Set the cap appropriate to the post type. fixes #10807 see #10605

git-svn-id: http://svn.automattic.com/wordpress/trunk@11960 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-09-22 22:57:01 +00:00
parent 7b54e813b5
commit e1d48f65ce
1 changed files with 12 additions and 8 deletions

View File

@ -2070,17 +2070,21 @@ class WP_Query {
$q['orderby'] = "$wpdb->posts.post_date ".$q['order']; $q['orderby'] = "$wpdb->posts.post_date ".$q['order'];
} }
$post_type_cap = $post_type;
if ( 'any' == $post_type ) { if ( 'any' == $post_type ) {
$where .= " AND $wpdb->posts.post_type != 'revision'"; $where .= " AND $wpdb->posts.post_type != 'revision'";
} elseif ( ! empty( $post_type ) ) { } elseif ( ! empty( $post_type ) ) {
$where .= " AND $wpdb->posts.post_type = '$post_type'"; $where .= " AND $wpdb->posts.post_type = '$post_type'";
} elseif ( $this->is_attachment ) { } elseif ( $this->is_attachment ) {
$where .= " AND $wpdb->posts.post_type = 'attachment'"; $where .= " AND $wpdb->posts.post_type = 'attachment'";
$post_type_cap = 'post';
} elseif ($this->is_page) { } elseif ($this->is_page) {
$where .= " AND $wpdb->posts.post_type = 'page'"; $where .= " AND $wpdb->posts.post_type = 'page'";
$post_type_cap = 'page';
} else { } else {
$where .= " AND $wpdb->posts.post_type = 'post'"; $where .= " AND $wpdb->posts.post_type = 'post'";
$post_type = 'post'; $post_type_cap = 'post';
} }
if ( isset($q['post_status']) && '' != $q['post_status'] ) { if ( isset($q['post_status']) && '' != $q['post_status'] ) {
@ -2109,13 +2113,13 @@ class WP_Query {
} }
if ( !empty($r_status) ) { if ( !empty($r_status) ) {
if ( !empty($q['perm'] ) && 'editable' == $q['perm'] && !current_user_can("edit_others_{$post_type}s") ) if ( !empty($q['perm'] ) && 'editable' == $q['perm'] && !current_user_can("edit_others_{$post_type_cap}s") )
$statuswheres[] = "($wpdb->posts.post_author = $user_ID " . "AND (" . join( ' OR ', $r_status ) . "))"; $statuswheres[] = "($wpdb->posts.post_author = $user_ID " . "AND (" . join( ' OR ', $r_status ) . "))";
else else
$statuswheres[] = "(" . join( ' OR ', $r_status ) . ")"; $statuswheres[] = "(" . join( ' OR ', $r_status ) . ")";
} }
if ( !empty($p_status) ) { if ( !empty($p_status) ) {
if ( !empty($q['perm'] ) && 'readable' == $q['perm'] && !current_user_can("read_private_{$post_type}s") ) if ( !empty($q['perm'] ) && 'readable' == $q['perm'] && !current_user_can("read_private_{$post_type_cap}s") )
$statuswheres[] = "($wpdb->posts.post_author = $user_ID " . "AND (" . join( ' OR ', $p_status ) . "))"; $statuswheres[] = "($wpdb->posts.post_author = $user_ID " . "AND (" . join( ' OR ', $p_status ) . "))";
else else
$statuswheres[] = "(" . join( ' OR ', $p_status ) . ")"; $statuswheres[] = "(" . join( ' OR ', $p_status ) . ")";
@ -2134,7 +2138,7 @@ class WP_Query {
$where .= " OR $wpdb->posts.post_status = 'future' OR $wpdb->posts.post_status = 'draft' OR $wpdb->posts.post_status = 'pending'"; $where .= " OR $wpdb->posts.post_status = 'future' OR $wpdb->posts.post_status = 'draft' OR $wpdb->posts.post_status = 'pending'";
if ( is_user_logged_in() ) { if ( is_user_logged_in() ) {
$where .= current_user_can( "read_private_{$post_type}s" ) ? " OR $wpdb->posts.post_status = 'private'" : " OR $wpdb->posts.post_author = $user_ID AND $wpdb->posts.post_status = 'private'"; $where .= current_user_can( "read_private_{$post_type_cap}s" ) ? " OR $wpdb->posts.post_status = 'private'" : " OR $wpdb->posts.post_author = $user_ID AND $wpdb->posts.post_status = 'private'";
} }
$where .= ')'; $where .= ')';
@ -2292,7 +2296,7 @@ class WP_Query {
} else { } else {
if (in_array($status, array('draft', 'pending')) ) { if (in_array($status, array('draft', 'pending')) ) {
// User must have edit permissions on the draft to preview. // User must have edit permissions on the draft to preview.
if (! current_user_can('edit_post', $this->posts[0]->ID)) { if (! current_user_can("edit_$post_type_cap", $this->posts[0]->ID)) {
$this->posts = array(); $this->posts = array();
} else { } else {
$this->is_preview = true; $this->is_preview = true;
@ -2300,17 +2304,17 @@ class WP_Query {
} }
} else if ('future' == $status) { } else if ('future' == $status) {
$this->is_preview = true; $this->is_preview = true;
if (!current_user_can('edit_post', $this->posts[0]->ID)) { if (!current_user_can("edit_$post_type_cap", $this->posts[0]->ID)) {
$this->posts = array ( ); $this->posts = array ( );
} }
} else { } else {
if (! current_user_can('read_post', $this->posts[0]->ID)) if (! current_user_can("read_$post_type_cap", $this->posts[0]->ID))
$this->posts = array(); $this->posts = array();
} }
} }
} }
if ( $this->is_preview && current_user_can( "edit_{$post_type}", $this->posts[0]->ID ) ) if ( $this->is_preview && current_user_can( "edit_{$post_type_cap}", $this->posts[0]->ID ) )
$this->posts[0] = apply_filters('the_preview', $this->posts[0]); $this->posts[0] = apply_filters('the_preview', $this->posts[0]);
} }