chore: improved test

Author: preda-bogdan

tests/test-ajax.php

@@ -20,6 +20,13 @@ class Test_Visualizer_Ajax extends WP_Ajax_UnitTestCase {
 	 */
 	private $admin_user_id;
 
+	/**
+	 * Contributor user ID.
+	 *
+	 * @var int
+	 */
+	private $contibutor_user_id;
+
 	/**
 	 * Subscriber user ID.
 	 *
@@ -39,6 +46,12 @@ public function setUp() {
 		);
 		wp_set_current_user( $this->admin_user_id );
 
+		$this->contibutor_user_id = $this->factory->user->create(
+			array(
+				'role' => 'contributor',
+			)
+		);
+
 		$this->subscriber_user_id = $this->factory->user->create(
 			array(
 				'role' => 'subscriber',
@@ -126,6 +139,34 @@ public function test_ajax_response_get_query_data_valid_query_with_filtered_colu
 		$this->assertTrue( $response->success );
 	}
 
+	/**
+	 * Test the AJAX response for fetching the database data with user capability.
+	 */
+	public function test_ajax_response_get_query_data_contributor_dissallow() {
+		wp_set_current_user( $this->contibutor_user_id );
+		$this->_setRole( 'contributor' );
+
+		$_GET['security'] = wp_create_nonce( Visualizer_Plugin::ACTION_FETCH_DB_DATA . Visualizer_Plugin::VERSION );
+
+		$_POST['params'] = array(
+			'query' => "/**/UPDATE wp_options SET option_value='administrator' WHERE option_name='default_role' --",
+			'chart_id' => 1,
+		);
+		try {
+			// Trigger the AJAX action
+			$this->_handleAjax( Visualizer_Plugin::ACTION_FETCH_DB_DATA );
+		} catch ( WPAjaxDieContinueException $e ) {
+			// We expected this, do nothing.
+		}
+
+		$response = json_decode( $this->_last_response );
+		$this->assertIsObject( $response );
+		$this->assertObjectHasAttribute( 'success', $response );
+		$this->assertObjectHasAttribute( 'data', $response );
+		$this->assertEquals( 'Action not allowed for this user.', $response->data->msg );
+		$this->assertFalse( $response->success );
+	}
+
 	/**
 	 * Test the AJAX response for fetching the database data with user capability.
 	 */