| | 1646 | /** |
| | 1647 | * This function provides a standardized way to appropriately select on |
| | 1648 | * the post_status of posts/pages. The function will return a piece of |
| | 1649 | * SQL code that can be added to a WHERE clause; this SQL is constructed |
| | 1650 | * to allow all published posts, and all private posts to which the user |
| | 1651 | * has access. |
| | 1652 | * |
| | 1653 | * @param string $post_type currently only supports 'post' or 'page'. |
| | 1654 | * @return string SQL code that can be added to a where clause. |
| | 1655 | */ |
| | 1656 | function wp_get_pub_priv_sql($post_type) { |
| | 1657 | global $user_ID; |
| | 1658 | $cap = ''; |
| | 1659 | |
| | 1660 | // Private posts |
| | 1661 | if ($post_type == 'post') { |
| | 1662 | $cap = 'read_private_posts'; |
| | 1663 | // Private pages |
| | 1664 | } elseif ($post_type == 'page') { |
| | 1665 | $cap = 'read_private_pages'; |
| | 1666 | // Dunno what it is, maybe plugins have their own post type? |
| | 1667 | } else { |
| | 1668 | $cap = apply_filters('pub_priv_sql_capability', $cap); |
| | 1669 | |
| | 1670 | if (empty($cap)) { |
| | 1671 | // We don't know what it is, filters don't change anything, |
| | 1672 | // so set the SQL up to return nothing. |
| | 1673 | return '1 = 0'; |
| | 1674 | } |
| | 1675 | } |
| | 1676 | |
| | 1677 | $sql = '(post_status = \'publish\''; |
| | 1678 | |
| | 1679 | if (current_user_can($cap)) { |
| | 1680 | // Does the user have the capability to view private posts? Guess so. |
| | 1681 | $sql .= ' OR post_status = \'private\''; |
| | 1682 | } elseif (is_user_logged_in()) { |
| | 1683 | // Users can view their own private posts. |
| | 1684 | $sql .= ' OR post_status = \'private\' AND post_author \'' . $user_ID . '\''; |
| | 1685 | } |
| | 1686 | |
| | 1687 | $sql .= ')'; |
| | 1688 | |
| | 1689 | return $sql; |
| | 1690 | } |
| | 1691 | |
