From 2f68889eb6d4684a4eed45f93894b1b4311c3319 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 11 May 2006 23:13:35 +0000
Subject: [PATCH] Remove private posts from front page query.  Aadd private
 posts and page caps. fixes #2613

git-svn-id: http://svn.automattic.com/wordpress/trunk@3772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/upgrade-functions.php |  4 ++--
 wp-admin/upgrade-schema.php    |  6 ++++++
 wp-includes/capabilities.php   |  8 ++++++++
 wp-includes/query.php          | 20 +++++++++++++++-----
 wp-includes/version.php        |  2 +-
 5 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/wp-admin/upgrade-functions.php b/wp-admin/upgrade-functions.php
index 0d08e3ab6..6e103b7cd 100644
--- a/wp-admin/upgrade-functions.php
+++ b/wp-admin/upgrade-functions.php
@@ -173,7 +173,7 @@ function upgrade_all() {
 	if ( $wp_current_db_version < 3308 )
 		upgrade_160();
 
-	if ( $wp_current_db_version < 3672 )
+	if ( $wp_current_db_version < 3767 )
 		upgrade_210();
 
 	$wp_rewrite->flush_rules();
@@ -492,7 +492,7 @@ function upgrade_210() {
 		}
 	}
 
-	if ( $wp_current_db_version < 3513 ) {
+	if ( $wp_current_db_version < 3767 ) {
 		populate_roles_210();
 	}
 
diff --git a/wp-admin/upgrade-schema.php b/wp-admin/upgrade-schema.php
index fb7453846..1328f48a2 100644
--- a/wp-admin/upgrade-schema.php
+++ b/wp-admin/upgrade-schema.php
@@ -352,6 +352,12 @@ function populate_roles_210() {
 		$role->add_cap('delete_posts');
 		$role->add_cap('delete_others_posts');
 		$role->add_cap('delete_published_posts');
+		$role->add_cap('delete_private_posts');
+		$role->add_cap('edit_private_posts');
+		$role->add_cap('read_private_posts');
+		$role->add_cap('delete_private_pages');
+		$role->add_cap('edit_private_pages');
+		$role->add_cap('read_private_pages');
 	}
 
 	$role = get_role('author');
diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index ea571cbc4..f272dd325 100644
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -296,6 +296,8 @@ function map_meta_cap($cap, $user_id) {
 			// The post is published, extra cap required.
 			if ($post->post_status == 'publish')
 				$caps[] = 'delete_published_posts';
+			else if ($post->post_status == 'private')
+				$caps[] = 'delete_private_posts';
 		}
 		break;
 	case 'delete_page':
@@ -318,6 +320,8 @@ function map_meta_cap($cap, $user_id) {
 			// The page is published, extra cap required.
 			if ($page->post_status == 'publish')
 				$caps[] = 'delete_published_pages';
+			else if ($page->post_status == 'private')
+				$caps[] = 'delete_private_pages';
 		}
 		break;
 		// edit_post breaks down to edit_posts, edit_published_posts, or
@@ -346,6 +350,8 @@ function map_meta_cap($cap, $user_id) {
 			// The post is published, extra cap required.
 			if ($post->post_status == 'publish')
 				$caps[] = 'edit_published_posts';
+			else if ($post->post_status == 'private')
+				$caps[] = 'edit_private_posts';
 		}
 		break;
 	case 'edit_page':
@@ -368,6 +374,8 @@ function map_meta_cap($cap, $user_id) {
 			// The page is published, extra cap required.
 			if ($page->post_status == 'publish')
 				$caps[] = 'edit_published_pages';
+			else if ($page->post_status == 'private')
+				$caps[] = 'edit_private_pages';
 		}
 		break;
 	case 'read_post':
diff --git a/wp-includes/query.php b/wp-includes/query.php
index 8c8c06978..e6c82988a 100644
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@@ -828,13 +828,23 @@ class WP_Query {
 		} else {
 			$where .= " AND (post_type = '$post_type' AND (post_status = 'publish'";
 
-			if ( is_admin() )
+			if ( is_admin() ) {
 				$where .= " OR post_status = 'future' OR post_status = 'draft'";
 	
-			if ( is_user_logged_in() )
-				$where .= " OR post_author = $user_ID AND post_status = 'private'))";
-			else
-				$where .= '))';
+				if ( is_user_logged_in() ) {
+					if ( 'post' == $post_type )
+						$cap = 'edit_private_posts';
+					else
+						$cap = 'edit_private_pages';
+
+					if ( current_user_can($cap) )
+						$where .= "OR post_status = 'private'";
+					else
+					$where .= " OR post_author = $user_ID AND post_status = 'private'";
+				}
+			}
+
+			$where .= '))';
 		}
 
 		// Apply filters on where and join prior to paging so that any
diff --git a/wp-includes/version.php b/wp-includes/version.php
index c91a6bafd..6e315bed8 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -3,6 +3,6 @@
 // This just holds the version number, in a separate file so we can bump it without cluttering the SVN
 
 $wp_version = '2.1-alpha1';
-$wp_db_version = 3672;
+$wp_db_version = 3767;
 
 ?>
\ No newline at end of file