From 28cc8c8b56fcd50d54f2fef1e15cbd9c62b79272 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 9 Dec 2008 17:31:43 +0000 Subject: [PATCH] Don't show preview link if user can't edit post/page. fixes #8544 git-svn-id: http://svn.automattic.com/wordpress/trunk@10146 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/template.php | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index e856b9888b..499c8d9125 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -1386,10 +1386,12 @@ function _post_row($a_post, $pending_comments, $mode) { $actions['inline hide-if-no-js'] = '' . __('Quick Edit') . ''; $actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . ""; } - if ( in_array($post->post_status, array('pending', 'draft')) ) - $actions['view'] = '' . __('Preview') . ''; - else + if ( in_array($post->post_status, array('pending', 'draft')) ) { + if ( current_user_can('edit_post', $post->ID) ) + $actions['view'] = '' . __('Preview') . ''; + } else { $actions['view'] = '' . __('View') . ''; + } $action_count = count($actions); $i = 0; echo '
'; @@ -1569,13 +1571,17 @@ foreach ($posts_columns as $column_name=>$column_display_name) { >ID ) ) { ?>"> ' . __('Edit') . ''; - $actions['inline'] = '' . __('Quick Edit') . ''; - $actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . ""; - if ( in_array($post->post_status, array('pending', 'draft')) ) - $actions['view'] = '' . __('Preview') . ''; - else + if ( current_user_can('edit_page', $page->ID) ) { + $actions['edit'] = '' . __('Edit') . ''; + $actions['inline'] = '' . __('Quick Edit') . ''; + $actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . ""; + } + if ( in_array($post->post_status, array('pending', 'draft')) ) { + if ( current_user_can('edit_page', $page->ID) ) + $actions['view'] = '' . __('Preview') . ''; + } else { $actions['view'] = '' . __('View') . ''; + } $action_count = count($actions); $i = 0;