XMLRPC: Introduce new create,read,update and delete XMLRPC apis for Posts, Pages and all Custom Post Types.

Introduces: wp.newPost, wp.editPost, wp.deletePost, wp.getPost, and wp.getPosts
See #18429, #18430, #18431, #18432, and #18433 props maxcutler and markoheijnen.


git-svn-id: http://svn.automattic.com/wordpress/trunk@19848 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/class-wp-xmlrpc-server.php

@@ -36,6 +36,11 @@ class wp_xmlrpc_server extends IXR_Server {
 		$this->methods = array(
 			// WordPress API
 			'wp.getUsersBlogs'		=> 'this:wp_getUsersBlogs',
+			'wp.newPost'			=> 'this:wp_newPost',
+			'wp.editPost'			=> 'this:wp_editPost',
+			'wp.deletePost'			=> 'this:wp_deletePost',
+			'wp.getPost'			=> 'this:wp_getPost',
+			'wp.getPosts'			=> 'this:wp_getPosts',
 			'wp.getPage'			=> 'this:wp_getPage',
 			'wp.getPages'			=> 'this:wp_getPages',
 			'wp.newPage'			=> 'this:wp_newPage',
@@ -446,6 +451,636 @@ class wp_xmlrpc_server extends IXR_Server {
 		return $struct;
 	}
 
+	/**
+	 * Prepares post data for return in an XML-RPC object.
+	 *
+	 * @access private
+	.*
+	 * @param array $post The unprepared post data
+	 * @param array $fields The subset of post fields to return
+	 * @return array The prepared post data
+	 */
+	function _prepare_post( $post, $fields ) {
+		// holds the data for this post. built up based on $fields
+		$_post = array( 'post_id' => $post['ID'] );
+
+		// prepare common post fields
+		$post_fields = array(
+			'post_title'        => $post['post_title'],
+			'post_date'         => new IXR_Date( mysql2date( 'Ymd\TH:i:s', $post['post_date'], false ) ),
+			'post_date_gmt'     => new IXR_Date( mysql2date( 'Ymd\TH:i:s', $post['post_date_gmt'], false ) ),
+			'post_modified'     => new IXR_Date( mysql2date( 'Ymd\TH:i:s', $post['post_modified'], false ) ),
+			'post_modified_gmt' => new IXR_Date( mysql2date( 'Ymd\TH:i:s', $post['post_modified_gmt'], false ) ),
+			'post_status'       => $post['post_status'],
+			'post_type'         => $post['post_type'],
+			'post_name'         => $post['post_name'],
+			'post_author'       => $post['post_author'],
+			'post_password'     => $post['post_password'],
+			'post_excerpt'      => $post['post_excerpt'],
+			'post_content'      => $post['post_content'],
+			'link'              => post_permalink( $post['ID'] ),
+			'comment_status'    => $post['comment_status'],
+			'ping_status'       => $post['ping_status'],
+			'sticky'            => ( $post['post_type'] === 'post' && is_sticky( $post['ID'] ) ),
+		);
+
+		// Consider future posts as published
+		if ( $post_fields['post_status'] === 'future' )
+			$post_fields['post_status'] = 'publish';
+
+		// Fill in blank post format
+		$post_fields['post_format'] = get_post_format( $post['ID'] );
+		if ( empty( $post_fields['post_format'] ) )
+			$post_fields['post_format'] = 'standard';
+
+		// Merge requested $post_fields fields into $_post
+		if ( in_array( 'post', $fields ) ) {
+			$_post = array_merge( $_post, $post_fields );
+		} else {
+			$requested_fields = array_intersect_key( $post_fields, array_flip( $fields ) );
+			$_post = array_merge( $_post, $requested_fields );
+		}
+
+		$all_taxonomy_fields = in_array( 'taxonomies', $fields );
+
+		if ( $all_taxonomy_fields || in_array( 'terms', $fields ) ) {
+			$post_type_taxonomies = get_object_taxonomies( $post['post_type'], 'names' );
+			$terms = wp_get_object_terms( $post['ID'], $post_type_taxonomies );
+			$_post['terms'] = array();
+			foreach ( $terms as $term ) {
+				$_post['terms'][] = (array) $term;
+			}
+		}
+
+		// backward compatiblity
+		if ( $all_taxonomy_fields || in_array( 'tags', $fields ) ) {
+			$tagnames = array();
+			$tags = wp_get_post_tags( $post['ID'] );
+			if ( ! empty( $tags ) ) {
+				foreach ( $tags as $tag ) {
+					$tagnames[] = $tag->name;
+				}
+				$tagnames = implode( ', ', $tagnames );
+			} else {
+				$tagnames = '';
+			}
+			$_post['tags'] = $tagnames;
+		}
+
+		// backward compatiblity
+		if ( $all_taxonomy_fields || in_array( 'categories', $fields ) ) {
+			$categories = array();
+			$catids = wp_get_post_categories( $post['ID'] );
+			foreach ( $catids as $catid ) {
+				$categories[] = get_cat_name( $catid );
+			}
+			$_post['categories'] = $categories;
+		}
+
+		if ( in_array( 'custom_fields', $fields ) )
+			$_post['custom_fields'] = $this->get_custom_fields( $post['ID'] );
+
+		if ( in_array( 'enclosure', $fields ) ) {
+			$_post['enclosure'] = array();
+			$enclosures = (array) get_post_meta( $post['ID'], 'enclosure' );
+			if ( ! empty( $enclosures ) ) {
+				$encdata = explode( "\n", $enclosures[0] );
+				$_post['enclosure']['url'] = trim( htmlspecialchars( $encdata[0] ) );
+				$_post['enclosure']['length'] = (int) trim( $encdata[1] );
+				$_post['enclosure']['type'] = trim( $encdata[2] );
+			}
+		}
+
+		return apply_filters( 'xmlrpc__prepare_post', $_post, $post, $fields );
+	}
+
+	/**
+	 * Create a new post for any registered post type.
+	 *
+	 * @uses wp_insert_post()
+	 * @param array $args Method parameters. Contains:
+	 *  - int     $blog_id
+	 *  - string  $username
+	 *  - string  $password
+	 *  - array   $content_struct
+	 *      $content_struct can contain:
+	 *      - post_type (default: 'post')
+	 *      - post_status (default: 'draft')
+	 *      - post_title
+	 *      - post_author
+	 *      - post_exerpt
+	 *      - post_content
+	 *      - post_date_gmt | post_date
+	 *      - post_format
+	 *      - post_password
+	 *      - comment_status - can be 'open' | 'closed'
+	 *      - ping_status - can be 'open' | 'closed'
+	 *      - sticky
+	 *      - custom_fields - array, with each element containing 'key' and 'value'
+	 *      - terms - array, with taxonomy names as keys and arrays of term IDs as values
+	 *      - terms_names - array, with taxonomy names as keys and arrays of term names as values
+	 *      - enclosure
+	 *      - any other fields supported by wp_insert_post()
+	 * @return string post_id
+	 */
+	function wp_newPost( $args ) {
+		$this->escape( $args );
+
+		$blog_id        = (int) $args[0];
+		$username       = $args[1];
+		$password       = $args[2];
+		$content_struct = $args[3];
+
+		if ( ! $user = $this->login( $username, $password ) )
+			return $this->error;
+
+		do_action( 'xmlrpc_call', 'wp.newPost' );
+
+		unset( $content_struct['ID'] );
+
+		return $this->_wp_insertPost( $user, $content_struct );
+	}
+
+	/*
+	 * Helper method for filtering out elements from an array.
+	 */
+	function _is_greater_than_one( $count ){
+		return $count > 1;
+	}
+
+	/*
+	 * Helper method for wp_newPost and wp_editPost, containing shared logic.
+	 */
+	function _wp_insertPost( $user, $content_struct ) {
+		$defaults = array( 'post_status' => 'draft', 'post_type' => 'post', 'post_author' => 0,
+			'post_password' => '', 'post_excerpt' => '', 'post_content' => '', 'post_title' => '', 'sticky' => 0 );
+
+		$post_data = wp_parse_args( $content_struct, $defaults );
+
+		$post_type = get_post_type_object( $post_data['post_type'] );
+		if( ! ( (bool) $post_type ) )
+			return new IXR_Error( 403, __( 'Invalid post type' ) );
+
+		if( ! current_user_can( $post_type->cap->edit_posts ) )
+			return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) );
+
+		switch ( $post_data['post_status'] ) {
+			case 'draft':
+			case 'pending':
+				break;
+			case 'private':
+				if( ! current_user_can( $post_type->cap->publish_posts ) )
+					return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type' ));
+				break;
+			case 'publish':
+			case 'future':
+				if( ! current_user_can( $post_type->cap->publish_posts ) )
+					return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type' ));
+				break;
+			default:
+				$post_data['post_status'] = 'draft';
+			break;
+		}
+
+		if ( ! empty( $post_data['post_password'] ) && ! current_user_can( $post_type->cap->publish_posts ) )
+			return new IXR_Error( 401, __( 'Sorry, you are not allowed to create password protected posts in this post type' ) );
+
+
+		$post_data['post_author'] = absint( $post_data['post_author'] );
+		if( ! empty( $post_data['post_author'] ) && $post_data['post_author'] != $user->ID ) {
+			if( ! current_user_can( $post_type->cap->edit_others_posts ) )
+				return new IXR_Error( 401, __( 'You are not allowed to create posts as this user.' ) );
+
+			$author = get_userdata( $post_data['post_author'] );
+
+			if( ! $author )
+				return new IXR_Error( 404, __( 'Invalid author ID.' ) );
+		}
+		else {
+			$post_data['post_author'] = $user->ID;
+		}
+
+		if( isset( $post_data['comment_status'] ) ) {
+			if( ! post_type_supports( $post_data['post_type'], 'comments' ) || ( $post_data['comment_status'] != 'open' && $post_data['comment_status'] != 'closed' ) ) {
+				unset( $post_data['comment_status'] );
+			}
+		}
+
+		if( isset( $post_data['ping_status'] ) ) {
+			if( ! post_type_supports( $post_data['post_type'], 'trackbacks' ) || ( $post_data['ping_status'] != 'open' && $post_data['ping_status'] != 'closed' ) ) {
+				unset( $post_data['ping_status'] );
+			}
+		}
+
+		// Do some timestamp voodoo
+		if ( ! empty( $post_data['post_date_gmt'] ) ) {
+			// We know this is supposed to be GMT, so we're going to slap that Z on there by force
+			$dateCreated = str_replace( 'Z', '', $post_data['post_date_gmt']->getIso() ) . 'Z'; 
+		}elseif ( ! empty( $post_data['post_date'] ) ) {
+			$dateCreated = $post_data['post_date']->getIso();
+		}
+
+		if ( ! empty( $dateCreated ) ) {
+			$post_data['post_date'] = get_date_from_gmt( iso8601_to_datetime( $dateCreated ) );
+			$post_data['post_date_gmt'] = iso8601_to_datetime( $dateCreated, 'GMT' );
+		}
+
+		if ( ! isset( $post_data['ID'] ) ) {
+			$post_data['ID'] = get_default_post_to_edit( $post_data['post_type'], true )->ID;
+		}
+		$post_ID = $post_data['ID'];
+
+		$sticky = $post_data['sticky'] ? true : false;
+
+		if( $post_data['post_type'] == 'post' && $sticky == true ) {
+			if( ! current_user_can( $post_type->cap->edit_others_posts ) )
+				return new IXR_Error( 401, __( 'Sorry, you are not allowed to stick this post.' ) );
+
+			if( $post_data['post_status'] != 'publish' )
+				return new IXR_Error( 401, __( 'Only published posts can be made sticky.' ) );
+
+			stick_post( $post_ID );
+		}
+
+		if( isset ( $post_data['custom_fields'] ) && post_type_supports( $post_data['post_type'], 'custom-fields' ) ) {
+			$this->set_custom_fields( $post_ID, $post_data['custom_fields'] );
+		}
+
+		if( isset( $post_data['terms'] ) || isset( $post_data['terms_names'] ) ) {
+			$post_type_taxonomies = get_object_taxonomies( $post_data['post_type'], 'objects' );
+
+			// accumulate term IDs from terms and terms_names
+			$terms = array();
+
+			// first validate the terms specified by ID
+			if( isset( $post_data['terms'] ) && is_array( $post_data['terms'] ) ) {
+				$taxonomies = array_keys( $post_data['terms'] );
+
+				// validating term ids
+				foreach ( $taxonomies as $taxonomy ) {
+					if ( ! array_key_exists( $taxonomy , $post_type_taxonomies ) )
+						return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) );
+
+					if( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->assign_terms ) )
+						return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies' ) );
+
+					$term_ids = $post_data['terms'][$taxonomy];
+					foreach ( $term_ids as $term_id ) {
+						$term = get_term_by( 'id', $term_id, $taxonomy );
+
+						if ( ! $term )
+							return new IXR_Error( 403, __( 'Invalid term ID' ) );
+
+						$terms[$taxonomy][] = (int) $term_id;
+					}
+				}
+			}
+
+			// now validate terms specified by name
+			if ( isset( $post_data['terms_names'] ) && is_array( $post_data['terms_names'] ) ) {
+				$taxonomies = array_keys( $post_data['terms_names'] );
+
+				foreach ( $taxonomies as $taxonomy ) {
+					if ( ! array_key_exists( $taxonomy , $post_type_taxonomies ) )
+						return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) );
+
+					if( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->assign_terms ) )
+						return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) );
+
+					// for hierarchical taxonomies, we can't assign a term when multiple terms in the hierarchy share the same name
+					$ambiguous_terms = array();
+					if( is_taxonomy_hierarchical( $taxonomy ) ) {
+						$tax_term_names = get_terms( $taxonomy, array( 'fields' => 'names', 'hide_empty' => false ) );
+
+						// count the number of terms with the same name
+						$tax_term_names_count = array_count_values( $tax_term_names );
+
+						// filter out non-ambiguous term names
+						$ambiguous_tax_term_counts = array_filter( $tax_term_names_count, array( $this, '_is_greater_than_one') );
+
+						$ambiguous_terms = array_keys( $ambiguous_tax_term_counts );
+					}
+
+					$term_names = $post_data['terms_names'][$taxonomy];
+					foreach ( $term_names as $term_name ) {
+						if ( in_array( $term_name, $ambiguous_terms ) )
+							return new IXR_Error( 401, __( 'Ambiguous term name used in a hierarchical taxonomy. Please use term ID instead.' ) );
+
+						$term = get_term_by( 'name', $term_name, $taxonomy );
+
+						if ( ! $term ) {
+							// term doesn't exist, so check that the user is allowed to create new terms
+							if( ! current_user_can( $post_type_taxonomies[$taxonomy]->cap->edit_terms ) )
+								return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a term to one of the given taxonomies.' ) );
+
+							// create the new term
+							$term_info = wp_insert_term( $term_name, $taxonomy );
+							if ( is_wp_error( $term_info ) )
+								return new IXR_Error( 500, $term_info->get_error_message() );
+
+							$terms[$taxonomy][] = (int) $term_info['term_id'];
+						}
+						else {
+							$terms[$taxonomy][] = (int) $term->term_id;
+						}
+					}
+				}
+			}
+
+			$post_data['tax_input'] = $terms;
+			unset( $post_data['terms'] );
+			unset( $post_data['terms_names'] );
+		}
+		else {
+			// do not allow direct submission of 'tax_input', clients must use 'terms' and/or 'terms_names'
+			unset( $post_data['tax_input'] );
+		}
+
+		if( isset( $post_data['post_format'] ) ) {
+			$format = set_post_format( $post_ID, $post_data['post_format'] );
+
+			if ( is_wp_error( $format ) )
+				return new IXR_Error( 500, $format->get_error_message() );
+
+			unset( $post_data['post_format'] );
+		}
+
+		// Handle enclosures
+		$enclosure = isset( $post_data['enclosure'] ) ? $post_data['enclosure'] : null;
+		$this->add_enclosure_if_new( $post_ID, $enclosure );
+
+		$this->attach_uploads( $post_ID, $post_data['post_content'] );
+
+		$post_data = apply_filters( 'xmlrpc_wp_insert_post_data', $post_data, $content_struct );
+
+		$post_ID = wp_insert_post( $post_data, true );
+		if ( is_wp_error( $post_ID ) )
+			return new IXR_Error( 500, $post_ID->get_error_message() );
+
+		if ( ! $post_ID )
+			return new IXR_Error( 401, __( 'Sorry, your entry could not be posted. Something wrong happened.' ) );
+
+		return strval( $post_ID );
+	}
+
+	/*
+	 * Edit a post for any registered post type.
+	 *
+	 * The $content_struct parameter only needs to contain fields that
+	 * should be changed. All other fields will retain their existing values.
+	 *
+	 * @uses wp_insert_post()
+	 * @param array $args Method parameters. Contains:
+	 *  - int     $blog_id
+	 *  - string  $username
+	 *  - string  $password
+	 *  - int     $post_id
+	 *  - array   $content_struct
+	 * @return true on success
+	 */
+	function wp_editPost( $args ) {
+		$this->escape( $args );
+
+		$blog_id        = (int) $args[0]; // we will support this in the near future
+		$username       = $args[1];
+		$password       = $args[2];
+		$post_id        = (int) $args[3];
+		$content_struct = $args[4];
+
+		if ( ! $user = $this->login( $username, $password ) )
+			return $this->error;
+
+		do_action( 'xmlrpc_call', 'wp.editPost' );
+
+		// User Capabilities are checked in _wp_insertPost.
+
+		$post = get_post( $post_id, ARRAY_A );
+
+		if ( empty( $post["ID"] ) )
+			return new IXR_Error( 404, __( 'Invalid post ID.' ) );
+
+		// convert the date field back to IXR form
+		$post['post_date'] = new IXR_Date( mysql2date( 'Ymd\TH:i:s', $post['post_date'], false ) );
+
+		// ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct,
+		// since _wp_insertPost will ignore the non-GMT date if the GMT date is set
+		if ( $post['post_date_gmt'] == '0000-00-00 00:00:00' || isset( $content_struct['post_date'] ) )
+			unset( $post['post_date_gmt'] );
+		else
+			$post['post_date_gmt'] = new IXR_Date( mysql2date( 'Ymd\TH:i:s', $post['post_date_gmt'], false ) );
+
+		$this->escape( $post );
+		$merged_content_struct = array_merge( $post, $content_struct );
+
+		$retval = $this->_wp_insertPost( $user, $merged_content_struct );
+		if ( $retval instanceof IXR_Error )
+			return $retval;
+
+		return true;
+	}
+
+	/**
+	 * Delete a post for any registered post type.
+	 *
+	 * @uses wp_delete_post()
+	 * @param array $args Method parameters. Contains:
+	 *  - int     $blog_id
+	 *  - string  $username
+	 *  - string  $password
+	 *  - int     $post_id
+	 * @return true on success
+	 */
+	function wp_deletePost( $args ) {
+		$this->escape( $args );
+
+		$blog_id    = (int) $args[0];
+		$username   = $args[1];
+		$password   = $args[2];
+		$post_id    = (int) $args[3];
+
+		if ( ! $user = $this->login( $username, $password ) )
+			return $this->error;
+
+		do_action( 'xmlrpc_call', 'wp.deletePost' );
+
+		$post = wp_get_single_post( $post_id, ARRAY_A );
+		if ( empty( $post['ID'] ) )
+			return new IXR_Error( 404, __( 'Invalid post ID.' ) );
+
+		$post_type = get_post_type_object( $post['post_type'] );
+		if( ! current_user_can( $post_type->cap->delete_post, $post_id ) )
+			return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) );
+
+		$result = wp_delete_post( $post_id );
+
+		if ( ! $result )
+			return new IXR_Error( 500, __( 'The post cannot be deleted.' ) );
+
+		return true;
+	}
+
+	/**
+	 * Retrieve a post.
+	 *
+	 * The optional $fields parameter specifies what fields will be included
+	 * in the response array. This should be a list of field names. 'post_id' will
+	 * always be included in the response regardless of the value of $fields.
+	 *
+	 * Instead of, or in addition to, individual field names, conceptual group
+	 * names can be used to specify multiple fields. The available conceptual
+	 * groups are 'post' (all basic fields), 'taxonomies', 'custom_fields',
+	 * and 'enclosure'.
+	 *
+	 * @uses wp_get_single_post()
+	 * @param array $args Method parameters. Contains:
+	 *  - int     $post_id
+	 *  - string  $username
+	 *  - string  $password
+	 *  - array   $fields optional
+	 * @return array contains (based on $fields parameter):
+	 *  - 'post_id'
+	 *  - 'post_title'
+	 *  - 'post_date'
+	 *  - 'post_date_gmt'
+	 *  - 'post_modified'
+	 *  - 'post_modified_gmt'
+	 *  - 'post_status'
+	 *  - 'post_type'
+	 *  - 'post_name'
+	 *  - 'post_author'
+	 *  - 'post_password'
+	 *  - 'post_excerpt'
+	 *  - 'post_content'
+	 *  - 'link'
+	 *  - 'comment_status'
+	 *  - 'ping_status'
+	 *  - 'sticky'
+	 *  - 'custom_fields'
+	 *  - 'terms'
+	 *  - 'categories'
+	 *  - 'tags'
+	 *  - 'enclosure'
+	 */
+	function wp_getPost( $args ) {
+		$this->escape( $args );
+
+		$blog_id            = (int) $args[0];
+		$username           = $args[1];
+		$password           = $args[2];
+		$post_id            = (int) $args[3];
+
+		if ( isset( $args[4] ) )
+			$fields = $args[4];
+		else
+			$fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPost' );
+
+		if ( ! $user = $this->login( $username, $password ) )
+			return $this->error;
+
+		do_action( 'xmlrpc_call', 'wp.getPost' );
+
+		$post = wp_get_single_post( $post_id, ARRAY_A );
+
+		if ( empty( $post["ID"] ) )
+			return new IXR_Error( 404, __( 'Invalid post ID.' ) );
+
+		$post_type = get_post_type_object( $post['post_type'] );
+		if ( ! current_user_can( $post_type->cap->edit_posts, $post_id ) )
+			return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) );
+
+		return $this->_prepare_post( $post, $fields );
+	}
+
+	/**
+	 * Retrieve posts.
+	 *
+	 * The optional $filter parameter modifies the query used to retrieve posts.
+	 * Accepted keys are 'post_type', 'post_status', 'number', 'offset',
+	 * 'orderby', and 'order'.
+	 *
+	 * The optional $fields parameter specifies what fields will be included
+	 * in the response array.
+	 *
+	 * @uses wp_get_recent_posts()
+	 * @see wp_getPost() for more on $fields
+	 * @see get_posts() for more on $filter values
+	 *
+	 * @param array $args Method parameters. Contains:
+	 *  - int     $blog_id
+	 *  - string  $username
+	 *  - string  $password
+	 *  - array   $filter optional
+	 *  - array   $fields optional
+	 * @return array cntains a collection of posts.
+	 */
+	function wp_getPosts( $args ) {
+		$this->escape( $args );
+
+		$blog_id    = (int) $args[0];
+		$username   = $args[1];
+		$password   = $args[2];
+		$filter     = isset( $args[3] ) ? $args[3] : array();
+
+		if ( isset( $args[4] ) )
+			$fields = $args[4];
+		else
+			$fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPosts' );
+
+		if ( ! $user = $this->login( $username, $password ) )
+			return $this->error;
+
+		do_action( 'xmlrpc_call', 'wp.getPosts' );
+
+		$query = array();
+
+		if ( isset( $filter['post_type'] ) ) {
+			$post_type = get_post_type_object( $filter['post_type'] );
+			if ( ! ( (bool) $post_type ) )
+				return new IXR_Error( 403, __( 'The post type specified is not valid' ) );
+
+			if ( ! current_user_can( $post_type->cap->edit_posts ) )
+				return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type' ));
+
+			$query['post_type'] = $filter['post_type'];
+		}
+
+		if ( isset( $filter['post_status'] ) )
+			$query['post_status'] = $filter['post_status'];
+
+		if ( isset( $filter['number'] ) )
+			$query['number'] = absint( $filter['number'] );
+
+		if ( isset( $filter['offset'] ) )
+			$query['offset'] = absint( $filter['offset'] );
+
+		if ( isset( $filter['orderby'] ) ) {
+			$query['orderby'] = $filter['orderby'];
+
+			if ( isset( $filter['order'] ) )
+				$query['order'] = $filter['order'];
+		}
+
+		do_action( 'xmlrpc_call', 'wp.getPosts' );
+
+		$posts_list = wp_get_recent_posts( $query );
+
+		if ( ! $posts_list )
+			return array( );
+
+		// holds all the posts data
+		$struct = array();
+
+		foreach ( $posts_list as $post ) {
+			$post_type = get_post_type_object( $post['post_type'] );
+			if ( ! current_user_can( $post_type->cap->edit_posts, $post['ID'] ) )
+				continue;
+
+			$struct[] = $this->_prepare_post( $post, $fields );
+		}
+
+		return $struct;
+	}
+
 	/**
 	 * Retrieve page.
 	 *