Don't let users who cannot publish edit published posts, even their own. Make consistent use of user_can_create_post(). http://mosquito.wordpress.org/view.php?id=1004 Props: MC_incubus

git-svn-id: http://svn.automattic.com/wordpress/trunk@2441 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2005-03-14 00:48:11 +00:00
parent 16b593ec35
commit c81c012981
4 changed files with 11 additions and 6 deletions

View File

@ -115,7 +115,7 @@ edCanvas = document.getElementById('content');
<?php
if ('publish' != $post_status || 0 == $post_ID) {
?>
<?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?>
<?php if ( user_can_create_post($user_ID) ) : ?>
<input name="publish" type="submit" id="publish" tabindex="10" value="<?php _e('Publish') ?>" />
<?php endif; ?>
<?php
@ -135,7 +135,7 @@ if ('publish' != $post_status || 0 == $post_ID) {
<table width="100%" cellspacing="2" cellpadding="5" class="editform">
<tr>
<th scope="row" valign="top"><?php _e('Post Status') ?>:</th>
<td><?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?>
<td><?php if ( user_can_create_post($user_ID) ) : ?>
<label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post_status, 'publish'); ?> /> <?php _e('Published') ?></label><br />
<?php endif; ?>
<label for="post_status_draft" class="selectit"><input id="post_status_draft" name="post_status" type="radio" value="draft" <?php checked($post_status, 'draft'); ?> /> <?php _e('Draft') ?></label><br />

View File

@ -58,7 +58,7 @@ edCanvas = document.getElementById('content');
<p class="submit"><input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" value="<?php _e('Save as Draft') ?>" />
<input name="saveasprivate" type="submit" id="saveasprivate" tabindex="10" value="<?php _e('Save as Private') ?>" />
<?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?>
<?php if ( user_can_create_post($user_ID) ) : ?>
<input name="publish" type="submit" id="publish" tabindex="6" style="font-weight: bold;" value="<?php _e('Publish') ?>" />
<?php endif; ?>

View File

@ -61,7 +61,7 @@ case 'post':
if ( empty($post_status) )
$post_status = 'draft';
// Double-check
if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) && 2 != get_option('new_users_can_blog') )
if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) )
$post_status = 'draft';
$comment_status = $_POST['comment_status'];
if ( empty($comment_status) && !isset($_POST['advanced_view']) )
@ -229,6 +229,11 @@ case 'edit':
if( 'private' == $postdata->post_status && $postdata->post_author != $user_ID )
die ( __('You are not allowed to view other users\' private posts.') );
if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) ) {
_e('You are not allowed to edit published posts.');
break;
}
if ($post_status == 'static') {
$page_template = get_post_meta($post_ID, '_wp_page_template', true);
include('edit-page-form.php');
@ -305,7 +310,7 @@ case 'editpost':
if (isset($_POST['publish'])) $post_status = 'publish';
// Double-check
if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) && 2 != get_option('new_users_can_blog') )
if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) )
$post_status = 'draft';
if (empty($post_name) || 'draft' == $post_status ) {

View File

@ -54,7 +54,7 @@ case 'register':
$user_nickname = $user_login;
$user_nicename = sanitize_title($user_nickname);
$now = gmdate('Y-m-d H:i:s');
if (get_settings('new_users_can_blog') >= 1) $user_level = 1;
$user_level = get_settings('new_users_can_blog');
$password = substr( md5( uniqid( microtime() ) ), 0, 7);
$result = $wpdb->query("INSERT INTO $wpdb->users