Some cap checks for app from josephscott.

git-svn-id: http://svn.automattic.com/wordpress/trunk@6507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-12-28 00:46:18 +00:00
parent ebdaaae6d3
commit 0aa5bf4862
1 changed files with 15 additions and 2 deletions

View File

@ -163,6 +163,10 @@ class AtomServer {
function get_service() { function get_service() {
log_app('function','get_service()'); log_app('function','get_service()');
if( !current_user_can( 'edit_posts' ) )
$this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
$entries_url = attribute_escape($this->get_entries_url()); $entries_url = attribute_escape($this->get_entries_url());
$categories_url = attribute_escape($this->get_categories_url()); $categories_url = attribute_escape($this->get_categories_url());
$media_url = attribute_escape($this->get_attachments_url()); $media_url = attribute_escape($this->get_attachments_url());
@ -192,8 +196,11 @@ EOD;
} }
function get_categories_xml() { function get_categories_xml() {
log_app('function','get_categories_xml()'); log_app('function','get_categories_xml()');
if( !current_user_can( 'edit_posts' ) )
$this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
$home = attribute_escape(get_bloginfo_rss('home')); $home = attribute_escape(get_bloginfo_rss('home'));
$categories = ""; $categories = "";
@ -285,8 +292,11 @@ EOD;
} }
function get_post($postID) { function get_post($postID) {
global $entry; global $entry;
if( !current_user_can( 'edit_post', $postID ) )
$this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) );
$this->set_current_entry($postID); $this->set_current_entry($postID);
$output = $this->get_entry($postID); $output = $this->get_entry($postID);
log_app('function',"get_post($postID)"); log_app('function',"get_post($postID)");
@ -372,6 +382,9 @@ EOD;
} }
function get_attachment($postID = NULL) { function get_attachment($postID = NULL) {
if( !current_user_can( 'upload_files' ) )
$this->auth_required( __( 'Sorry, you do not have the right to file uploads on this blog.' ) );
if (!isset($postID)) { if (!isset($postID)) {
$this->get_attachments(); $this->get_attachments();
} else { } else {