested up to to v5.4.2
+
 = 1.7.0 =
 
 - Supports WordPress v5.4

_test/README.md

@@ -64,11 +64,12 @@ Not running ms-files tests. To execute these, use --group ms-files.
 Not running external-http tests. To execute these, use --group external-http.
 PHPUnit 7.5.20 by Sebastian Bergmann and contributors.
 
-.............................................................     61 / 61 (100%)
+................................................................. 65 / 66 ( 98%)
+.                                                                 66 / 66 (100%)
 
-Time: 14.86 seconds, Memory: 40.00 MB
+Time: 23.5 seconds, Memory: 42.00 MB
 
-OK (61 tests, 516 assertions)
+OK (66 tests, 596 assertions)
 
 Generating code coverage report in Clover XML format ... done
 ```

_test/tests/test-integration.php

@@ -1048,14 +1048,18 @@ function test_add_static_resources() {
 	 * @depends test_version_numbers_active
 	 */
 	function test_add_glance() {
+		wp_set_current_user( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
 		$glance_markup = apply_filters( 'dashboard_glance_items', array() );
-
 		$this->assertTrue(
 			in_array(
-				'<a href="javascript:;" class="utmdclink-count">0 Marketing Links</a>',
+				'<a href="http://example.org/wp-admin/edit.php?post_type=utmdclink" class="utmdclink-count">0 Marketing Links</a>',
 				$glance_markup
 			)
 		);
+
+		wp_set_current_user( $this->factory->user->create( array( 'role' => 'contributor' ) ) );
+		$glance_markup = apply_filters( 'dashboard_glance_items', array() );
+		$this->assertTrue(empty($glance_markup));
 	}
 
 	/**

_test/tests/test-permissions.php

@@ -0,0 +1,216 @@
+<?php
+/**
+ * Class TestUtmDotCodesPermissions
+ *
+ * @package UtmDotCodes
+ */
+
+/**
+ * Integration tests, these should be run after Unit tests
+ */
+class TestUtmDotCodesPermissions extends WP_UnitTestCase
+{
+
+	public function setUp()
+	{
+		parent::setUp();
+	}
+
+	public function tearDown()
+	{
+		parent::tearDown();
+	}
+
+	/**
+	 * Confirm our plugin knows we're testing
+	 */
+	function test_is_test()
+	{
+		$plugin = new UtmDotCodes();
+
+		$this->assertTrue($plugin->is_test());
+	}
+
+	/**
+	 * Confirm the user can edit their own links.
+	 *
+	 * @depends test_is_test
+	 */
+	function test_admin_edit_own_post()
+	{
+		$roles = [
+			['role' => 'administrator', 'should_work' => true],
+			['role' => 'editor', 'should_work' => true],
+			['role' => 'author', 'should_work' => true],
+			['role' => 'contributor', 'should_work' => false],
+			['role' => 'subscriber', 'should_work' => false]
+		];
+
+		foreach($roles as $role) {
+			$wp_die_message = '';
+
+			try {
+				wp_set_current_user( $this->factory->user->create( array( 'role' => $role['role'] ) ) );
+				$post = $this->factory->post->create_and_get( [ 'post_type' => UtmDotCodes::POST_TYPE ] );
+
+				$test_data = [
+					'utm_source'   => wp_generate_password( 15, false ),
+					'utm_medium'   => 'utm.codes',
+					'utm_campaign' => md5( rand( 42, 4910984 ) ),
+					'utm_term'     => wp_generate_password( 15, false ),
+					'utm_content'  => md5( wp_generate_password( 30, true, true ) ),
+				];
+
+				$query_string = '?' . http_build_query( $test_data ) . '&utm_gen=utmdc';
+
+				array_map(
+					function( $key, $value ) use ( &$test_data ) {
+						$test_data[ str_replace( 'utm', UtmDotCodes::POST_TYPE, $key ) ] = $value;
+						unset( $test_data[ $key ] );
+					},
+					array_keys( $test_data ),
+					$test_data
+				);
+
+				$_POST = array_merge(
+					$test_data,
+					[
+						'post_ID'                            => $post->ID,
+						UtmDotCodes::POST_TYPE . '_url'      => 'https://www.' . uniqid() . '.test',
+						UtmDotCodes::POST_TYPE . '_shorturl' => '',
+						UtmDotCodes::POST_TYPE . '_shorten'  => '',
+						UtmDotCodes::POST_TYPE . '_batch'    => '',
+						UtmDotCodes::POST_TYPE . '_notes'    => 'Lorem ipsum dolor sit amet, consectetuer adipiscing elit.',
+					]
+				);
+
+				$test_id = edit_post();
+				$test_post = get_post( $test_id );
+			} catch ( WPDieException $e ) {
+				$wp_die_message = $e->getMessage();
+			}
+
+			if (true === $role['should_work']) {
+				$this->assertEquals(
+					'',
+					$wp_die_message
+				);
+				$this->assertEquals( $test_post->post_type, UtmDotCodes::POST_TYPE );
+				$this->assertEquals( $test_post->post_content, $_POST[ UtmDotCodes::POST_TYPE . '_url' ] . $query_string );
+				$this->assertEquals(
+					filter_var( $test_post->post_content, FILTER_VALIDATE_URL ),
+					$test_post->post_content
+				);
+				$this->assertEquals( $test_post->post_title, $_POST[ UtmDotCodes::POST_TYPE . '_url' ] );
+				$this->assertEquals( $test_post->post_status, 'publish' );
+
+				$test_meta = get_post_meta( $test_post->ID );
+				$this->assertEquals( $test_meta['utmdclink_url'][0], $_POST[ UtmDotCodes::POST_TYPE . '_url' ] );
+				$this->assertEquals( $test_meta['utmdclink_source'][0], $test_data[ UtmDotCodes::POST_TYPE . '_source' ] );
+				$this->assertEquals( $test_meta['utmdclink_medium'][0], $test_data[ UtmDotCodes::POST_TYPE . '_medium' ] );
+				$this->assertEquals( $test_meta['utmdclink_campaign'][0], $test_data[ UtmDotCodes::POST_TYPE . '_campaign' ] );
+				$this->assertEquals( $test_meta['utmdclink_term'][0], $test_data[ UtmDotCodes::POST_TYPE . '_term' ] );
+				$this->assertEquals( $test_meta['utmdclink_content'][0], $test_data[ UtmDotCodes::POST_TYPE . '_content' ] );
+				$this->assertFalse( isset( $test_meta['utmdclink_shorturl'][0] ) );
+				$this->assertEquals( $test_meta['utmdclink_notes'][0], 'Lorem ipsum dolor sit amet, consectetuer adipiscing elit.' );
+			} else {
+				$this->assertEquals(
+					'Sorry, you are not allowed to edit this post.',
+					$wp_die_message
+				);
+			}
+		}
+	}
+
+	/**
+	 * Confirm the user can edit others links.
+	 *
+	 * @depends test_is_test
+	 */
+	function test_admin_edit_others_post()
+	{
+		$roles = [
+			['role' => 'administrator', 'should_work' => true],
+			['role' => 'editor', 'should_work' => true],
+			['role' => 'author', 'should_work' => false],
+			['role' => 'contributor', 'should_work' => false],
+			['role' => 'subscriber', 'should_work' => false]
+		];
+
+		foreach($roles as $role) {
+			$wp_die_message = '';
+
+			try {
+				wp_set_current_user( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
+				$post = $this->factory->post->create_and_get( [ 'post_type' => UtmDotCodes::POST_TYPE ] );
+				wp_set_current_user( $this->factory->user->create( array( 'role' => $role['role'] ) ) );
+
+				$test_data = [
+					'utm_source'   => wp_generate_password( 15, false ),
+					'utm_medium'   => 'utm.codes',
+					'utm_campaign' => md5( rand( 42, 4910984 ) ),
+					'utm_term'     => wp_generate_password( 15, false ),
+					'utm_content'  => md5( wp_generate_password( 30, true, true ) ),
+				];
+
+				$query_string = '?' . http_build_query( $test_data ) . '&utm_gen=utmdc';
+
+				array_map(
+					function( $key, $value ) use ( &$test_data ) {
+						$test_data[ str_replace( 'utm', UtmDotCodes::POST_TYPE, $key ) ] = $value;
+						unset( $test_data[ $key ] );
+					},
+					array_keys( $test_data ),
+					$test_data
+				);
+
+				$_POST = array_merge(
+					$test_data,
+					[
+						'post_ID'                            => $post->ID,
+						UtmDotCodes::POST_TYPE . '_url'      => 'https://www.' . uniqid() . '.test',
+						UtmDotCodes::POST_TYPE . '_shorturl' => '',
+						UtmDotCodes::POST_TYPE . '_shorten'  => '',
+						UtmDotCodes::POST_TYPE . '_batch'    => '',
+						UtmDotCodes::POST_TYPE . '_notes'    => 'Lorem ipsum dolor sit amet, consectetuer adipiscing elit.',
+					]
+				);
+
+				$test_id = edit_post();
+				$test_post = get_post( $test_id );
+			} catch ( WPDieException $e ) {
+				$wp_die_message = $e->getMessage();
+			}
+
+			if (true === $role['should_work']) {
+				$this->assertEquals(
+					'',
+					$wp_die_message
+				);
+				$this->assertEquals( $test_post->post_type, UtmDotCodes::POST_TYPE );
+				$this->assertEquals( $test_post->post_content, $_POST[ UtmDotCodes::POST_TYPE . '_url' ] . $query_string );
+				$this->assertEquals(
+					filter_var( $test_post->post_content, FILTER_VALIDATE_URL ),
+					$test_post->post_content
+				);
+				$this->assertEquals( $test_post->post_title, $_POST[ UtmDotCodes::POST_TYPE . '_url' ] );
+				$this->assertEquals( $test_post->post_status, 'publish' );
+
+				$test_meta = get_post_meta( $test_post->ID );
+				$this->assertEquals( $test_meta['utmdclink_url'][0], $_POST[ UtmDotCodes::POST_TYPE . '_url' ] );
+				$this->assertEquals( $test_meta['utmdclink_source'][0], $test_data[ UtmDotCodes::POST_TYPE . '_source' ] );
+				$this->assertEquals( $test_meta['utmdclink_medium'][0], $test_data[ UtmDotCodes::POST_TYPE . '_medium' ] );
+				$this->assertEquals( $test_meta['utmdclink_campaign'][0], $test_data[ UtmDotCodes::POST_TYPE . '_campaign' ] );
+				$this->assertEquals( $test_meta['utmdclink_term'][0], $test_data[ UtmDotCodes::POST_TYPE . '_term' ] );
+				$this->assertEquals( $test_meta['utmdclink_content'][0], $test_data[ UtmDotCodes::POST_TYPE . '_content' ] );
+				$this->assertFalse( isset( $test_meta['utmdclink_shorturl'][0] ) );
+				$this->assertEquals( $test_meta['utmdclink_notes'][0], 'Lorem ipsum dolor sit amet, consectetuer adipiscing elit.' );
+			} else {
+				$this->assertEquals(
+					'Sorry, you are not allowed to edit this post.',
+					$wp_die_message
+				);
+			}
+		}
+	}
+}

classes/class-utmdotcodes.php

@@ -727,7 +727,7 @@ public function add_links( $links ) {
 	public function save_post( $post_id ) {
 		$invalid_nonce  = ( isset( $_POST[ self::NONCE_LABEL ] ) && ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST[ self::NONCE_LABEL ] ) ), UTMDC_PLUGIN_FILE ) );
 		$doing_autosave = ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE );
-		$cannot_edit    = ( ! current_user_can( 'edit_page', $post_id ) );
+		$cannot_edit    = ( ! current_user_can( 'publish_posts', $post_id ) );
 
 		if ( $invalid_nonce || $doing_autosave || $cannot_edit ) {
 			return $post_id;
@@ -1453,16 +1453,18 @@ public function load_languages() {
 	 * @return array Updated array with additional widget items.
 	 */
 	public function add_glance( $glances ) {
-		$post_count  = number_format_i18n( wp_count_posts( self::POST_TYPE )->publish );
-		$post_object = get_post_type_object( self::POST_TYPE );
-
-		$glances[] = sprintf(
-			'<a href="%s" class="%s">%s %s</a>',
-			( current_user_can( 'edit_posts' ) ) ? admin_url( 'edit.php?post_type=' . $post_object->name ) : 'javascript:;',
-			'utmdclink-count',
-			$post_count,
-			_n( 'Marketing Link', 'Marketing Links', $post_count, 'utm-dot-codes' )
-		);
+		if ( current_user_can( 'publish_posts' ) ) {
+			$post_count  = number_format_i18n( wp_count_posts( self::POST_TYPE )->publish );
+			$post_object = get_post_type_object( self::POST_TYPE );
+
+			$glances[] = sprintf(
+				'<a href="%s" class="%s">%s %s</a>',
+				admin_url( 'edit.php?post_type=' . $post_object->name ),
+				'utmdclink-count',
+				$post_count,
+				_n( 'Marketing Link', 'Marketing Links', $post_count, 'utm-dot-codes' )
+			);
+		}
 
 		return $glances;
 	}

composer.json

@@ -1,13 +1,13 @@
 {
     "name": "asdfdotdev/utm.codes",
-    "version": "1.7.0",
+    "version": "1.7.1",
     "description": "A plugin that makes building analytics friendly links quick and easy.",
     "type": "wordpress-plugin",
     "require-dev": {
         "squizlabs/php_codesniffer": "^3.5",
-        "wp-coding-standards/wpcs": "2.2",
+        "wp-coding-standards/wpcs": "2.3",
         "phpcompatibility/php-compatibility": "^9.3",
-        "dealerdirect/phpcodesniffer-composer-installer": "^0.6",
+        "dealerdirect/phpcodesniffer-composer-installer": "^0.7",
         "phpunit/phpunit": "^7.5"
     },
     "license": "GPL-2.0-only",