diff --git wp-admin/includes/ajax-actions.php wp-admin/includes/ajax-actions.php
index 7a01af9..22982c9 100644
|
|
function wp_ajax_inline_save() { |
1512 | 1512 | if ( ! current_user_can( 'edit_page', $post_ID ) ) |
1513 | 1513 | wp_die( __( 'You are not allowed to edit this page.' ) ); |
1514 | 1514 | } else { |
1515 | | if ( ! current_user_can( 'edit_post', $post_ID ) ) |
| 1515 | $post = get_post( $post_ID ); |
| 1516 | $post_type_object = get_post_type_object( $post->post_type ); |
| 1517 | if ( ! current_user_can( $post_type_object->cap->edit_posts, $post_ID ) ) |
1516 | 1518 | wp_die( __( 'You are not allowed to edit this post.' ) ); |
1517 | 1519 | } |
1518 | 1520 | |
diff --git wp-admin/includes/class-wp-posts-list-table.php wp-admin/includes/class-wp-posts-list-table.php
index e626039..95148cc 100644
|
|
class WP_Posts_List_Table extends WP_List_Table { |
645 | 645 | $edit_link = get_edit_post_link( $post->ID ); |
646 | 646 | $title = _draft_or_post_title(); |
647 | 647 | $post_type_object = get_post_type_object( $post->post_type ); |
648 | | $can_edit_post = current_user_can( 'edit_post', $post->ID ); |
| 648 | $can_edit_post = current_user_can( $post_type_object->cap->edit_posts, $post->ID ); |
649 | 649 | |
650 | 650 | $classes = 'iedit author-' . ( get_current_user_id() == $post->post_author ? 'self' : 'other' ); |
651 | 651 | |
diff --git wp-admin/includes/media.php wp-admin/includes/media.php
index 7581196..f88e00b 100644
|
|
function wp_media_attach_action( $parent_id, $action = 'attach' ) { |
3039 | 3039 | if ( ! $parent_id ) { |
3040 | 3040 | return; |
3041 | 3041 | } |
3042 | | |
3043 | | if ( ! current_user_can( 'edit_post', $parent_id ) ) { |
| 3042 | $post = get_post( $post_ID ); |
| 3043 | $post_type_object = get_post_type_object( $post->post_type ); |
| 3044 | if ( ! current_user_can( $post_type_object->cap->edit_posts, $parent_id ) ) { |
3044 | 3045 | wp_die( __( 'You are not allowed to edit this post.' ) ); |
3045 | 3046 | } |
3046 | 3047 | $ids = array(); |
3047 | 3048 | foreach ( (array) $_REQUEST['media'] as $att_id ) { |
3048 | 3049 | $att_id = (int) $att_id; |
3049 | 3050 | |
3050 | | if ( ! current_user_can( 'edit_post', $att_id ) ) { |
| 3051 | if ( ! current_user_can( $post_type_object->cap->edit_posts, $att_id ) ) { |
3051 | 3052 | continue; |
3052 | 3053 | } |
3053 | 3054 | |
diff --git wp-admin/includes/post.php wp-admin/includes/post.php
index 9356ace..c4592fe 100644
|
|
function _wp_translate_postdata( $update = false, $post_data = null ) { |
28 | 28 | |
29 | 29 | $ptype = get_post_type_object( $post_data['post_type'] ); |
30 | 30 | |
31 | | if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) { |
| 31 | if ( $update && ! current_user_can( $ptype->cap->edit_posts, $post_data['ID'] ) ) { |
32 | 32 | if ( 'page' == $post_data['post_type'] ) |
33 | 33 | return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) ); |
34 | 34 | else |
… |
… |
function edit_post( $post_data = null ) { |
199 | 199 | } |
200 | 200 | |
201 | 201 | $ptype = get_post_type_object($post_data['post_type']); |
202 | | if ( !current_user_can( 'edit_post', $post_ID ) ) { |
| 202 | if ( !current_user_can( $ptype->cap->edit_posts, $post_ID ) ) { |
203 | 203 | if ( 'page' == $post_data['post_type'] ) |
204 | 204 | wp_die( __('You are not allowed to edit this page.' )); |
205 | 205 | else |
… |
… |
function post_preview() { |
1660 | 1660 | if ( ! $post = get_post( $post_ID ) ) { |
1661 | 1661 | wp_die( __( 'You are not allowed to edit this post.' ) ); |
1662 | 1662 | } |
1663 | | |
1664 | | if ( ! current_user_can( 'edit_post', $post->ID ) ) { |
| 1663 | $post_type_object = get_post_type_object( $post->post_type ); |
| 1664 | if ( ! current_user_can( $post_type_object->cap->edit_posts, $post->ID ) ) { |
1665 | 1665 | wp_die( __( 'You are not allowed to edit this post.' ) ); |
1666 | 1666 | } |
1667 | 1667 | |
diff --git wp-admin/post.php wp-admin/post.php
index 0c38b56..3bbb936 100644
|
|
case 'edit': |
152 | 152 | if ( ! $post_type_object ) |
153 | 153 | wp_die( __( 'Unknown post type.' ) ); |
154 | 154 | |
155 | | if ( ! current_user_can( 'edit_post', $post_id ) ) |
| 155 | if ( ! current_user_can( $post_type_object->cap->edit_posts, $post_id ) ) |
156 | 156 | wp_die( __( 'You are not allowed to edit this item.' ) ); |
157 | 157 | |
158 | 158 | if ( 'trash' == $post->post_status ) |
diff --git wp-includes/class-wp-xmlrpc-server.php wp-includes/class-wp-xmlrpc-server.php
index 898a322..46544d7 100644
|
|
class wp_xmlrpc_server extends IXR_Server { |
1174 | 1174 | if ( $update ) { |
1175 | 1175 | if ( ! get_post( $post_data['ID'] ) ) |
1176 | 1176 | return new IXR_Error( 401, __( 'Invalid post ID.' ) ); |
1177 | | if ( ! current_user_can( 'edit_post', $post_data['ID'] ) ) |
| 1177 | if ( ! current_user_can( $post_type->cap->edit_posts, $post_data['ID'] ) ) |
1178 | 1178 | return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); |
1179 | 1179 | if ( $post_data['post_type'] != get_post_type( $post_data['ID'] ) ) |
1180 | 1180 | return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); |
diff --git wp-includes/link-template.php wp-includes/link-template.php
index 1f90199..bfe384b 100644
|
|
function get_edit_post_link( $id = 0, $context = 'display' ) { |
1181 | 1181 | if ( !$post_type_object ) |
1182 | 1182 | return; |
1183 | 1183 | |
1184 | | if ( !current_user_can( 'edit_post', $post->ID ) ) |
| 1184 | if ( !current_user_can( $post_type_object->cap->edit_posts, $post->ID ) ) |
1185 | 1185 | return; |
1186 | 1186 | |
1187 | 1187 | /** |