Merge pull request #72 from kidunot89/feature/add-fee-mutation-cap-check

`edit_shop_order` cap check in addFee

Author: kidunot89

src/mutation/class-cart-add-fee.php

@@ -85,7 +85,10 @@ public static function get_output_fields() {
 	 */
 	public static function mutate_and_get_payload() {
 		return function( $input, AppContext $context, ResolveInfo $info ) {
-			// Retrieve product database ID if relay ID provided.
+			if ( ! current_user_can( 'edit_shop_orders' ) ) {
+				throw new UserError( __( 'You do not have the appropriate capabilities to perform this action', 'wp-graphql' ) );
+			}
+
 			if ( empty( $input['name'] ) ) {
 				throw new UserError( __( 'No name provided for fee', 'wp-graphql-woocommerce' ) );
 			}

tests/wpunit/CartMutationsTest.php

@@ -1,6 +1,7 @@
 <?php
 
 class CartMutationsTest extends \Codeception\TestCase\WPTestCase {
+    private $shop_manager;
     private $customer;
     private $coupon;
     private $product;
@@ -10,11 +11,12 @@ class CartMutationsTest extends \Codeception\TestCase\WPTestCase {
     public function setUp() {
         parent::setUp();
 
-        $this->customer  = $this->getModule('\Helper\Wpunit')->customer();
-        $this->coupon    = $this->getModule('\Helper\Wpunit')->coupon();
-        $this->product   = $this->getModule('\Helper\Wpunit')->product();
-        $this->variation = $this->getModule('\Helper\Wpunit')->product_variation();
-        $this->cart      = $this->getModule('\Helper\Wpunit')->cart();
+        $this->shop_manager = $this->factory->user->create( array( 'role' => 'shop_manager' ) );
+        $this->customer     = $this->getModule('\Helper\Wpunit')->customer();
+        $this->coupon       = $this->getModule('\Helper\Wpunit')->coupon();
+        $this->product      = $this->getModule('\Helper\Wpunit')->product();
+        $this->variation    = $this->getModule('\Helper\Wpunit')->product_variation();
+        $this->cart         = $this->getModule('\Helper\Wpunit')->cart();
     }
 
     public function tearDown() {
@@ -899,6 +901,20 @@ public function testAddFeeMutation() {
         // use --debug flag to view.
         codecept_debug( $actual );
 
+        $this->assertArrayHasKey('errors', $actual );
+
+        wp_set_current_user( $this->shop_manager );
+        $actual    = graphql(
+            array(
+                'query'          => $mutation,
+                'operation_name' => 'addFee',
+                'variables'      => $variables,
+            )
+        );
+
+        // use --debug flag to view.
+        codecept_debug( $actual );
+
         $expected = array(
             'data' => array(
                 'addFee' => array(

vendor/autoload.php

@@ -4,4 +4,4 @@
 
 require_once __DIR__ . '/composer/autoload_real.php';
 
-return ComposerAutoloaderInit7d7a45761e5e9f310de9b228d2235d8e::getLoader();
+return ComposerAutoloaderInit04455a9e28ec460217bb4717433625c0::getLoader();

vendor/composer/autoload_real.php

@@ -2,7 +2,7 @@
 
 // autoload_real.php @generated by Composer
 
-class ComposerAutoloaderInit7d7a45761e5e9f310de9b228d2235d8e
+class ComposerAutoloaderInit04455a9e28ec460217bb4717433625c0
 {
     private static $loader;
 
@@ -19,15 +19,15 @@ public static function getLoader()
             return self::$loader;
         }
 
-        spl_autoload_register(array('ComposerAutoloaderInit7d7a45761e5e9f310de9b228d2235d8e', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInit04455a9e28ec460217bb4717433625c0', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader();
-        spl_autoload_unregister(array('ComposerAutoloaderInit7d7a45761e5e9f310de9b228d2235d8e', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInit04455a9e28ec460217bb4717433625c0', 'loadClassLoader'));
 
         $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
         if ($useStaticLoader) {
             require_once __DIR__ . '/autoload_static.php';
 
-            call_user_func(\Composer\Autoload\ComposerStaticInit7d7a45761e5e9f310de9b228d2235d8e::getInitializer($loader));
+            call_user_func(\Composer\Autoload\ComposerStaticInit04455a9e28ec460217bb4717433625c0::getInitializer($loader));
         } else {
             $map = require __DIR__ . '/autoload_namespaces.php';
             foreach ($map as $namespace => $path) {

vendor/composer/autoload_static.php

@@ -4,7 +4,7 @@
 
 namespace Composer\Autoload;
 
-class ComposerStaticInit7d7a45761e5e9f310de9b228d2235d8e
+class ComposerStaticInit04455a9e28ec460217bb4717433625c0
 {
     public static $prefixLengthsPsr4 = array (
         'W' => 
@@ -115,9 +115,9 @@ class ComposerStaticInit7d7a45761e5e9f310de9b228d2235d8e
     public static function getInitializer(ClassLoader $loader)
     {
         return \Closure::bind(function () use ($loader) {
-            $loader->prefixLengthsPsr4 = ComposerStaticInit7d7a45761e5e9f310de9b228d2235d8e::$prefixLengthsPsr4;
-            $loader->prefixDirsPsr4 = ComposerStaticInit7d7a45761e5e9f310de9b228d2235d8e::$prefixDirsPsr4;
-            $loader->classMap = ComposerStaticInit7d7a45761e5e9f310de9b228d2235d8e::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticInit04455a9e28ec460217bb4717433625c0::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticInit04455a9e28ec460217bb4717433625c0::$prefixDirsPsr4;
+            $loader->classMap = ComposerStaticInit04455a9e28ec460217bb4717433625c0::$classMap;
 
         }, null, ClassLoader::class);
     }