From 5922f7e2c48e0afa3f32fb65e7fb560e42db53af Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 2 Feb 2010 17:37:03 +0000 Subject: [PATCH] Allow customizing capabilities for custom post types. Always check caps against those in the post type object instead of contructing them manually. see #9674 git-svn-id: http://svn.automattic.com/wordpress/trunk@12927 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/edit-form-advanced.php | 5 ++- wp-admin/edit.php | 13 ++++--- wp-admin/includes/template.php | 61 +++++++++++++++++++-------------- wp-admin/post-new.php | 2 +- wp-admin/post.php | 9 ++--- wp-includes/post.php | 23 +++++++++---- 6 files changed, 64 insertions(+), 49 deletions(-) diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index 5b11fcde4..85a2b0b83 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -85,7 +85,6 @@ if ( 0 == $post_ID ) { } $post_type_object = get_post_type_object($post_type); -$post_type_cap = $post_type_object->capability_type; // All meta boxes should be defined and added before the first do_meta_boxes() call (or potentially during the do_meta_boxes action). require_once('includes/meta-boxes.php'); @@ -128,7 +127,7 @@ if ( post_type_supports($post_type, 'comments') ) if ( ('publish' == $post->post_status || 'private' == $post->post_status) && post_type_supports($post_type, 'comments') ) add_meta_box('commentsdiv', __('Comments'), 'post_comment_meta_box', $post_type, 'normal', 'core'); -if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_posts' ) ) ) +if ( !( 'pending' == $post->post_status && !current_user_can( $post_type_object->publish_cap ) ) ) add_meta_box('slugdiv', __('Slug'), 'post_slug_meta_box', $post_type, 'normal', 'core'); $authors = get_editable_user_ids( $current_user->id ); // TODO: ROLE SYSTEM @@ -192,7 +191,7 @@ $side_meta_boxes = do_meta_boxes($post_type, 'side', $post);
ID); -if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_' . $post_type_cap . 's' ) ) ) { ?> +if ( !( 'pending' == $post->post_status && !current_user_can( $post_type_object->publish_cap ) ) ) { ?>
ID) && ! empty($sample_permalink_html) ) : diff --git a/wp-admin/edit.php b/wp-admin/edit.php index 98b333198..ee0e4f9a1 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -27,7 +27,6 @@ else $_GET['post_type'] = $post_type; $post_type_object = get_post_type_object($post_type); -$post_type_cap = $post_type_object->capability_type; if ( 'post' != $post_type ) { $parent_file = "edit.php?post_type=$post_type"; @@ -72,7 +71,7 @@ if ( isset($_GET['doaction']) || isset($_GET['doaction2']) || isset($_GET['delet case 'trash': $trashed = 0; foreach( (array) $post_ids as $post_id ) { - if ( !current_user_can('delete_' . $post_type_cap, $post_id) ) + if ( !current_user_can($post_type_object->delete_cap, $post_id) ) wp_die( __('You are not allowed to move this item to the trash.') ); if ( !wp_trash_post($post_id) ) @@ -85,7 +84,7 @@ if ( isset($_GET['doaction']) || isset($_GET['doaction2']) || isset($_GET['delet case 'untrash': $untrashed = 0; foreach( (array) $post_ids as $post_id ) { - if ( !current_user_can('delete_' . $post_type_cap, $post_id) ) + if ( !current_user_can($post_type_object->delete_cap, $post_id) ) wp_die( __('You are not allowed to restore this item from the trash.') ); if ( !wp_untrash_post($post_id) ) @@ -100,7 +99,7 @@ if ( isset($_GET['doaction']) || isset($_GET['doaction2']) || isset($_GET['delet foreach( (array) $post_ids as $post_id ) { $post_del = & get_post($post_id); - if ( !current_user_can('delete_' . $post_type_cap, $post_id) ) + if ( !current_user_can($post_type_object->delete_cap, $post_id) ) wp_die( __('You are not allowed to delete this item.') ); if ( $post_del->post_type == 'attachment' ) { @@ -141,7 +140,7 @@ $title = sprintf(__('Edit %s'), $post_type_object->label); wp_enqueue_script('inline-edit-post'); $user_posts = false; -if ( !current_user_can('edit_others_' . $post_type_cap . 's') ) { +if ( !current_user_can($post_type_object->edit_others_cap) ) { $user_posts_count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(1) FROM $wpdb->posts WHERE post_type = '%s' AND post_status != 'trash' AND post_author = %d", $post_type, $current_user->ID) ); $user_posts = true; if ( $user_posts_count && empty($_GET['post_status']) && empty($_GET['all_posts']) && empty($_GET['author']) ) @@ -341,7 +340,7 @@ if ( is_object_in_taxonomy($post_type, 'category') ) { +if ( $is_trash && current_user_can($post_type_object->edit_others_cap) ) { ?>
@@ -388,7 +387,7 @@ if ( $page_links ) - +edit_others_cap) ) { ?>
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index bc631cede..2273cfb86 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -1128,7 +1128,7 @@ function inline_edit_row( $screen ) { $col_count = count($columns) - count($hidden); $m = ( isset($mode) && 'excerpt' == $mode ) ? 'excerpt' : 'list'; // @todo use capability_type - $can_publish = current_user_can("publish_{$screen->post_type}s"); + $can_publish = current_user_can($post_type_object->publish_cap); $core_columns = array( 'cb' => true, 'date' => true, 'title' => true, 'categories' => true, 'tags' => true, 'comments' => true, 'author' => true ); ?> @@ -1335,7 +1335,7 @@ function inline_edit_row( $screen ) { -post_type && $can_publish && current_user_can( 'edit_others_posts' ) ) : ?> +post_type && $can_publish && current_user_can( $post_type_object->edit_others_cap ) ) : ?> @@ -1357,7 +1357,7 @@ function inline_edit_row( $screen ) { - +
@@ -1404,8 +1404,8 @@ function inline_edit_row( $screen ) { * @param unknown_type $post */ function get_inline_data($post) { - - if ( ! current_user_can('edit_' . $post->post_type, $post->ID) ) + $post_type_object = get_post_type_object($post->post_type); + if ( ! current_user_can($post_type_object->edit_cap, $post->ID) ) return; $title = esc_attr($post->post_title); @@ -1426,17 +1426,23 @@ function get_inline_data($post) {
' . mysql2date( 's', $post->post_date, false ) . '
' . esc_html( $post->post_password ) . '
'; + if ( $post_type_object->hierarchical ) + echo '
' . $post->post_parent . '
'; + if ( $post->post_type == 'page' ) - echo ' -
' . $post->post_parent . '
-
' . esc_html( get_post_meta( $post->ID, '_wp_page_template', true ) ) . '
-
' . $post->menu_order . '
'; + echo '
' . esc_html( get_post_meta( $post->ID, '_wp_page_template', true ) ) . '
'; + + if ( $post_type_object->hierarchical ) + echo '
' . $post->menu_order . '
'; + + if ( is_object_in_taxonomy($post->post_type, 'post_tag') ) + echo '
' . esc_html( str_replace( ',', ', ', get_tags_to_edit($post->ID) ) ) . '
'; + + if ( is_object_in_taxonomy($post->post_type, 'post_tag') ) + echo '
' . implode( ',', wp_get_post_categories( $post->ID ) ) . '
'; if ( $post->post_type == 'post' ) - echo ' -
' . esc_html( str_replace( ',', ', ', get_tags_to_edit($post->ID) ) ) . '
-
' . implode( ',', wp_get_post_categories( $post->ID ) ) . '
-
' . (is_sticky($post->ID) ? 'sticky' : '') . '
'; + echo '
' . (is_sticky($post->ID) ? 'sticky' : '') . '
'; echo ''; } @@ -1495,6 +1501,7 @@ function _post_row($a_post, $pending_comments, $mode) { $post_owner = ( $current_user->ID == $post->post_author ? 'self' : 'other' ); $edit_link = get_edit_post_link( $post->ID ); $title = _draft_or_post_title(); + $post_type_object = get_post_type_object($post->post_type); ?> post_status ); ?> iedit' valign="top"> - ID ) ) { ?> + edit_cap, $post->ID ) ) { ?> - >ID) && $post->post_status != 'trash' ) { ?> + >edit_cap, $post->ID) && $post->post_status != 'trash' ) { ?> ID) && 'trash' != $post->post_status ) { + if ( current_user_can($post_type_object->edit_cap, $post->ID) && 'trash' != $post->post_status ) { $actions['edit'] = '' . __('Edit') . ''; $actions['inline hide-if-no-js'] = '' . __('Quick Edit') . ''; } - if ( current_user_can('delete_post', $post->ID) ) { + if ( current_user_can($post_type_object->delete_cap, $post->ID) ) { if ( 'trash' == $post->post_status ) $actions['untrash'] = "ID) . "'>" . __('Restore') . ""; elseif ( EMPTY_TRASH_DAYS ) @@ -1575,7 +1582,7 @@ function _post_row($a_post, $pending_comments, $mode) { $actions['delete'] = "ID) . "'>" . __('Delete Permanently') . ""; } if ( in_array($post->post_status, array('pending', 'draft')) ) { - if ( current_user_can('edit_post', $post->ID) ) + if ( current_user_can($post_type_object->edit_cap, $post->ID) ) $actions['view'] = '' . __('Preview') . ''; } elseif ( 'trash' != $post->post_status ) { $actions['view'] = '' . __('View') . ''; @@ -1658,13 +1665,13 @@ function _post_row($a_post, $pending_comments, $mode) { case 'control_edit': ?> - ID) ) { echo "" . __('Edit') . ""; } ?> + edit_cap, $post->ID) ) { echo "" . __('Edit') . ""; } ?> - ID) ) { echo "ID) . "' class='delete'>" . __('Delete') . ""; } ?> + delete_cap, $post->ID) ) { echo "ID) . "' class='delete'>" . __('Delete') . ""; } ?> post_type; + $post_type_object = get_post_type_object($post_type); ?> $column_display_name) { +foreach ( $posts_columns as $column_name => $column_display_name ) { $class = "class=\"$column_name column-$column_name\""; $style = ''; @@ -1780,14 +1788,14 @@ foreach ($posts_columns as $column_name=>$column_display_name) { $attributes = 'class="post-title page-title column-title"' . $style; $edit_link = get_edit_post_link( $page->ID ); ?> - >ID) && $post->post_status != 'trash' ) { ?> + >edit_cap, $page->ID) && $post->post_status != 'trash' ) { ?> ID) && $post->post_status != 'trash' ) { + if ( current_user_can($post_type_object->edit_cap, $page->ID) && $post->post_status != 'trash' ) { $actions['edit'] = '' . __('Edit') . ''; $actions['inline'] = '' . __('Quick Edit') . ''; } - if ( current_user_can('delete_page', $page->ID) ) { + if ( current_user_can($post_type_object->delete_cap, $page->ID) ) { if ( $post->post_status == 'trash' ) $actions['untrash'] = "ID) . "'>" . __('Restore') . ""; elseif ( EMPTY_TRASH_DAYS ) @@ -1796,7 +1804,7 @@ foreach ($posts_columns as $column_name=>$column_display_name) { $actions['delete'] = "ID) . "'>" . __('Delete Permanently') . ""; } if ( in_array($post->post_status, array('pending', 'draft')) ) { - if ( current_user_can('edit_page', $page->ID) ) + if ( current_user_can($post_type_object->edit_cap, $page->ID) ) $actions['view'] = '' . __('Preview') . ''; } elseif ( $post->post_status != 'trash' ) { $actions['view'] = '' . __('View') . ''; @@ -2214,7 +2222,8 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true, $comment = get_comment( $comment_id ); $post = get_post($comment->comment_post_ID); $the_comment_status = wp_get_comment_status($comment->comment_ID); - $user_can = current_user_can('edit_post', $post->ID); + $post_type_object = get_post_type_object($post->post_type); + $user_can = current_user_can($post_type_object->edit_cap, $post->ID); $author_url = get_comment_author_url(); if ( 'http://' == $author_url ) diff --git a/wp-admin/post-new.php b/wp-admin/post-new.php index 388619a8d..9753f9f57 100644 --- a/wp-admin/post-new.php +++ b/wp-admin/post-new.php @@ -49,7 +49,7 @@ When you’re promoted, just reload this page and you’ll be able to bl } // Show post form. -if ( current_user_can('edit_' . $post_type_object->capability_type . 's') ) { +if ( current_user_can($post_type_object->edit_type_cap) ) { $post = get_default_post_to_edit( $post_type ); include('edit-form-advanced.php'); } diff --git a/wp-admin/post.php b/wp-admin/post.php index 6e0778c7e..3ae40af29 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -25,7 +25,6 @@ else $post_ID = $post_id; $post = null; $post_type_object = null; -$post_type_cap = null; $post_type = null; if ( $post_id ) { $post = get_post($post_id); @@ -35,7 +34,6 @@ if ( $post_id ) { $post_type = $post->post_type; $current_screen->post_type = $post->post_type; $current_screen->id = $current_screen->post_type; - $post_type_cap = $post_type_object->capability_type; } } } elseif ( isset($_POST['post_type']) ) { @@ -44,7 +42,6 @@ if ( $post_id ) { $post_type = $post_type_object->name; $current_screen->post_type = $post_type; $current_screen->id = $current_screen->post_type; - $post_type_cap = $post_type_object->capability_type; } } @@ -233,7 +230,7 @@ case 'trash': $post = & get_post($post_id); - if ( !current_user_can('delete_' . $post_type_cap, $post_id) ) + if ( !current_user_can($post_type_object->delete_cap, $post_id) ) wp_die( __('You are not allowed to move this item to the trash.') ); if ( ! wp_trash_post($post_id) ) @@ -246,7 +243,7 @@ case 'trash': case 'untrash': check_admin_referer('untrash-' . $post_type . '_' . $post_id); - if ( !current_user_can('delete_' . $post_type_cap, $post_id) ) + if ( !current_user_can($post_type_object->delete_cap, $post_id) ) wp_die( __('You are not allowed to move this item out of the trash.') ); if ( ! wp_untrash_post($post_id) ) @@ -259,7 +256,7 @@ case 'untrash': case 'delete': check_admin_referer('delete-' . $post_type . '_' . $post_id); - if ( !current_user_can('delete_' . $post_type_cap, $post_id) ) + if ( !current_user_can($post_type_object->delete_cap, $post_id) ) wp_die( __('You are not allowed to delete this item.') ); $force = !EMPTY_TRASH_DAYS; diff --git a/wp-includes/post.php b/wp-includes/post.php index 8cba327e4..90d63b14e 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -700,6 +700,12 @@ function get_post_types( $args = array(), $output = 'names' ) { * publicly_queryable - Whether post_type queries can be performed from the front page. Defaults to whatever public is set as. * inherit_type - The post type from which to inherit the edit link and capability type. Defaults to none. * capability_type - The post type to use for checking read, edit, and delete capabilities. Defaults to "post". + * edit_cap - The capability that controls editing a particular object of this post type. Defaults to "edit_$capability_type" (edit_post). + * edit_type_cap - The capability that controls editing objects of this post type as a class. Defaults to "edit_ . $capability_type . s" (edit_posts). + * edit_others_cap - The capability that controls editing objects of this post type that are owned by other users. Defaults to "edit_others_ . $capability_type . s" (edit_others_posts). + * edit_others_cap - The capability that controls publishing objects of this post type. Defaults to "publish_ . $capability_type . s" (publish_posts). + * read_cap - The capability that controls reading a particular object of this post type. Defaults to "read_$capability_type" (read_post). + * delete_cap - The capability that controls deleting a particular object of this post type. Defaults to "delete_$capability_type" (delete_post). * hierarchical - Whether the post type is hierarchical. Defaults to false. * supports - An alias for calling add_post_type_support() directly. See add_post_type_support() for Documentation. Defaults to none. * @@ -736,15 +742,20 @@ function register_post_type($post_type, $args = array()) { if ( false === $args->label ) $args->label = $post_type; - if ( empty($args->capability_type) ) { - $args->edit_cap = ''; - $args->read_cap = ''; - $args->delete_cap = ''; - } else { + if ( empty($args->capability_type) ) + $args->capability_type = 'post'; + if ( empty($args->edit_cap) ) $args->edit_cap = 'edit_' . $args->capability_type; + if ( empty($args->edit_type_cap) ) + $args->edit_type_cap = 'edit_' . $args->capability_type . 's'; + if ( empty($args->edit_others_cap) ) + $args->edit_others_cap = 'edit_others_' . $args->capability_type . 's'; + if ( empty($args->publish_cap) ) + $args->publish_cap = 'publish_' . $args->capability_type . 's'; + if ( empty($args->read_cap) ) $args->read_cap = 'read_' . $args->capability_type; + if ( empty($args->delete_cap) ) $args->delete_cap = 'delete_' . $args->capability_type; - } if ( !$args->_builtin && $args->public ) $args->_show = true;