Enhance bulk action handlers to validate user permissions and post conditions, and improve unit test coverage.

Author: enricobattocchi

src/handlers/bulk-handler.php

@@ -92,16 +92,17 @@ public function rewrite_bulk_action_handler( $redirect_to, $doaction, $post_ids
 		$skipped = 0;
 		if ( \is_array( $post_ids ) ) {
 			foreach ( $post_ids as $post_id ) {
+				$post = \get_post( $post_id );
+				if ( empty( $post ) || ! $this->permissions_helper->should_rewrite_and_republish_be_allowed( $post ) ) {
+					continue;
+				}
 				if ( ! \current_user_can( 'edit_post', $post_id ) ) {
 					++$skipped;
 					continue;
 				}
-				$post = \get_post( $post_id );
-				if ( ! empty( $post ) && $this->permissions_helper->should_rewrite_and_republish_be_allowed( $post ) ) {
-					$new_post_id = $this->post_duplicator->create_duplicate_for_rewrite_and_republish( $post );
-					if ( ! \is_wp_error( $new_post_id ) ) {
-						++$counter;
-					}
+				$new_post_id = $this->post_duplicator->create_duplicate_for_rewrite_and_republish( $post );
+				if ( ! \is_wp_error( $new_post_id ) ) {
+					++$counter;
 				}
 			}
 		}
@@ -130,20 +131,22 @@ public function clone_bulk_action_handler( $redirect_to, $doaction, $post_ids )
 		$skipped = 0;
 		if ( \is_array( $post_ids ) ) {
 			foreach ( $post_ids as $post_id ) {
+				$post = \get_post( $post_id );
+				if ( empty( $post ) || $this->permissions_helper->is_rewrite_and_republish_copy( $post ) ) {
+					continue;
+				}
+				if ( \intval( \get_option( 'duplicate_post_copychildren' ) ) === 1
+					&& \is_post_type_hierarchical( $post->post_type )
+					&& Utils::has_ancestors_marked( $post, $post_ids )
+				) {
+					continue;
+				}
 				if ( ! \current_user_can( 'edit_post', $post_id ) ) {
 					++$skipped;
 					continue;
 				}
-				$post = \get_post( $post_id );
-				if ( ! empty( $post ) && ! $this->permissions_helper->is_rewrite_and_republish_copy( $post ) ) {
-					if ( \intval( \get_option( 'duplicate_post_copychildren' ) !== 1 )
-						|| ! \is_post_type_hierarchical( $post->post_type )
-						|| ( \is_post_type_hierarchical( $post->post_type ) && ! Utils::has_ancestors_marked( $post, $post_ids ) )
-					) {
-						if ( ! \is_wp_error( \duplicate_post_create_duplicate( $post ) ) ) {
-							++$counter;
-						}
-					}
+				if ( ! \is_wp_error( \duplicate_post_create_duplicate( $post ) ) ) {
+					++$counter;
 				}
 			}
 		}

tests/Unit/Handlers/Bulk_Handler_Test.php

@@ -92,7 +92,39 @@ public function test_clone_bulk_action_handler_returns_early_for_wrong_action()
 	 * @return void
 	 */
 	public function test_clone_bulk_action_handler_skips_posts_user_cannot_edit() {
-		$redirect_to = 'http://example.com/wp-admin/edit.php';
+		$redirect_to      = 'http://example.com/wp-admin/edit.php';
+		$post1            = Mockery::mock( WP_Post::class );
+		$post1->ID        = 1;
+		$post1->post_type = 'post';
+		$post2            = Mockery::mock( WP_Post::class );
+		$post2->ID        = 2;
+		$post2->post_type = 'post';
+
+		Monkey\Functions\expect( 'get_post' )
+			->with( 1 )
+			->andReturn( $post1 );
+
+		Monkey\Functions\expect( 'get_post' )
+			->with( 2 )
+			->andReturn( $post2 );
+
+		$this->permissions_helper
+			->allows( 'is_rewrite_and_republish_copy' )
+			->with( $post1 )
+			->andReturn( false );
+
+		$this->permissions_helper
+			->allows( 'is_rewrite_and_republish_copy' )
+			->with( $post2 )
+			->andReturn( false );
+
+		Monkey\Functions\expect( 'get_option' )
+			->with( 'duplicate_post_copychildren' )
+			->andReturn( 0 );
+
+		Monkey\Functions\expect( 'is_post_type_hierarchical' )
+			->with( 'post' )
+			->andReturn( false );
 
 		Monkey\Functions\expect( 'current_user_can' )
 			->with( 'edit_post', 1 )
@@ -189,7 +221,31 @@ public function test_rewrite_bulk_action_handler_returns_early_for_wrong_action(
 	 * @return void
 	 */
 	public function test_rewrite_bulk_action_handler_skips_posts_user_cannot_edit() {
-		$redirect_to = 'http://example.com/wp-admin/edit.php';
+		$redirect_to        = 'http://example.com/wp-admin/edit.php';
+		$post1              = Mockery::mock( WP_Post::class );
+		$post1->ID          = 1;
+		$post1->post_status = 'publish';
+		$post2              = Mockery::mock( WP_Post::class );
+		$post2->ID          = 2;
+		$post2->post_status = 'publish';
+
+		Monkey\Functions\expect( 'get_post' )
+			->with( 1 )
+			->andReturn( $post1 );
+
+		Monkey\Functions\expect( 'get_post' )
+			->with( 2 )
+			->andReturn( $post2 );
+
+		$this->permissions_helper
+			->allows( 'should_rewrite_and_republish_be_allowed' )
+			->with( $post1 )
+			->andReturn( true );
+
+		$this->permissions_helper
+			->allows( 'should_rewrite_and_republish_be_allowed' )
+			->with( $post2 )
+			->andReturn( true );
 
 		Monkey\Functions\expect( 'current_user_can' )
 			->with( 'edit_post', 1 )