From 5d839715d5f90acc12c51d58a87b5d8f6619e369 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 22 Apr 2008 23:54:13 +0000 Subject: [PATCH] don't get or set post_lock if you can't edit the post/page. Props mdawaffe git-svn-id: http://svn.automattic.com/wordpress/trunk@7781 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/page.php | 21 ++++++++++++--------- wp-admin/post.php | 21 ++++++++++++--------- 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/wp-admin/page.php b/wp-admin/page.php index 08e2a45a86..1b4dc28253 100644 --- a/wp-admin/page.php +++ b/wp-admin/page.php @@ -83,15 +83,18 @@ case 'edit': wp_enqueue_script('editor'); wp_enqueue_script('thickbox'); wp_enqueue_script('media-upload'); - if ( $last = wp_check_post_lock( $post->ID ) ) { - $last_user = get_userdata( $last ); - $last_user_name = $last_user ? $last_user->display_name : __('Somebody'); - $message = sprintf( __( 'Warning: %s is currently editing this page' ), wp_specialchars( $last_user_name ) ); - $message = str_replace( "'", "\'", "

$message

" ); - add_action('admin_notices', create_function( '', "echo '$message';" ) ); - } else { - wp_set_post_lock( $post->ID ); - wp_enqueue_script('autosave'); + + if ( current_user_can('edit_page', $page_ID) ) { + if ( $last = wp_check_post_lock( $post->ID ) ) { + $last_user = get_userdata( $last ); + $last_user_name = $last_user ? $last_user->display_name : __('Somebody'); + $message = sprintf( __( 'Warning: %s is currently editing this page' ), wp_specialchars( $last_user_name ) ); + $message = str_replace( "'", "\'", "

$message

" ); + add_action('admin_notices', create_function( '', "echo '$message';" ) ); + } else { + wp_set_post_lock( $post->ID ); + wp_enqueue_script('autosave'); + } } require_once('admin-header.php'); diff --git a/wp-admin/post.php b/wp-admin/post.php index 5ed51c86e2..bcbad62847 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -90,15 +90,18 @@ case 'edit': wp_enqueue_script('editor'); wp_enqueue_script('thickbox'); wp_enqueue_script('media-upload'); - if ( $last = wp_check_post_lock( $post->ID ) ) { - $last_user = get_userdata( $last ); - $last_user_name = $last_user ? $last_user->display_name : __('Somebody'); - $message = sprintf( __( 'Warning: %s is currently editing this post' ), wp_specialchars( $last_user_name ) ); - $message = str_replace( "'", "\'", "

$message

" ); - add_action('admin_notices', create_function( '', "echo '$message';" ) ); - } else { - wp_set_post_lock( $post->ID ); - wp_enqueue_script('autosave'); + + if ( current_user_can('edit_post', $post_ID) ) { + if ( $last = wp_check_post_lock( $post->ID ) ) { + $last_user = get_userdata( $last ); + $last_user_name = $last_user ? $last_user->display_name : __('Somebody'); + $message = sprintf( __( 'Warning: %s is currently editing this post' ), wp_specialchars( $last_user_name ) ); + $message = str_replace( "'", "\'", "

$message

" ); + add_action('admin_notices', create_function( '', "echo '$message';" ) ); + } else { + wp_set_post_lock( $post->ID ); + wp_enqueue_script('autosave'); + } } require_once('admin-header.php');