From adadb2839a4143bba9ce45a4a10a385fe6a9657e Mon Sep 17 00:00:00 2001
From: Doeke Norg <doekenorg@users.noreply.github.com>
Date: Fri, 16 May 2025 15:46:06 +0200
Subject: [PATCH 1/4] Fix non administrator losing capabilities

---
 src/AccessControl/WordPressAccessController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/AccessControl/WordPressAccessController.php b/src/AccessControl/WordPressAccessController.php
index 4ff137f..affed2e 100644
--- a/src/AccessControl/WordPressAccessController.php
+++ b/src/AccessControl/WordPressAccessController.php
@@ -51,7 +51,7 @@ public function __construct( ?WP_User $user ) {
 	public function can( Capability $capability ): bool {
 		$can = $this->previous->can( $capability );
 
-		if ( $this->user && $this->user->exists() ) {
+		if ( !$can && $this->user && $this->user->exists() ) {
 			$can = $this->user->has_cap( 'administrator' );
 		}
 

From 6cfab4d6a979e7d63a1bfb87ffa1a79b6fcb70f7 Mon Sep 17 00:00:00 2001
From: Doeke Norg <doekenorg@users.noreply.github.com>
Date: Fri, 16 May 2025 15:48:47 +0200
Subject: [PATCH 2/4] Fix code style

---
 src/AccessControl/WordPressAccessController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/AccessControl/WordPressAccessController.php b/src/AccessControl/WordPressAccessController.php
index affed2e..c66cd22 100644
--- a/src/AccessControl/WordPressAccessController.php
+++ b/src/AccessControl/WordPressAccessController.php
@@ -51,7 +51,7 @@ public function __construct( ?WP_User $user ) {
 	public function can( Capability $capability ): bool {
 		$can = $this->previous->can( $capability );
 
-		if ( !$can && $this->user && $this->user->exists() ) {
+		if ( ! $can && $this->user && $this->user->exists() ) {
 			$can = $this->user->has_cap( 'administrator' );
 		}
 

From 95acf2c49aba58e62ae55e6a6ff81ff30230d68d Mon Sep 17 00:00:00 2001
From: Doeke Norg <doekenorg@gmail.com>
Date: Fri, 16 May 2025 15:58:38 +0200
Subject: [PATCH 3/4] Add user access test

---
 .../WordPressAccessControllerTest.php         | 25 ++++++++++++-------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/tests/AccessControl/WordPressAccessControllerTest.php b/tests/AccessControl/WordPressAccessControllerTest.php
index 0960aa6..651596c 100644
--- a/tests/AccessControl/WordPressAccessControllerTest.php
+++ b/tests/AccessControl/WordPressAccessControllerTest.php
@@ -24,17 +24,24 @@ final class WordPressAccessControllerTest extends TestCase {
 	 */
 	public function test_can(): void {
 		$dataview = DataView::table( 'test', new ArrayDataSource( 'test', [] ), [] );
-		$user     = new WP_User( (object) [ 'ID' => 1 ], 'admin' );
-		$user->add_cap( 'administrator' );
+		$admin     = new WP_User( (object) [ 'ID' => 1 ], 'admin' );
+		$user      = new WP_User( (object) [ 'ID' => 2 ], 'user' );
+		$admin->add_cap( 'administrator' );
 
-		$guest = new WordPressAccessController( null );
-		$admin = new WordPressAccessController( $user );
+		$guest_controller = new WordPressAccessController( null );
+		$admin_controller = new WordPressAccessController( $admin );
+		$user_controller  = new WordPressAccessController( $user );
 
-		self::assertTrue( $guest->can( new ViewDataView( $dataview ) ) );
-		self::assertFalse( $guest->can( new EditDataView( $dataview ) ) );
-		self::assertFalse( $guest->can( new DeleteDataView( $dataview ) ) );
+		self::assertTrue( $guest_controller->can( new ViewDataView( $dataview ) ) );
+		self::assertFalse( $guest_controller->can( new EditDataView( $dataview ) ) );
+		self::assertFalse( $guest_controller->can( new DeleteDataView( $dataview ) ) );
 
-		self::assertTrue( $admin->can( new EditDataView( $dataview ) ) );
-		self::assertTrue( $admin->can( new DeleteDataView( $dataview ) ) );
+        self::assertTrue( $user_controller->can( new ViewDataView( $dataview ) ) );
+        self::assertFalse( $user_controller->can( new EditDataView( $dataview ) ) );
+        self::assertFalse( $user_controller->can( new DeleteDataView( $dataview ) ) );
+
+        self::assertTrue( $admin_controller->can( new ViewDataView( $dataview ) ) );
+		self::assertTrue( $admin_controller->can( new EditDataView( $dataview ) ) );
+		self::assertTrue( $admin_controller->can( new DeleteDataView( $dataview ) ) );
 	}
 }

From 49294b2038bf320eda5b05e2cee3a8a8d9c50ca9 Mon Sep 17 00:00:00 2001
From: Doeke Norg <doekenorg@gmail.com>
Date: Fri, 16 May 2025 16:00:30 +0200
Subject: [PATCH 4/4] fix tab indents

---
 tests/AccessControl/WordPressAccessControllerTest.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/AccessControl/WordPressAccessControllerTest.php b/tests/AccessControl/WordPressAccessControllerTest.php
index 651596c..b41b380 100644
--- a/tests/AccessControl/WordPressAccessControllerTest.php
+++ b/tests/AccessControl/WordPressAccessControllerTest.php
@@ -36,11 +36,11 @@ public function test_can(): void {
 		self::assertFalse( $guest_controller->can( new EditDataView( $dataview ) ) );
 		self::assertFalse( $guest_controller->can( new DeleteDataView( $dataview ) ) );
 
-        self::assertTrue( $user_controller->can( new ViewDataView( $dataview ) ) );
-        self::assertFalse( $user_controller->can( new EditDataView( $dataview ) ) );
-        self::assertFalse( $user_controller->can( new DeleteDataView( $dataview ) ) );
+		self::assertTrue( $user_controller->can( new ViewDataView( $dataview ) ) );
+		self::assertFalse( $user_controller->can( new EditDataView( $dataview ) ) );
+		self::assertFalse( $user_controller->can( new DeleteDataView( $dataview ) ) );
 
-        self::assertTrue( $admin_controller->can( new ViewDataView( $dataview ) ) );
+		self::assertTrue( $admin_controller->can( new ViewDataView( $dataview ) ) );
 		self::assertTrue( $admin_controller->can( new EditDataView( $dataview ) ) );
 		self::assertTrue( $admin_controller->can( new DeleteDataView( $dataview ) ) );
 	}