Add new page caps now that pages can be draft or publish. Brings page caps to parity with posts. Add delete caps for posts and pages. fixes #2382 #2336 #2301
git-svn-id: http://svn.automattic.com/wordpress/trunk@3513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
9f50b562b5
commit
d6d431c1be
|
|
@ -4,8 +4,13 @@
|
|||
function write_post() {
|
||||
global $user_ID;
|
||||
|
||||
if (!current_user_can('edit_posts'))
|
||||
die(__('You are not allowed to create posts or drafts on this blog.'));
|
||||
if ( 'page' == $_POST['post_type'] ) {
|
||||
if ( !current_user_can('edit_pages') )
|
||||
die(__('You are not allowed to create pages on this blog.'));
|
||||
} else {
|
||||
if ( !current_user_can('edit_posts') )
|
||||
die(__('You are not allowed to create posts or drafts on this blog.'));
|
||||
}
|
||||
|
||||
// Rename.
|
||||
$_POST['post_content'] = $_POST['content'];
|
||||
|
|
@ -15,15 +20,25 @@ function write_post() {
|
|||
|
||||
if (!empty ($_POST['post_author_override'])) {
|
||||
$_POST['post_author'] = (int) $_POST['post_author_override'];
|
||||
} else
|
||||
} else {
|
||||
if (!empty ($_POST['post_author'])) {
|
||||
$_POST['post_author'] = (int) $_POST['post_author'];
|
||||
} else {
|
||||
$_POST['post_author'] = (int) $_POST['user_ID'];
|
||||
}
|
||||
|
||||
if (($_POST['post_author'] != $_POST['user_ID']) && !current_user_can('edit_others_posts'))
|
||||
die(__('You cannot post as this user.'));
|
||||
}
|
||||
|
||||
if ($_POST['post_author'] != $_POST['user_ID']) {
|
||||
if ( 'page' == $_POST['post_type'] ) {
|
||||
if ( !current_user_can('edit_others_pages') )
|
||||
die(__('You cannot create pages as this user.'));
|
||||
} else {
|
||||
if ( !current_user_can('edit_others_posts') )
|
||||
die(__('You cannot post as this user.'));
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// What to do based on which button they pressed
|
||||
if ('' != $_POST['saveasdraft'])
|
||||
|
|
@ -34,14 +49,14 @@ function write_post() {
|
|||
$_POST['post_status'] = 'publish';
|
||||
if ('' != $_POST['advanced'])
|
||||
$_POST['post_status'] = 'draft';
|
||||
//if ('' != $_POST['savepage']) {
|
||||
// $_POST['post_status'] = 'draft';
|
||||
|
||||
if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts'))
|
||||
$_POST['post_status'] = 'draft';
|
||||
|
||||
if ('page' == $_POST['post_type'] && !current_user_can('edit_pages'))
|
||||
die(__('This user cannot edit pages.'));
|
||||
if ( 'page' == $_POST['post_type'] ) {
|
||||
if ('publish' == $_POST['post_status'] && !current_user_can('publish_pages'))
|
||||
$_POST['post_status'] = 'draft';
|
||||
} else {
|
||||
if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts'))
|
||||
$_POST['post_status'] = 'draft';
|
||||
}
|
||||
|
||||
if (!empty ($_POST['edit_date'])) {
|
||||
$aa = $_POST['aa'];
|
||||
|
|
@ -123,8 +138,13 @@ function edit_post() {
|
|||
|
||||
$post_ID = (int) $_POST['post_ID'];
|
||||
|
||||
if (!current_user_can('edit_post', $post_ID))
|
||||
die(__('You are not allowed to edit this post.'));
|
||||
if ( 'page' == $_POST['post_type'] ) {
|
||||
if ( !current_user_can('edit_page', $post_ID) )
|
||||
die(__('You are not allowed to edit this page.'));
|
||||
} else {
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
die(__('You are not allowed to edit this post.'));
|
||||
}
|
||||
|
||||
// Rename.
|
||||
$_POST['ID'] = (int) $_POST['post_ID'];
|
||||
|
|
@ -142,8 +162,16 @@ function edit_post() {
|
|||
$_POST['post_author'] = (int) $_POST['user_ID'];
|
||||
}
|
||||
|
||||
if (($_POST['post_author'] != $_POST['user_ID']) && !current_user_can('edit_others_posts'))
|
||||
die(__('You cannot post as this user.'));
|
||||
if ($_POST['post_author'] != $_POST['user_ID']) {
|
||||
if ( 'page' == $_POST['post_type'] ) {
|
||||
if ( !current_user_can('edit_others_pages') )
|
||||
die(__('You cannot edit pages as this user.'));
|
||||
} else {
|
||||
if ( !current_user_can('edit_others_posts') )
|
||||
die(__('You cannot edit posts as this user.'));
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// What to do based on which button they pressed
|
||||
if ('' != $_POST['saveasdraft'])
|
||||
|
|
@ -154,14 +182,14 @@ function edit_post() {
|
|||
$_POST['post_status'] = 'publish';
|
||||
if ('' != $_POST['advanced'])
|
||||
$_POST['post_status'] = 'draft';
|
||||
//if ('' != $_POST['savepage'])
|
||||
// $_POST['post_status'] = 'static';
|
||||
|
||||
if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts'))
|
||||
$_POST['post_status'] = 'draft';
|
||||
|
||||
if ('static' == $_POST['post_status'] && !current_user_can('edit_pages'))
|
||||
die(__('This user cannot edit pages.'));
|
||||
if ( 'page' == $_POST['post_type'] ) {
|
||||
if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_pages'))
|
||||
$_POST['post_status'] = 'draft';
|
||||
} else {
|
||||
if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_posts'))
|
||||
$_POST['post_status'] = 'draft';
|
||||
}
|
||||
|
||||
if (!isset ($_POST['comment_status']))
|
||||
$_POST['comment_status'] = 'closed';
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ addLoadEvent(focusit);
|
|||
</fieldset>
|
||||
|
||||
<fieldset id="passworddiv" class="dbx-box">
|
||||
<h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3>
|
||||
<h3 class="dbx-handle"><?php _e('Password-Protect Page') ?></h3>
|
||||
<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
|
||||
</fieldset>
|
||||
|
||||
|
|
@ -90,13 +90,13 @@ addLoadEvent(focusit);
|
|||
<?php } ?>
|
||||
|
||||
<fieldset id="slugdiv" class="dbx-box">
|
||||
<h3 class="dbx-handle"><?php _e('Post slug') ?></h3>
|
||||
<h3 class="dbx-handle"><?php _e('Page slug') ?></h3>
|
||||
<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
|
||||
</fieldset>
|
||||
|
||||
<?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
|
||||
<fieldset id="authordiv" class="dbx-box">
|
||||
<h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3>
|
||||
<h3 class="dbx-handle"><?php _e('Page author'); ?>:</h3>
|
||||
<div class="dbx-content">
|
||||
<select name="post_author_override" id="post_author_override">
|
||||
<?php
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ if ($posts) {
|
|||
if ( isset($_GET['s']) ) {
|
||||
foreach ( $posts as $post ) :
|
||||
$class = ('alternate' != $class) ? 'alternate' : ''; ?>
|
||||
<tr id='page-<?php echo $id; ?>' class='<?php echo $class; ?>'>
|
||||
<tr id='page-<?php echo $post->ID; ?>' class='<?php echo $class; ?>'>
|
||||
<th scope="row"><?php echo $post->ID; ?></th>
|
||||
<td>
|
||||
<?php echo $pad; ?><?php the_title() ?>
|
||||
|
|
@ -51,8 +51,8 @@ foreach ( $posts as $post ) :
|
|||
<td><?php the_author() ?></td>
|
||||
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
|
||||
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
|
||||
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
|
||||
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
||||
<td><?php if ( current_user_can('edit_page', $post->ID) ) { echo "<a href='post.php?action=edit&post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
|
||||
<td><?php if ( current_user_can('delete_page', $post->ID) ) { echo "<a href='post.php?action=delete&post=$post->ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
||||
</tr>
|
||||
<?php
|
||||
endforeach;
|
||||
|
|
|
|||
|
|
@ -210,7 +210,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
|
|||
|
||||
case 'control_delete':
|
||||
?>
|
||||
<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
||||
<td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
||||
<?php
|
||||
break;
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ function upgrade_all() {
|
|||
if ( $wp_current_db_version < 3308 )
|
||||
upgrade_160();
|
||||
|
||||
if ( $wp_current_db_version < 3506 )
|
||||
if ( $wp_current_db_version < 3513 )
|
||||
upgrade_210();
|
||||
|
||||
$wp_rewrite->flush_rules();
|
||||
|
|
@ -332,22 +332,28 @@ function upgrade_160() {
|
|||
function upgrade_210() {
|
||||
global $wpdb, $table_prefix, $wp_current_db_version;
|
||||
|
||||
// Update status and type.
|
||||
$posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts");
|
||||
if ( $wp_current_db_version < 3506 ) {
|
||||
// Update status and type.
|
||||
$posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts");
|
||||
|
||||
if ( ! empty($posts) ) foreach ($posts as $post) {
|
||||
$status = $post->post_status;
|
||||
$type = 'post';
|
||||
if ( ! empty($posts) ) foreach ($posts as $post) {
|
||||
$status = $post->post_status;
|
||||
$type = 'post';
|
||||
|
||||
if ( 'static' == $status ) {
|
||||
$status = 'publish';
|
||||
$type = 'page';
|
||||
} else if ( 'attachment' == $status ) {
|
||||
$status = 'inherit';
|
||||
$type = 'attachment';
|
||||
}
|
||||
if ( 'static' == $status ) {
|
||||
$status = 'publish';
|
||||
$type = 'page';
|
||||
} else if ( 'attachment' == $status ) {
|
||||
$status = 'inherit';
|
||||
$type = 'attachment';
|
||||
}
|
||||
|
||||
$wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'");
|
||||
$wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'");
|
||||
}
|
||||
}
|
||||
|
||||
if ( $wp_current_db_version < 3513 ) {
|
||||
populate_roles_210();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -244,7 +244,8 @@ function populate_options() {
|
|||
}
|
||||
|
||||
function populate_roles() {
|
||||
populate_roles_160();
|
||||
populate_roles_160();
|
||||
populate_roles_210();
|
||||
}
|
||||
|
||||
function populate_roles_160() {
|
||||
|
|
@ -336,4 +337,34 @@ function populate_roles_160() {
|
|||
$role->add_cap('level_0');
|
||||
}
|
||||
|
||||
function populate_roles_210() {
|
||||
$roles = array('administrator', 'editor');
|
||||
foreach ($roles as $role) {
|
||||
$role = get_role($role);
|
||||
if ( empty($role) )
|
||||
continue;
|
||||
|
||||
$role->add_cap('edit_others_pages');
|
||||
$role->add_cap('edit_published_pages');
|
||||
$role->add_cap('publish_pages');
|
||||
$role->add_cap('delete_pages');
|
||||
$role->add_cap('delete_others_pages');
|
||||
$role->add_cap('delete_published_pages');
|
||||
$role->add_cap('delete_posts');
|
||||
$role->add_cap('delete_others_posts');
|
||||
$role->add_cap('delete_published_posts');
|
||||
}
|
||||
|
||||
$role = get_role('author');
|
||||
if ( ! empty($role) ) {
|
||||
$role->add_cap('delete_posts');
|
||||
$role->add_cap('delete_published_posts');
|
||||
}
|
||||
|
||||
$role = get_role('contributor');
|
||||
if ( ! empty($role) ) {
|
||||
$role->add_cap('delete_posts');
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -253,6 +253,50 @@ function map_meta_cap($cap, $user_id) {
|
|||
$caps = array();
|
||||
|
||||
switch ($cap) {
|
||||
case 'delete_post':
|
||||
$author_data = get_userdata($user_id);
|
||||
//echo "post ID: {$args[0]}<br/>";
|
||||
$post = get_post($args[0]);
|
||||
$post_author_data = get_userdata($post->post_author);
|
||||
//echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br/>";
|
||||
// If the user is the author...
|
||||
if ($user_id == $post_author_data->ID) {
|
||||
// If the post is published...
|
||||
if ($post->post_status == 'publish')
|
||||
$caps[] = 'delete_published_posts';
|
||||
else
|
||||
// If the post is draft...
|
||||
$caps[] = 'delete_posts';
|
||||
} else {
|
||||
// The user is trying to edit someone else's post.
|
||||
$caps[] = 'delete_others_posts';
|
||||
// The post is published, extra cap required.
|
||||
if ($post->post_status == 'publish')
|
||||
$caps[] = 'delete_published_posts';
|
||||
}
|
||||
break;
|
||||
case 'delete_page':
|
||||
$author_data = get_userdata($user_id);
|
||||
//echo "post ID: {$args[0]}<br/>";
|
||||
$page = get_page($args[0]);
|
||||
$page_author_data = get_userdata($post->post_author);
|
||||
//echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br/>";
|
||||
// If the user is the author...
|
||||
if ($user_id == $page_author_data->ID) {
|
||||
// If the page is published...
|
||||
if ($page->post_status == 'publish')
|
||||
$caps[] = 'delete_published_pages';
|
||||
else
|
||||
// If the page is draft...
|
||||
$caps[] = 'delete_pages';
|
||||
} else {
|
||||
// The user is trying to edit someone else's page.
|
||||
$caps[] = 'delete_others_pages';
|
||||
// The page is published, extra cap required.
|
||||
if ($page->post_status == 'publish')
|
||||
$caps[] = 'delete_published_pages';
|
||||
}
|
||||
break;
|
||||
// edit_post breaks down to edit_posts, edit_published_posts, or
|
||||
// edit_others_posts
|
||||
case 'edit_post':
|
||||
|
|
@ -266,17 +310,10 @@ function map_meta_cap($cap, $user_id) {
|
|||
// If the post is published...
|
||||
if ($post->post_status == 'publish')
|
||||
$caps[] = 'edit_published_posts';
|
||||
else if ($post->post_status == 'static')
|
||||
$caps[] = 'edit_pages';
|
||||
else
|
||||
// If the post is draft...
|
||||
$caps[] = 'edit_posts';
|
||||
} else {
|
||||
if ($post->post_status == 'static') {
|
||||
$caps[] = 'edit_pages';
|
||||
break;
|
||||
}
|
||||
|
||||
// The user is trying to edit someone else's post.
|
||||
$caps[] = 'edit_others_posts';
|
||||
// The post is published, extra cap required.
|
||||
|
|
@ -284,6 +321,28 @@ function map_meta_cap($cap, $user_id) {
|
|||
$caps[] = 'edit_published_posts';
|
||||
}
|
||||
break;
|
||||
case 'edit_page':
|
||||
$author_data = get_userdata($user_id);
|
||||
//echo "post ID: {$args[0]}<br/>";
|
||||
$page = get_page($args[0]);
|
||||
$page_author_data = get_userdata($post->post_author);
|
||||
//echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br/>";
|
||||
// If the user is the author...
|
||||
if ($user_id == $page_author_data->ID) {
|
||||
// If the page is published...
|
||||
if ($page->post_status == 'publish')
|
||||
$caps[] = 'edit_published_pages';
|
||||
else
|
||||
// If the page is draft...
|
||||
$caps[] = 'edit_pages';
|
||||
} else {
|
||||
// The user is trying to edit someone else's page.
|
||||
$caps[] = 'edit_others_pages';
|
||||
// The page is published, extra cap required.
|
||||
if ($page->post_status == 'publish')
|
||||
$caps[] = 'edit_published_pages';
|
||||
}
|
||||
break;
|
||||
case 'read_post':
|
||||
$post = get_post($args[0]);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,6 @@
|
|||
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN
|
||||
|
||||
$wp_version = '2.1-aplha1';
|
||||
$wp_db_version = 3506;
|
||||
$wp_db_version = 3513;
|
||||
|
||||
?>
|
||||
Loading…
Reference in New Issue