Make WordPress Core

Ticket #22417: 22417.2.diff

File 22417.2.diff, 2.5 KB (added by nacin, 12 years ago)
  • wp-admin/includes/post.php

     
    2626        if ( $update )
    2727                $post_data['ID'] = (int) $post_data['post_ID'];
    2828
     29        $ptype = get_post_type_object( $post_data['post_type'] );
     30
     31        if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
     32                if ( 'page' == $post_data['post_type'] )
     33                        return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
     34                else
     35                        return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
     36        } elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) {
     37                if ( 'page' == $post_data['post_type'] )
     38                        return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
     39                else
     40                        return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
     41        }
     42
    2943        if ( isset( $post_data['content'] ) )
    3044                $post_data['post_content'] = $post_data['content'];
    3145
     
    5165                }
    5266        }
    5367
    54         $ptype = get_post_type_object( $post_data['post_type'] );
    55         if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) {
    56                 if ( $update ) {
    57                         if ( ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
    58                                 if ( 'page' == $post_data['post_type'] ) {
    59                                         return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
    60                                 } else {
    61                                         return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
    62                                 }
    63                         }
    64                 } else {
    65                         if ( ! current_user_can( $ptype->cap->edit_others_posts )  ) {
    66                                 if ( 'page' == $post_data['post_type'] ) {
    67                                         return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
    68                                 } else {
    69                                         return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
    70                                 }
    71                         }
    72                 }
     68        if ( ! $update && isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] )
     69                 && ! current_user_can( $ptype->cap->edit_others_posts ) ) {
     70
     71                if ( 'page' == $post_data['post_type'] )
     72                        return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
     73                else
     74                        return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
    7375        }
    7476
    7577        // What to do based on which button they pressed