Add option to check caps when querying a particular post status. fixes #6052
git-svn-id: http://svn.automattic.com/wordpress/trunk@7109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
37c69acd2d
commit
884be4169f
|
@ -81,13 +81,15 @@ if ( is_single() ) {
|
||||||
<ul class="subsubsub">
|
<ul class="subsubsub">
|
||||||
<?php
|
<?php
|
||||||
$status_links = array();
|
$status_links = array();
|
||||||
$num_posts = wp_count_posts('post');
|
$num_posts = wp_count_posts('post', 'readable');
|
||||||
foreach ( $post_stati as $status => $label ) {
|
foreach ( $post_stati as $status => $label ) {
|
||||||
$class = '';
|
$class = '';
|
||||||
|
|
||||||
if ( !in_array($status, $avail_post_stati) )
|
if ( !in_array($status, $avail_post_stati) )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
if ( empty($num_posts->$status) )
|
||||||
|
continue;
|
||||||
if ( $status == $_GET['post_status'] )
|
if ( $status == $_GET['post_status'] )
|
||||||
$class = ' class="current"';
|
$class = ' class="current"';
|
||||||
|
|
||||||
|
|
|
@ -513,8 +513,10 @@ function wp_edit_posts_query( $q = false ) {
|
||||||
$avail_post_stati = get_available_post_statuses('post');
|
$avail_post_stati = get_available_post_statuses('post');
|
||||||
|
|
||||||
$post_status_q = '';
|
$post_status_q = '';
|
||||||
if ( isset($q['post_status']) && in_array( $q['post_status'], array_keys($post_stati) ) )
|
if ( isset($q['post_status']) && in_array( $q['post_status'], array_keys($post_stati) ) ) {
|
||||||
$post_status_q = '&post_status=' . $q['post_status'];
|
$post_status_q = '&post_status=' . $q['post_status'];
|
||||||
|
$post_status_q .= '&perm=readable';
|
||||||
|
}
|
||||||
|
|
||||||
if ( 'pending' === $q['post_status'] ) {
|
if ( 'pending' === $q['post_status'] ) {
|
||||||
$order = 'ASC';
|
$order = 'ASC';
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
class WP {
|
class WP {
|
||||||
var $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'debug', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots');
|
var $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'debug', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots');
|
||||||
|
|
||||||
var $private_query_vars = array('offset', 'posts_per_page', 'posts_per_archive_page', 'what_to_show', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type');
|
var $private_query_vars = array('offset', 'posts_per_page', 'posts_per_archive_page', 'what_to_show', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type', 'perm');
|
||||||
var $extra_query_vars = array();
|
var $extra_query_vars = array();
|
||||||
|
|
||||||
var $query_vars;
|
var $query_vars;
|
||||||
|
|
|
@ -822,10 +822,18 @@ function sanitize_post_field($field, $value, $post_id, $context) {
|
||||||
* @param string $type Post type
|
* @param string $type Post type
|
||||||
* @return array Number of posts for each status
|
* @return array Number of posts for each status
|
||||||
*/
|
*/
|
||||||
function wp_count_posts( $type = 'post' ) {
|
function wp_count_posts( $type = 'post', $perm = '' ) {
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
|
|
||||||
$count = $wpdb->get_results( $wpdb->prepare( "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s GROUP BY post_status", $type ), ARRAY_A );
|
$user = wp_get_current_user();
|
||||||
|
|
||||||
|
$query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s";
|
||||||
|
if ( 'readable' == $perm && is_user_logged_in() ) {
|
||||||
|
if ( !current_user_can("read_private_{$type}s") )
|
||||||
|
$query .= " AND (post_status != 'private' OR ( post_author = '$user->ID' AND post_status = 'private' ))";
|
||||||
|
}
|
||||||
|
$query .= ' GROUP BY post_status';
|
||||||
|
$count = $wpdb->get_results( $wpdb->prepare( $query, $type ), ARRAY_A );
|
||||||
|
|
||||||
$stats = array( );
|
$stats = array( );
|
||||||
foreach( (array) $count as $row_num => $row ) {
|
foreach( (array) $count as $row_num => $row ) {
|
||||||
|
|
|
@ -1213,6 +1213,7 @@ class WP_Query {
|
||||||
if ( isset($q['post_status']) && '' != $q['post_status'] ) {
|
if ( isset($q['post_status']) && '' != $q['post_status'] ) {
|
||||||
$q_status = explode(',', $q['post_status']);
|
$q_status = explode(',', $q['post_status']);
|
||||||
$r_status = array();
|
$r_status = array();
|
||||||
|
$p_status = array();
|
||||||
if ( in_array( 'draft' , $q_status ) )
|
if ( in_array( 'draft' , $q_status ) )
|
||||||
$r_status[] = "post_status = 'draft'";
|
$r_status[] = "post_status = 'draft'";
|
||||||
if ( in_array( 'pending', $q_status ) )
|
if ( in_array( 'pending', $q_status ) )
|
||||||
|
@ -1222,11 +1223,27 @@ class WP_Query {
|
||||||
if ( in_array( 'inherit' , $q_status ) )
|
if ( in_array( 'inherit' , $q_status ) )
|
||||||
$r_status[] = "post_status = 'inherit'";
|
$r_status[] = "post_status = 'inherit'";
|
||||||
if ( in_array( 'private', $q_status ) )
|
if ( in_array( 'private', $q_status ) )
|
||||||
$r_status[] = "post_status = 'private'";
|
$p_status[] = "post_status = 'private'";
|
||||||
if ( in_array( 'publish', $q_status ) )
|
if ( in_array( 'publish', $q_status ) )
|
||||||
$r_status[] = "post_status = 'publish'";
|
$r_status[] = "post_status = 'publish'";
|
||||||
if ( !empty($r_status) )
|
|
||||||
|
if ( empty($q['perm'] ) || 'readable' != $q['perm'] ) {
|
||||||
|
$r_status = array_merge($r_status, $p_status);
|
||||||
|
unset($p_status);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( !empty($r_status) ) {
|
||||||
|
if ( !empty($q['perm'] ) && 'editable' == $q['perm'] && !current_user_can("edit_others_{$post_type}s") )
|
||||||
|
$where .= " AND (post_author = $user_ID " . "AND (" . join( ' OR ', $r_status ) . "))";
|
||||||
|
else
|
||||||
$where .= " AND (" . join( ' OR ', $r_status ) . ")";
|
$where .= " AND (" . join( ' OR ', $r_status ) . ")";
|
||||||
|
}
|
||||||
|
if ( !empty($p_status) ) {
|
||||||
|
if ( !empty($q['perm'] ) && 'readable' == $q['perm'] && !current_user_can("read_private_{$post_type}s") )
|
||||||
|
$where .= " AND (post_author = $user_ID " . "AND (" . join( ' OR ', $p_status ) . "))";
|
||||||
|
else
|
||||||
|
$where .= " AND (" . join( ' OR ', $p_status ) . ")";
|
||||||
|
}
|
||||||
} elseif ( !$this->is_singular ) {
|
} elseif ( !$this->is_singular ) {
|
||||||
$where .= " AND (post_status = 'publish'";
|
$where .= " AND (post_status = 'publish'";
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue