Add new page caps now that pages can be draft or publish. Brings page caps to parity with posts. Add delete caps for posts and pages. fixes #2382 #2336 #2301

git-svn-id: http://svn.automattic.com/wordpress/trunk@3513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-02-11 09:56:02 +00:00
parent 9f50b562b5
commit d6d431c1be
8 changed files with 177 additions and 53 deletions

View File

@ -4,8 +4,13 @@
function write_post() { function write_post() {
global $user_ID; global $user_ID;
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can('edit_pages') )
die(__('You are not allowed to create pages on this blog.'));
} else {
if ( !current_user_can('edit_posts') ) if ( !current_user_can('edit_posts') )
die(__('You are not allowed to create posts or drafts on this blog.')); die(__('You are not allowed to create posts or drafts on this blog.'));
}
// Rename. // Rename.
$_POST['post_content'] = $_POST['content']; $_POST['post_content'] = $_POST['content'];
@ -15,16 +20,26 @@ function write_post() {
if (!empty ($_POST['post_author_override'])) { if (!empty ($_POST['post_author_override'])) {
$_POST['post_author'] = (int) $_POST['post_author_override']; $_POST['post_author'] = (int) $_POST['post_author_override'];
} else } else {
if (!empty ($_POST['post_author'])) { if (!empty ($_POST['post_author'])) {
$_POST['post_author'] = (int) $_POST['post_author']; $_POST['post_author'] = (int) $_POST['post_author'];
} else { } else {
$_POST['post_author'] = (int) $_POST['user_ID']; $_POST['post_author'] = (int) $_POST['user_ID'];
} }
if (($_POST['post_author'] != $_POST['user_ID']) && !current_user_can('edit_others_posts')) }
if ($_POST['post_author'] != $_POST['user_ID']) {
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can('edit_others_pages') )
die(__('You cannot create pages as this user.'));
} else {
if ( !current_user_can('edit_others_posts') )
die(__('You cannot post as this user.')); die(__('You cannot post as this user.'));
}
}
// What to do based on which button they pressed // What to do based on which button they pressed
if ('' != $_POST['saveasdraft']) if ('' != $_POST['saveasdraft'])
$_POST['post_status'] = 'draft'; $_POST['post_status'] = 'draft';
@ -34,14 +49,14 @@ function write_post() {
$_POST['post_status'] = 'publish'; $_POST['post_status'] = 'publish';
if ('' != $_POST['advanced']) if ('' != $_POST['advanced'])
$_POST['post_status'] = 'draft'; $_POST['post_status'] = 'draft';
//if ('' != $_POST['savepage']) {
// $_POST['post_status'] = 'draft';
if ( 'page' == $_POST['post_type'] ) {
if ('publish' == $_POST['post_status'] && !current_user_can('publish_pages'))
$_POST['post_status'] = 'draft';
} else {
if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts'))
$_POST['post_status'] = 'draft'; $_POST['post_status'] = 'draft';
}
if ('page' == $_POST['post_type'] && !current_user_can('edit_pages'))
die(__('This user cannot edit pages.'));
if (!empty ($_POST['edit_date'])) { if (!empty ($_POST['edit_date'])) {
$aa = $_POST['aa']; $aa = $_POST['aa'];
@ -123,8 +138,13 @@ function edit_post() {
$post_ID = (int) $_POST['post_ID']; $post_ID = (int) $_POST['post_ID'];
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can('edit_page', $post_ID) )
die(__('You are not allowed to edit this page.'));
} else {
if ( !current_user_can('edit_post', $post_ID) ) if ( !current_user_can('edit_post', $post_ID) )
die(__('You are not allowed to edit this post.')); die(__('You are not allowed to edit this post.'));
}
// Rename. // Rename.
$_POST['ID'] = (int) $_POST['post_ID']; $_POST['ID'] = (int) $_POST['post_ID'];
@ -142,8 +162,16 @@ function edit_post() {
$_POST['post_author'] = (int) $_POST['user_ID']; $_POST['post_author'] = (int) $_POST['user_ID'];
} }
if (($_POST['post_author'] != $_POST['user_ID']) && !current_user_can('edit_others_posts')) if ($_POST['post_author'] != $_POST['user_ID']) {
die(__('You cannot post as this user.')); if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can('edit_others_pages') )
die(__('You cannot edit pages as this user.'));
} else {
if ( !current_user_can('edit_others_posts') )
die(__('You cannot edit posts as this user.'));
}
}
// What to do based on which button they pressed // What to do based on which button they pressed
if ('' != $_POST['saveasdraft']) if ('' != $_POST['saveasdraft'])
@ -154,14 +182,14 @@ function edit_post() {
$_POST['post_status'] = 'publish'; $_POST['post_status'] = 'publish';
if ('' != $_POST['advanced']) if ('' != $_POST['advanced'])
$_POST['post_status'] = 'draft'; $_POST['post_status'] = 'draft';
//if ('' != $_POST['savepage'])
// $_POST['post_status'] = 'static';
if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) if ( 'page' == $_POST['post_type'] ) {
if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_pages'))
$_POST['post_status'] = 'draft'; $_POST['post_status'] = 'draft';
} else {
if ('static' == $_POST['post_status'] && !current_user_can('edit_pages')) if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_posts'))
die(__('This user cannot edit pages.')); $_POST['post_status'] = 'draft';
}
if (!isset ($_POST['comment_status'])) if (!isset ($_POST['comment_status']))
$_POST['comment_status'] = 'closed'; $_POST['comment_status'] = 'closed';

View File

@ -65,7 +65,7 @@ addLoadEvent(focusit);
</fieldset> </fieldset>
<fieldset id="passworddiv" class="dbx-box"> <fieldset id="passworddiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> <h3 class="dbx-handle"><?php _e('Password-Protect Page') ?></h3>
<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div> <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
</fieldset> </fieldset>
@ -90,13 +90,13 @@ addLoadEvent(focusit);
<?php } ?> <?php } ?>
<fieldset id="slugdiv" class="dbx-box"> <fieldset id="slugdiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Post slug') ?></h3> <h3 class="dbx-handle"><?php _e('Page slug') ?></h3>
<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div> <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
</fieldset> </fieldset>
<?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?> <?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
<fieldset id="authordiv" class="dbx-box"> <fieldset id="authordiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3> <h3 class="dbx-handle"><?php _e('Page author'); ?>:</h3>
<div class="dbx-content"> <div class="dbx-content">
<select name="post_author_override" id="post_author_override"> <select name="post_author_override" id="post_author_override">
<?php <?php

View File

@ -43,7 +43,7 @@ if ($posts) {
if ( isset($_GET['s']) ) { if ( isset($_GET['s']) ) {
foreach ( $posts as $post ) : foreach ( $posts as $post ) :
$class = ('alternate' != $class) ? 'alternate' : ''; ?> $class = ('alternate' != $class) ? 'alternate' : ''; ?>
<tr id='page-<?php echo $id; ?>' class='<?php echo $class; ?>'> <tr id='page-<?php echo $post->ID; ?>' class='<?php echo $class; ?>'>
<th scope="row"><?php echo $post->ID; ?></th> <th scope="row"><?php echo $post->ID; ?></th>
<td> <td>
<?php echo $pad; ?><?php the_title() ?> <?php echo $pad; ?><?php the_title() ?>
@ -51,8 +51,8 @@ foreach ( $posts as $post ) :
<td><?php the_author() ?></td> <td><?php the_author() ?></td>
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td> <td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> <td><?php if ( current_user_can('edit_page', $post->ID) ) { echo "<a href='post.php?action=edit&amp;post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> <td><?php if ( current_user_can('delete_page', $post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$post->ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
</tr> </tr>
<?php <?php
endforeach; endforeach;

View File

@ -210,7 +210,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
case 'control_delete': case 'control_delete':
?> ?>
<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
<?php <?php
break; break;

View File

@ -33,7 +33,7 @@ function upgrade_all() {
if ( $wp_current_db_version < 3308 ) if ( $wp_current_db_version < 3308 )
upgrade_160(); upgrade_160();
if ( $wp_current_db_version < 3506 ) if ( $wp_current_db_version < 3513 )
upgrade_210(); upgrade_210();
$wp_rewrite->flush_rules(); $wp_rewrite->flush_rules();
@ -332,6 +332,7 @@ function upgrade_160() {
function upgrade_210() { function upgrade_210() {
global $wpdb, $table_prefix, $wp_current_db_version; global $wpdb, $table_prefix, $wp_current_db_version;
if ( $wp_current_db_version < 3506 ) {
// Update status and type. // Update status and type.
$posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts"); $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts");
@ -351,6 +352,11 @@ function upgrade_210() {
} }
} }
if ( $wp_current_db_version < 3513 ) {
populate_roles_210();
}
}
// The functions we use to actually do stuff // The functions we use to actually do stuff
// General // General

View File

@ -245,6 +245,7 @@ function populate_options() {
function populate_roles() { function populate_roles() {
populate_roles_160(); populate_roles_160();
populate_roles_210();
} }
function populate_roles_160() { function populate_roles_160() {
@ -336,4 +337,34 @@ function populate_roles_160() {
$role->add_cap('level_0'); $role->add_cap('level_0');
} }
function populate_roles_210() {
$roles = array('administrator', 'editor');
foreach ($roles as $role) {
$role = get_role($role);
if ( empty($role) )
continue;
$role->add_cap('edit_others_pages');
$role->add_cap('edit_published_pages');
$role->add_cap('publish_pages');
$role->add_cap('delete_pages');
$role->add_cap('delete_others_pages');
$role->add_cap('delete_published_pages');
$role->add_cap('delete_posts');
$role->add_cap('delete_others_posts');
$role->add_cap('delete_published_posts');
}
$role = get_role('author');
if ( ! empty($role) ) {
$role->add_cap('delete_posts');
$role->add_cap('delete_published_posts');
}
$role = get_role('contributor');
if ( ! empty($role) ) {
$role->add_cap('delete_posts');
}
}
?> ?>

View File

@ -253,6 +253,50 @@ function map_meta_cap($cap, $user_id) {
$caps = array(); $caps = array();
switch ($cap) { switch ($cap) {
case 'delete_post':
$author_data = get_userdata($user_id);
//echo "post ID: {$args[0]}<br/>";
$post = get_post($args[0]);
$post_author_data = get_userdata($post->post_author);
//echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br/>";
// If the user is the author...
if ($user_id == $post_author_data->ID) {
// If the post is published...
if ($post->post_status == 'publish')
$caps[] = 'delete_published_posts';
else
// If the post is draft...
$caps[] = 'delete_posts';
} else {
// The user is trying to edit someone else's post.
$caps[] = 'delete_others_posts';
// The post is published, extra cap required.
if ($post->post_status == 'publish')
$caps[] = 'delete_published_posts';
}
break;
case 'delete_page':
$author_data = get_userdata($user_id);
//echo "post ID: {$args[0]}<br/>";
$page = get_page($args[0]);
$page_author_data = get_userdata($post->post_author);
//echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br/>";
// If the user is the author...
if ($user_id == $page_author_data->ID) {
// If the page is published...
if ($page->post_status == 'publish')
$caps[] = 'delete_published_pages';
else
// If the page is draft...
$caps[] = 'delete_pages';
} else {
// The user is trying to edit someone else's page.
$caps[] = 'delete_others_pages';
// The page is published, extra cap required.
if ($page->post_status == 'publish')
$caps[] = 'delete_published_pages';
}
break;
// edit_post breaks down to edit_posts, edit_published_posts, or // edit_post breaks down to edit_posts, edit_published_posts, or
// edit_others_posts // edit_others_posts
case 'edit_post': case 'edit_post':
@ -266,17 +310,10 @@ function map_meta_cap($cap, $user_id) {
// If the post is published... // If the post is published...
if ($post->post_status == 'publish') if ($post->post_status == 'publish')
$caps[] = 'edit_published_posts'; $caps[] = 'edit_published_posts';
else if ($post->post_status == 'static')
$caps[] = 'edit_pages';
else else
// If the post is draft... // If the post is draft...
$caps[] = 'edit_posts'; $caps[] = 'edit_posts';
} else { } else {
if ($post->post_status == 'static') {
$caps[] = 'edit_pages';
break;
}
// The user is trying to edit someone else's post. // The user is trying to edit someone else's post.
$caps[] = 'edit_others_posts'; $caps[] = 'edit_others_posts';
// The post is published, extra cap required. // The post is published, extra cap required.
@ -284,6 +321,28 @@ function map_meta_cap($cap, $user_id) {
$caps[] = 'edit_published_posts'; $caps[] = 'edit_published_posts';
} }
break; break;
case 'edit_page':
$author_data = get_userdata($user_id);
//echo "post ID: {$args[0]}<br/>";
$page = get_page($args[0]);
$page_author_data = get_userdata($post->post_author);
//echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br/>";
// If the user is the author...
if ($user_id == $page_author_data->ID) {
// If the page is published...
if ($page->post_status == 'publish')
$caps[] = 'edit_published_pages';
else
// If the page is draft...
$caps[] = 'edit_pages';
} else {
// The user is trying to edit someone else's page.
$caps[] = 'edit_others_pages';
// The page is published, extra cap required.
if ($page->post_status == 'publish')
$caps[] = 'edit_published_pages';
}
break;
case 'read_post': case 'read_post':
$post = get_post($args[0]); $post = get_post($args[0]);

View File

@ -3,6 +3,6 @@
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN // This just holds the version number, in a separate file so we can bump it without cluttering the SVN
$wp_version = '2.1-aplha1'; $wp_version = '2.1-aplha1';
$wp_db_version = 3506; $wp_db_version = 3513;
?> ?>