WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update _wp_translate_postdata() capability checks to use Post Type API capability fields. Props duck_. Fixes #12987 

git-svn-id: http://svn.automattic.com/wordpress/trunk@14130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
dd32 2010-04-18 04:26:39 +00:00
parent cf0e90578e
commit 34c57058bf
1 changed files with 6 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
wp-admin/includes/post.php
View File

@ -44,16 +44,15 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
} }
} }
$ptype = get_post_type_object( $post_data['post_type'] );
if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) { if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) {
if ( 'page' == $post_data['post_type'] ) { if ( !current_user_can( $ptype->edit_others_cap ) ) {
if ( !current_user_can( 'edit_others_pages' ) ) { if ( 'page' == $post_data['post_type'] ) {
return new WP_Error( 'edit_others_pages', $update ? return new WP_Error( 'edit_others_pages', $update ?
__( 'You are not allowed to edit pages as this user.' ) : __( 'You are not allowed to edit pages as this user.' ) :
__( 'You are not allowed to create pages as this user.' ) __( 'You are not allowed to create pages as this user.' )
); );
} } else {
} else {
if ( !current_user_can( 'edit_others_posts' ) ) {
return new WP_Error( 'edit_others_posts', $update ? return new WP_Error( 'edit_others_posts', $update ?
__( 'You are not allowed to edit posts as this user.' ) : __( 'You are not allowed to edit posts as this user.' ) :
__( 'You are not allowed to post as this user.' ) __( 'You are not allowed to post as this user.' )
@ -82,15 +81,8 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
// Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published. // Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published.
// Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts. // Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts.
if ( isset( $post_data['post_type'] ) && 'page' == $post_data['post_type'] ) { if ( isset($post_data['post_status']) && ('publish' == $post_data['post_status'] && !current_user_can( $ptype->publish_cap )) )
$publish_cap = 'publish_pages'; if ( $previous_status != 'publish' || !current_user_can( 'edit_post', $post_id ) )
$edit_cap = 'edit_published_pages';
} else {
$publish_cap = 'publish_posts';
$edit_cap = 'edit_published_posts';
}
if ( isset($post_data['post_status']) && ('publish' == $post_data['post_status'] && !current_user_can( $publish_cap )) )
if ( $previous_status != 'publish' || !current_user_can( $edit_cap ) )
$post_data['post_status'] = 'pending'; $post_data['post_status'] = 'pending';
if ( ! isset($post_data['post_status']) ) if ( ! isset($post_data['post_status']) )