From c81c012981497301a010d5589586e60557caa8dd Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Mon, 14 Mar 2005 00:48:11 +0000
Subject: [PATCH] Don't let users who cannot publish edit published posts, even
 their own.  Make consistent use of user_can_create_post().
 http://mosquito.wordpress.org/view.php?id=1004 Props: MC_incubus

git-svn-id: http://svn.automattic.com/wordpress/trunk@2441 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/edit-form-advanced.php | 4 ++--
 wp-admin/edit-form.php          | 2 +-
 wp-admin/post.php               | 9 +++++++--
 wp-register.php                 | 2 +-
 4 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php
index 992aed123..a7caf2005 100644
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -115,7 +115,7 @@ edCanvas = document.getElementById('content');
 <?php 
 if ('publish' != $post_status || 0 == $post_ID) {
 ?>
-<?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?>
+<?php if ( user_can_create_post($user_ID) ) : ?>
 	<input name="publish" type="submit" id="publish" tabindex="10" value="<?php _e('Publish') ?>" /> 
 <?php endif; ?>
 <?php
@@ -135,7 +135,7 @@ if ('publish' != $post_status || 0 == $post_ID) {
 <table width="100%" cellspacing="2" cellpadding="5" class="editform">
 	<tr>
 		<th scope="row" valign="top"><?php _e('Post Status') ?>:</th>
-		<td><?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?>
+		<td><?php if ( user_can_create_post($user_ID) ) : ?>
 <label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post_status, 'publish'); ?> /> <?php _e('Published') ?></label><br />
 <?php endif; ?>
 	  <label for="post_status_draft" class="selectit"><input id="post_status_draft" name="post_status" type="radio" value="draft" <?php checked($post_status, 'draft'); ?> /> <?php _e('Draft') ?></label><br />
diff --git a/wp-admin/edit-form.php b/wp-admin/edit-form.php
index 0407666fb..a528da20f 100644
--- a/wp-admin/edit-form.php
+++ b/wp-admin/edit-form.php
@@ -58,7 +58,7 @@ edCanvas = document.getElementById('content');
 <p class="submit"><input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" value="<?php _e('Save as Draft') ?>" /> 
   <input name="saveasprivate" type="submit" id="saveasprivate" tabindex="10" value="<?php _e('Save as Private') ?>" />
 
-<?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?>
+	 <?php if ( user_can_create_post($user_ID) ) : ?>
   <input name="publish" type="submit" id="publish" tabindex="6" style="font-weight: bold;" value="<?php _e('Publish') ?>" /> 
 <?php endif; ?>
 
diff --git a/wp-admin/post.php b/wp-admin/post.php
index 934f5ea5b..17cf9909c 100644
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -61,7 +61,7 @@ case 'post':
 	if ( empty($post_status) )
 		$post_status = 'draft';
 	// Double-check
-	if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) && 2 != get_option('new_users_can_blog') )
+	if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) )
 		$post_status = 'draft';
 	$comment_status = $_POST['comment_status'];
 	if ( empty($comment_status) && !isset($_POST['advanced_view']) )
@@ -229,6 +229,11 @@ case 'edit':
 	if( 'private' == $postdata->post_status && $postdata->post_author != $user_ID )
 		die ( __('You are not allowed to view other users\' private posts.') );
 
+	if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) ) {
+		 _e('You are not allowed to edit published posts.');
+		 break;
+	}
+
 	if ($post_status == 'static') {
 		$page_template = get_post_meta($post_ID, '_wp_page_template', true);
 		include('edit-page-form.php');
@@ -305,7 +310,7 @@ case 'editpost':
 	
 	if (isset($_POST['publish'])) $post_status = 'publish';
 	// Double-check
-	if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) && 2 != get_option('new_users_can_blog') )
+	if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) )
 		$post_status = 'draft';
 
 	if (empty($post_name) || 'draft' == $post_status ) {
diff --git a/wp-register.php b/wp-register.php
index e7b90e41d..e8eac7ad0 100644
--- a/wp-register.php
+++ b/wp-register.php
@@ -54,7 +54,7 @@ case 'register':
 	$user_nickname = $user_login;
    $user_nicename = sanitize_title($user_nickname);
 	$now = gmdate('Y-m-d H:i:s');
-	if (get_settings('new_users_can_blog') >= 1) $user_level = 1;
+	$user_level = get_settings('new_users_can_blog');
 	$password = substr( md5( uniqid( microtime() ) ), 0, 7);
 
 	$result = $wpdb->query("INSERT INTO $wpdb->users