Ticket #23226: 23226.2.diff
| File 23226.2.diff, 11.8 KB (added by , 13 years ago) |
|---|
-
wp-includes/admin-bar.php
429 429 if ( 'post' == $current_screen->base 430 430 && 'add' != $current_screen->action 431 431 && ( $post_type_object = get_post_type_object( $post->post_type ) ) 432 && current_user_can( $post_type_object->cap->read_post, $post->ID )432 && current_user_can( 'read_post', $post->ID ) 433 433 && ( $post_type_object->public ) 434 434 && ( $post_type_object->show_in_admin_bar ) ) 435 435 { … … 457 457 458 458 if ( ! empty( $current_object->post_type ) 459 459 && ( $post_type_object = get_post_type_object( $current_object->post_type ) ) 460 && current_user_can( $post_type_object->cap->edit_post, $current_object->ID )460 && current_user_can( 'edit_post', $current_object->ID ) 461 461 && $post_type_object->show_ui && $post_type_object->show_in_admin_bar ) 462 462 { 463 463 $wp_admin_bar->add_menu( array( -
wp-includes/class-wp-xmlrpc-server.php
1001 1001 if ( $update ) { 1002 1002 if ( ! get_post( $post_data['ID'] ) ) 1003 1003 return new IXR_Error( 401, __( 'Invalid post ID.' ) ); 1004 if ( ! current_user_can( $post_type->cap->edit_post, $post_data['ID'] ) )1004 if ( ! current_user_can( 'edit_post', $post_data['ID'] ) ) 1005 1005 return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); 1006 1006 if ( $post_data['post_type'] != get_post_type( $post_data['ID'] ) ) 1007 1007 return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); … … 1306 1306 if ( empty( $post['ID'] ) ) 1307 1307 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 1308 1308 1309 $post_type = get_post_type_object( $post['post_type'] ); 1310 if ( ! current_user_can( $post_type->cap->delete_post, $post_id ) ) 1309 if ( ! current_user_can( 'delete_post', $post_id ) ) 1311 1310 return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) ); 1312 1311 1313 1312 $result = wp_delete_post( $post_id ); … … 1386 1385 if ( empty( $post['ID'] ) ) 1387 1386 return new IXR_Error( 404, __( 'Invalid post ID.' ) ); 1388 1387 1389 $post_type = get_post_type_object( $post['post_type'] ); 1390 if ( ! current_user_can( $post_type->cap->edit_post, $post_id ) ) 1388 if ( ! current_user_can( 'edit_post', $post_id ) ) 1391 1389 return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) ); 1392 1390 1393 1391 return $this->_prepare_post( $post, $fields ); … … 1480 1478 $struct = array(); 1481 1479 1482 1480 foreach ( $posts_list as $post ) { 1483 $post_type = get_post_type_object( $post['post_type'] ); 1484 if ( ! current_user_can( $post_type->cap->edit_post, $post['ID'] ) ) 1481 if ( ! current_user_can( 'edit_post', $post['ID'] ) ) 1485 1482 continue; 1486 1483 1487 1484 $struct[] = $this->_prepare_post( $post, $fields ); -
wp-includes/query.php
2426 2426 $post_type_object = get_post_type_object ( 'post' ); 2427 2427 } 2428 2428 2429 $edit_cap = 'edit_post'; 2430 $read_cap = 'read_post'; 2431 2429 2432 if ( ! empty( $post_type_object ) ) { 2430 $edit_cap = $post_type_object->cap->edit_post;2431 $read_cap = $post_type_object->cap->read_post;2432 2433 $edit_others_cap = $post_type_object->cap->edit_others_posts; 2433 2434 $read_private_cap = $post_type_object->cap->read_private_posts; 2434 2435 } else { 2435 $edit_cap = 'edit_' . $post_type_cap;2436 $read_cap = 'read_' . $post_type_cap;2437 2436 $edit_others_cap = 'edit_others_' . $post_type_cap . 's'; 2438 2437 $read_private_cap = 'read_private_' . $post_type_cap . 's'; 2439 2438 } -
wp-includes/link-template.php
905 905 if ( !$post_type_object ) 906 906 return; 907 907 908 if ( !current_user_can( $post_type_object->cap->edit_post, $post->ID ) )908 if ( !current_user_can( 'edit_post', $post->ID ) ) 909 909 return; 910 910 911 911 return apply_filters( 'get_edit_post_link', admin_url( sprintf($post_type_object->_edit_link . $action, $post->ID) ), $post->ID, $context ); … … 959 959 if ( !$post_type_object ) 960 960 return; 961 961 962 if ( !current_user_can( $post_type_object->cap->delete_post, $post->ID ) )962 if ( !current_user_can( 'delete_post', $post->ID ) ) 963 963 return; 964 964 965 965 $action = ( $force_delete || !EMPTY_TRASH_DAYS ) ? 'delete' : 'trash'; -
wp-admin/includes/class-wp-posts-list-table.php
474 474 $edit_link = get_edit_post_link( $post->ID ); 475 475 $title = _draft_or_post_title(); 476 476 $post_type_object = get_post_type_object( $post->post_type ); 477 $can_edit_post = current_user_can( $post_type_object->cap->edit_post, $post->ID );477 $can_edit_post = current_user_can( 'edit_post', $post->ID ); 478 478 479 479 $alternate = 'alternate' == $alternate ? '' : 'alternate'; 480 480 $classes = $alternate . ' iedit author-' . ( get_current_user_id() == $post->post_author ? 'self' : 'other' ); … … 566 566 $actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '" title="' . esc_attr( __( 'Edit this item' ) ) . '">' . __( 'Edit' ) . '</a>'; 567 567 $actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . esc_attr( __( 'Edit this item inline' ) ) . '">' . __( 'Quick Edit' ) . '</a>'; 568 568 } 569 if ( current_user_can( $post_type_object->cap->delete_post, $post->ID ) ) {569 if ( current_user_can( 'delete_post', $post->ID ) ) { 570 570 if ( 'trash' == $post->post_status ) 571 571 $actions['untrash'] = "<a title='" . esc_attr( __( 'Restore this item from the Trash' ) ) . "' href='" . wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&action=untrash', $post->ID ) ), 'untrash-post_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>"; 572 572 elseif ( EMPTY_TRASH_DAYS ) -
wp-admin/includes/post.php
28 28 29 29 $ptype = get_post_type_object( $post_data['post_type'] ); 30 30 31 if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {31 if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) { 32 32 if ( 'page' == $post_data['post_type'] ) 33 33 return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) ); 34 34 else … … 161 161 $post_data['post_mime_type'] = $post->post_mime_type; 162 162 163 163 $ptype = get_post_type_object($post_data['post_type']); 164 if ( !current_user_can( $ptype->cap->edit_post, $post_ID ) ) {164 if ( !current_user_can( 'edit_post', $post_ID ) ) { 165 165 if ( 'page' == $post_data['post_type'] ) 166 166 wp_die( __('You are not allowed to edit this page.' )); 167 167 else … … 363 363 foreach ( $post_IDs as $post_ID ) { 364 364 $post_type_object = get_post_type_object( get_post_type( $post_ID ) ); 365 365 366 if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) {366 if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( 'edit_post', $post_ID ) ) { 367 367 $skipped[] = $post_ID; 368 368 continue; 369 369 } -
wp-admin/includes/template.php
240 240 */ 241 241 function get_inline_data($post) { 242 242 $post_type_object = get_post_type_object($post->post_type); 243 if ( ! current_user_can( $post_type_object->cap->edit_post, $post->ID) )243 if ( ! current_user_can( 'edit_post', $post->ID ) ) 244 244 return; 245 245 246 246 $title = esc_textarea( trim( $post->post_title ) ); -
wp-admin/includes/media.php
447 447 $attachment = wp_unslash( $attachment ); 448 448 449 449 $post = $_post = get_post($attachment_id, ARRAY_A); 450 $post_type_object = get_post_type_object( $post[ 'post_type' ] );451 450 452 if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )451 if ( !current_user_can( 'edit_post', $attachment_id ) ) 453 452 continue; 454 453 455 454 if ( isset($attachment['post_content']) ) -
wp-admin/post.php
141 141 if ( null == $post_type_object ) 142 142 wp_die( __('Unknown post type.') ); 143 143 144 if ( !current_user_can( $post_type_object->cap->edit_post, $post_id) )144 if ( !current_user_can( 'edit_post', $post_id ) ) 145 145 wp_die( __('You are not allowed to edit this item.') ); 146 146 147 147 if ( 'trash' == $post->post_status ) … … 214 214 215 215 $post = get_post($post_id); 216 216 217 if ( !current_user_can( $post_type_object->cap->delete_post, $post_id) )217 if ( !current_user_can( 'delete_post', $post_id ) ) 218 218 wp_die( __('You are not allowed to move this item to the Trash.') ); 219 219 220 220 if ( ! wp_trash_post($post_id) ) … … 227 227 case 'untrash': 228 228 check_admin_referer('untrash-post_' . $post_id); 229 229 230 if ( !current_user_can( $post_type_object->cap->delete_post, $post_id) )230 if ( !current_user_can( 'delete_post', $post_id ) ) 231 231 wp_die( __('You are not allowed to move this item out of the Trash.') ); 232 232 233 233 if ( ! wp_untrash_post($post_id) ) … … 240 240 case 'delete': 241 241 check_admin_referer('delete-post_' . $post_id); 242 242 243 if ( !current_user_can( $post_type_object->cap->delete_post, $post_id) )243 if ( !current_user_can( 'delete_post', $post_id ) ) 244 244 wp_die( __('You are not allowed to delete this item.') ); 245 245 246 246 $force = !EMPTY_TRASH_DAYS; -
wp-admin/async-upload.php
47 47 $post = get_post( $id ); 48 48 if ( 'attachment' != $post->post_type ) 49 49 wp_die( __( 'Unknown post type.' ) ); 50 $post_type_object = get_post_type_object( 'attachment' ); 51 if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) ) 50 if ( ! current_user_can( 'edit_post', $id ) ) 52 51 wp_die( __( 'You are not allowed to edit this item.' ) ); 53 52 54 53 switch ( $_REQUEST['fetch'] ) { -
wp-admin/edit.php
77 77 case 'trash': 78 78 $trashed = 0; 79 79 foreach( (array) $post_ids as $post_id ) { 80 if ( !current_user_can( $post_type_object->cap->delete_post, $post_id) )80 if ( !current_user_can( 'delete_post', $post_id) ) 81 81 wp_die( __('You are not allowed to move this item to the Trash.') ); 82 82 83 83 if ( !wp_trash_post($post_id) ) … … 90 90 case 'untrash': 91 91 $untrashed = 0; 92 92 foreach( (array) $post_ids as $post_id ) { 93 if ( !current_user_can( $post_type_object->cap->delete_post, $post_id) )93 if ( !current_user_can( 'delete_post', $post_id) ) 94 94 wp_die( __('You are not allowed to restore this item from the Trash.') ); 95 95 96 96 if ( !wp_untrash_post($post_id) ) … … 105 105 foreach( (array) $post_ids as $post_id ) { 106 106 $post_del = get_post($post_id); 107 107 108 if ( !current_user_can( $post_type_object->cap->delete_post, $post_id) )108 if ( !current_user_can( 'delete_post', $post_id ) ) 109 109 wp_die( __('You are not allowed to delete this item.') ); 110 110 111 111 if ( $post_del->post_type == 'attachment' ) {