Ticket #2613: private_query.diff

wp-includes/query.php

@@ -840 +840 @@
                 } else {
                         $where .= " AND (post_type = '$post_type' AND (post_status = 'publish'";
 
-                        if ( is_admin() )
+                        if ( is_admin() ) {
                                 $where .= " OR post_status = 'future' OR post_status = 'draft'";
-                        else
-                                $distinct = 'DISTINCT';
-        
-                        if ( is_user_logged_in() )
-                                $where .= " OR post_author = $user_ID AND post_status = 'private'))";
-                        else
-                                $where .= '))';
+
+                                // Users who can edit other's posts and pages can see all private posts.
+                                // Users who can edit only their own posts can see only their own private posts.
+                                if ( is_user_logged_in() ) {
+                                        if ( 'post' == $post_type )
+                                                $cap = 'edit_others_posts';
+                                        else
+                                                $cap = 'edit_others_pages';
+                                        if ( current_user_can($cap) )
+                                                $where .= "OR post_status = 'private'";
+                                        else
+                                                $where .= " OR post_author = $user_ID AND post_status = 'private'";
+                                }
+                        }
+                        
+                        $where .= '))';
                 }
 
                 // Apply filters on where and join prior to paging so that any