From 0aa5bf4862c328a284819e189157043e5ebe436f Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Fri, 28 Dec 2007 00:46:18 +0000
Subject: [PATCH] Some cap checks for app from josephscott.

git-svn-id: http://svn.automattic.com/wordpress/trunk@6507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-app.php | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/wp-app.php b/wp-app.php
index c7a2ae1bb..7345b0e47 100644
--- a/wp-app.php
+++ b/wp-app.php
@@ -163,6 +163,10 @@ class AtomServer {
 
 	function get_service() {
 		log_app('function','get_service()');
+
+		if( !current_user_can( 'edit_posts' ) ) 
+			$this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
+
 		$entries_url = attribute_escape($this->get_entries_url());
 		$categories_url = attribute_escape($this->get_categories_url());
 		$media_url = attribute_escape($this->get_attachments_url());
@@ -192,8 +196,11 @@ EOD;
 	}
 
 	function get_categories_xml() {
-
 		log_app('function','get_categories_xml()');
+
+		if( !current_user_can( 'edit_posts' ) ) 
+			$this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
+
 		$home = attribute_escape(get_bloginfo_rss('home'));
 
 		$categories = "";
@@ -285,8 +292,11 @@ EOD;
 	}
 
 	function get_post($postID) {
-
 		global $entry;
+
+		if( !current_user_can( 'edit_post', $postID ) )
+			$this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) ); 
+
 		$this->set_current_entry($postID);
 		$output = $this->get_entry($postID);
 		log_app('function',"get_post($postID)");
@@ -372,6 +382,9 @@ EOD;
 	}
 
 	function get_attachment($postID = NULL) {
+		if( !current_user_can( 'upload_files' ) )
+			$this->auth_required( __( 'Sorry, you do not have the right to file uploads on this blog.' ) );
+
 		if (!isset($postID)) {
 			$this->get_attachments();
 		} else {