Capability updates for xmlrpc.

git-svn-id: http://svn.automattic.com/wordpress/trunk@2846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2005-09-07 00:20:04 +00:00
parent 17a433ac05
commit c2fd7b83dc
1 changed files with 18 additions and 26 deletions

View File

@ -367,14 +367,15 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error;
}
$user_data = get_userdatabylogin($user_login);
if (!user_can_create_post($user_data->ID, $blog_ID)) {
$cap = ($publish) ? 'publish_posts' : 'edit_posts';
$user = new WP_User($user_login);
if ( !$user->has_cap($cap) )
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
}
$post_status = ($publish) ? 'publish' : 'draft';
$post_author = $user_data->ID;
$post_author = $user->ID;
$post_title = xmlrpc_getposttitle($content);
$post_category = xmlrpc_getpostcategory($content);
@ -424,12 +425,9 @@ class wp_xmlrpc_server extends IXR_Server {
$this->escape($actual_post);
$post_author_data = get_userdata($actual_post['post_author']);
$user_data = get_userdatabylogin($user_login);
if (!user_can_edit_post($user_data->ID, $post_ID)) {
$user = new WP_User($user_login);
if ( !$user->has_cap('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.');
}
extract($actual_post);
@ -475,11 +473,9 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error(404, 'Sorry, no such post.');
}
$user_data = get_userdatabylogin($user_login);
if (!user_can_delete_post($user_data->ID, $post_ID)) {
$user = new WP_User($user_login);
if ( !$user->has_cap('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.');
}
$result = wp_delete_post($post_ID);
@ -513,12 +509,11 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error;
}
$user_data = get_userdatabylogin($user_login);
if (!user_can_create_post($user_data->ID, $blog_ID)) {
$user = new WP_User($user_login);
if ( !$user->has_cap('publish_posts', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.');
}
$post_author = $user_data->ID;
$post_author = $user->ID;
$post_title = $content_struct['title'];
$post_content = apply_filters( 'content_save_pre', $content_struct['description'] );
@ -594,10 +589,9 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error;
}
$user_data = get_userdatabylogin($user_login);
if (!user_can_edit_post($user_data->ID, $post_ID)) {
$user = new WP_User($user_login);
if ( !$user->has_cap('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not edit this post.');
}
$postdata = wp_get_single_post($post_ID, ARRAY_A);
extract($postdata);
@ -1014,10 +1008,9 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error;
}
$user_data = get_userdatabylogin($user_login);
if (!user_can_edit_post($user_data->ID, $post_ID)) {
$user = new WP_User($user_login);
if ( !$user->has_cap('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not edit this post.');
}
foreach($categories as $cat) {
$catids[] = $cat['categoryId'];
@ -1097,10 +1090,9 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->error;
}
$user_data = get_userdatabylogin($user_login);
if (!user_can_edit_post($user_data->ID, $post_ID)) {
$user = new WP_User($user_login);
if ( !$user->has_cap('edit_post', $post_ID) )
return new IXR_Error(401, 'Sorry, you can not edit this post.');
}
$postdata = wp_get_single_post($post_ID,ARRAY_A);