add test for taxes endpoint as cashier role

wcpos · Jan 13, 2024 · 93f2d05 · 93f2d05
1 parent 2e50c26
commit 93f2d05
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 32 deletions.
diff --git a/includes/API/Orders_Controller.php b/includes/API/Orders_Controller.php
@@ -12,6 +12,7 @@
 use WC_Email_Customer_Invoice;
 use WC_Abstract_Order;
 use WC_Order_Query;
+use WC_Order_Item;
 use WC_REST_Orders_Controller;
 use WCPOS\WooCommercePOS\Logger;
 use WP_REST_Request;

diff --git a/includes/API/Taxes_Controller.php b/includes/API/Taxes_Controller.php
@@ -39,25 +39,39 @@ class Taxes_Controller extends WC_REST_Taxes_Controller {
 	 */
 	public function __construct() {
 		add_filter( 'woocommerce_pos_rest_dispatch_taxes_request', array( $this, 'wcpos_dispatch_request' ), 10, 4 );
-		add_filter( 'woocommerce_rest_check_permissions', array( $this, 'check_permissions' ) );
 
 		if ( method_exists( parent::class, '__construct' ) ) {
 			parent::__construct();
 		}
 	}
 
 	/**
-	 * Check if the current user can view the taxes.
-	 * Note: WC REST API currently requires manage_woocommerce capability to access the endpoint (even for read only).
-	 * This would stop the Cashier role from being able to view the taxes, so we check for read_private_products instead.
+	 * Check whether a given request has permission to read taxes.
 	 *
-	 * @param mixed $permission
+	 * @param  WP_REST_Request $request Full details about the request.
+	 * @return WP_Error|boolean
+	 */
+	public function get_items_permissions_check( $request ) {
+		$permission = parent::get_items_permissions_check( $request );
+
+		if ( is_wp_error( $permission ) && current_user_can( 'read_private_products' ) ) {
+			return true;
+		}
+
+		return $permission;
+	}
+
+	/**
+	 * Check if a given request has access to read a tax.
 	 *
-	 * @return bool
+	 * @param  WP_REST_Request $request Full details about the request.
+	 * @return WP_Error|boolean
 	 */
-	public function check_permissions( $permission ) {
-		if ( ! $permission ) {
-			return current_user_can( 'read_private_products' );
+	public function get_item_permissions_check( $request ) {
+		$permission = parent::get_items_permissions_check( $request );
+
+		if ( is_wp_error( $permission ) && current_user_can( 'read_private_products' ) ) {
+			return true;
 		}
 
 		return $permission;
@@ -180,26 +194,6 @@ private function wcpos_insert_tax_where_clause( $query, $condition ) {
 		return $query;
 	}
 
-	/**
-	 * Check if the current user can view the taxes.
-	 * Note: WC REST API currently requires manage_woocommerce capability to access the endpoint (even for read only).
-	 * This would stop the Cashier role from being able to view the taxes, so we check for read_private_products instead.
-	 *
-	 * @param WP_REST_Request $request
-	 *
-	 * @return bool|WP_Error
-	 */
-	public function get_item_permissions_check( $request ) {
-		// no typing when overriding parent method
-		$permission = parent::get_item_permissions_check( $request );
-
-		if ( ! $permission && current_user_can( 'read_private_products' ) ) {
-			return true;
-		}
-
-		return $permission;
-	}
-
 	/**
 	 * Returns array of all tax_rate ids.
 	 *

diff --git a/tests/includes/API/Test_Taxes_Controller.php b/tests/includes/API/Test_Taxes_Controller.php
@@ -64,7 +64,7 @@ public function get_expected_response_fields() {
 		);
 	}
 
-	public function test_product_category_api_get_all_fields(): void {
+	public function test_taxes_api_get_all_fields(): void {
 		$expected_response_fields = $this->get_expected_response_fields();
 
 		$tax_id   = TaxHelper::create_tax_rate(
@@ -87,7 +87,7 @@ public function test_product_category_api_get_all_fields(): void {
 		$this->assertEmpty( array_diff( $response_fields, $expected_response_fields ), 'These fields were not expected in the WCPOS API response: ' . print_r( array_diff( $response_fields, $expected_response_fields ), true ) );
 	}
 
-	public function test_product_category_api_get_all_ids(): void {
+	public function test_taxes_api_get_all_ids(): void {
 		$gb_tax_ids = TaxHelper::create_sample_tax_rates_GB();
 		$us_tax_ids = TaxHelper::create_sample_tax_rates_US();
 
@@ -106,6 +106,24 @@ public function test_product_category_api_get_all_ids(): void {
 		$this->assertEqualsCanonicalizing( array_merge( $gb_tax_ids, $us_tax_ids ), $ids );
 	}
 
+	/**
+	 * The Tax endpoint is not accessible by cashiers by default.
+	 */
+	public function test_taxes_api_get_for_cashier() {
+		$cashier_user_id = $this->factory->user->create( array( 'role' => 'cashier' ) );
+		wp_set_current_user( $cashier_user_id );
+
+		$gb_tax_ids = TaxHelper::create_sample_tax_rates_GB();
+		$request     = $this->wp_rest_get_request( '/wcpos/v1/taxes' );
+		$response = $this->server->dispatch( $request );
+		$this->assertEquals( 200, $response->get_status() );
+
+		$data = $response->get_data();
+		$this->assertEquals( 3, \count( $data ) );
+
+		wp_set_current_user( 0 );
+	}
+
 	/**
 	 * The WC REST API does not support the include param.
 	 * This test is to ensure that the include param is supported in the WCPOS API.

diff --git a/tests/mockable-functions.php b/tests/mockable-functions.php
@@ -6,7 +6,7 @@
  */
 
 return array(
-	'current_user_can',
+	// 'current_user_can',
 	'get_bloginfo',
 	'get_woocommerce_currencies',
 	'get_woocommerce_currency_symbol',