diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index e4eca553cc..5a4d966258 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -26,6 +26,20 @@ function _wp_translate_postdata( $update = false, $post_data = null ) { if ( $update ) $post_data['ID'] = (int) $post_data['post_ID']; + $ptype = get_post_type_object( $post_data['post_type'] ); + + if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) { + if ( 'page' == $post_data['post_type'] ) + return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) ); + else + return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) ); + } elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) { + if ( 'page' == $post_data['post_type'] ) + return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); + else + return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) ); + } + if ( isset( $post_data['content'] ) ) $post_data['post_content'] = $post_data['content']; @@ -51,25 +65,13 @@ function _wp_translate_postdata( $update = false, $post_data = null ) { } } - $ptype = get_post_type_object( $post_data['post_type'] ); - if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) { - if ( $update ) { - if ( ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) { - if ( 'page' == $post_data['post_type'] ) { - return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) ); - } else { - return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) ); - } - } - } else { - if ( ! current_user_can( $ptype->cap->edit_others_posts ) ) { - if ( 'page' == $post_data['post_type'] ) { - return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); - } else { - return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) ); - } - } - } + if ( ! $update && isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] ) + && ! current_user_can( $ptype->cap->edit_others_posts ) ) { + + if ( 'page' == $post_data['post_type'] ) + return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); + else + return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) ); } // What to do based on which button they pressed