Ticket #32243: 32243_3.diff
| File 32243_3.diff, 7.7 KB (added by , 10 years ago) |
|---|
-
src/wp-includes/post.php
5341 5341 * 5342 5342 * @see get_private_posts_cap_sql() 5343 5343 * 5344 * @param string $post_type Post type.5344 * @param array $post_types Post type(s). 5345 5345 * @param bool $full Optional. Returns a full WHERE statement instead of just 5346 5346 * an 'andalso' term. Default true. 5347 5347 * @param int $post_author Optional. Query posts having a single author ID. Default null. … … 5349 5349 * $current_user. Default false. 5350 5350 * @return string SQL WHERE code that can be added to a query. 5351 5351 */ 5352 function get_posts_by_author_sql( $post_type , $full = true, $post_author = null, $public_only = false ) {5352 function get_posts_by_author_sql( $post_types, $full = true, $post_author = null, $public_only = false ) { 5353 5353 global $wpdb; 5354 5354 5355 // Private posts. 5356 $post_type_obj = get_post_type_object( $post_type ); 5357 if ( ! $post_type_obj ) 5358 return $full ? 'WHERE 1 = 0' : ' 1 = 0 '; 5355 if ( is_string( $post_types ) ) $post_types = explode(',', $post_types); 5359 5356 5360 /** 5361 * Filter the capability to read private posts for a custom post type 5362 * when generating SQL for getting posts by author. 5363 * 5364 * @since 2.2.0 5365 * @deprecated 3.2.0 The hook transitioned from "somewhat useless" to "totally useless". 5366 * 5367 * @param string $cap Capability. 5368 */ 5369 if ( ! $cap = apply_filters( 'pub_priv_sql_capability', '' ) ) { 5370 $cap = $post_type_obj->cap->read_private_posts; 5357 $post_types_w_caps = array(); 5358 foreach ($post_types as $post_type) { 5359 $post_type_obj = get_post_type_object( $post_type ); 5360 if ( ! $post_type_obj ) 5361 return $full ? 'WHERE 1 = 0' : ' 1 = 0 '; 5362 5363 /** 5364 * Filter the capability to read private posts for a custom post type 5365 * when generating SQL for getting posts by author. 5366 * 5367 * @since 2.2.0 5368 * @deprecated 3.2.0 The hook transitioned from "somewhat useless" to "totally useless". 5369 * 5370 * @param string $cap Capability. 5371 */ 5372 if ( ! $cap = apply_filters( 'pub_priv_sql_capability', '' ) ) $cap = current_user_can( $post_type_obj->cap->read_private_posts ); 5373 5374 // Only need to check the cap if $public_only is false. 5375 $post_status_sql = "post_status = 'publish'"; 5376 if ( false === $public_only ) { 5377 if ( $cap ) { 5378 // Does the user have the capability to view private posts? Guess so. 5379 $post_status_sql .= " OR post_status = 'private'"; 5380 } elseif ( is_user_logged_in() ) { 5381 // Users can view their own private posts. 5382 $id = get_current_user_id(); 5383 if ( null === $post_author || ! $full ) { 5384 $post_status_sql .= " OR post_status = 'private' AND post_author = $id"; 5385 } elseif ( $id == (int) $post_author ) { 5386 $post_status_sql .= " OR post_status = 'private'"; 5387 } // else none 5388 } // else none 5389 } 5390 5391 $post_types_w_caps[] = "( post_type = '" . $post_type . "' AND ( $post_status_sql ) )"; 5371 5392 } 5372 5393 5373 $sql = $wpdb->prepare( 'post_type = %s', $post_type ); 5374 5394 // $post_type_sql = array_fill(0, count($post_types), '%s'); 5395 $sql = '( '.implode(' OR ', $post_types_w_caps).' )'; 5396 // $sql = $wpdb->prepare($where, $post_types); 5397 5375 5398 if ( null !== $post_author ) { 5376 5399 $sql .= $wpdb->prepare( ' AND post_author = %d', $post_author ); 5377 5400 } 5378 5401 5379 // Only need to check the cap if $public_only is false. 5380 $post_status_sql = "post_status = 'publish'"; 5381 if ( false === $public_only ) { 5382 if ( current_user_can( $cap ) ) { 5383 // Does the user have the capability to view private posts? Guess so. 5384 $post_status_sql .= " OR post_status = 'private'"; 5385 } elseif ( is_user_logged_in() ) { 5386 // Users can view their own private posts. 5387 $id = get_current_user_id(); 5388 if ( null === $post_author || ! $full ) { 5389 $post_status_sql .= " OR post_status = 'private' AND post_author = $id"; 5390 } elseif ( $id == (int) $post_author ) { 5391 $post_status_sql .= " OR post_status = 'private'"; 5392 } // else none 5393 } // else none 5394 } 5402 // $sql .= " AND ($post_status_sql)"; 5395 5403 5396 $sql .= " AND ($post_status_sql)";5397 5398 5404 if ( $full ) { 5399 5405 $sql = 'WHERE ' . $sql; 5400 5406 } -
src/wp-includes/user.php
254 254 * 255 255 * @global wpdb $wpdb WordPress database object for queries. 256 256 * 257 * @param int $useridUser ID.258 * @param string $post_type Optional. Post typeto count the number of posts for. Default 'post'.257 * @param int $userid User ID. 258 * @param array/string $post_types Optional. Post type(s) to count the number of posts for. Default 'post'. 259 259 * @return int Number of posts the user has written in this post type. 260 260 */ 261 function count_user_posts( $userid, $post_type = 'post' ) {261 function count_user_posts( $userid, $post_types = 'post' ) { 262 262 global $wpdb; 263 264 if ( is_string( $post_types ) ) $post_types = explode(',', $post_types); 263 265 264 $where = get_posts_by_author_sql( $post_type , true, $userid );266 $where = get_posts_by_author_sql( $post_types, true, $userid ); 265 267 266 268 $count = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->posts $where" ); 267 269 … … 273 275 * 274 276 * @param int $count The user's post count. 275 277 * @param int $userid User ID. 276 * @param string $post_type Post typeto count the number of posts for.278 * @param array $post_types Post types to count the number of posts for. 277 279 */ 278 return apply_filters( 'get_usernumposts', $count, $userid, $post_type );280 return apply_filters( 'get_usernumposts', $count, $userid, $post_types ); 279 281 } 280 282 281 283 /** -
tests/phpunit/tests/post/getPostsByAuthorSql.php
20 20 $this->assertContains( '1 = 0', $maybe_string ); 21 21 } 22 22 23 public function test_multiple_post_types(){ 24 register_post_type( 'foo' ); 25 register_post_type( 'bar' ); 26 27 $maybe_string = get_posts_by_author_sql( 'foo,bar' ); 28 $this->assertContains( "post_type = 'foo'", $maybe_string ); 29 $this->assertContains( "post_type = 'bar'", $maybe_string ); 30 31 _unregister_post_type( 'foo' ); 32 _unregister_post_type( 'bar' ); 33 } 34 23 35 public function test_full_true(){ 24 36 $maybe_string = get_posts_by_author_sql( 'post', true ); 25 37 $this->assertRegExp( '/^WHERE /', $maybe_string ); … … 112 124 113 125 wp_set_current_user( $current_user ); 114 126 } 127 128 public function test_user_has_access_only_to_private_posts_for_certain_post_types(){ 129 register_post_type( 'foo', array( 'capabilities' => array( 'read_private_posts' => 'read_private_foo' ) ) ); 130 register_post_type( 'bar', array( 'capabilities' => array( 'read_private_posts' => 'read_private_bar' ) ) ); 131 register_post_type( 'baz', array( 'capabilities' => array( 'read_private_posts' => 'read_private_baz' ) ) ); 132 $current_user = get_current_user_id(); 133 $u = $this->factory->user->create( array( 'role' => 'editor' ) ); 134 $editor_role = get_role('editor'); 135 $editor_role->add_cap( 'read_private_baz' ); 136 wp_set_current_user( $u ); 137 138 $maybe_string = get_posts_by_author_sql( 'foo,bar,baz' ); 139 $this->assertNotContains( "post_type = 'foo' AND ( post_status = 'publish' OR post_status = 'private' )", $maybe_string ); 140 $this->assertNotContains( "post_type = 'bar' AND ( post_status = 'publish' OR post_status = 'private' )", $maybe_string ); 141 $this->assertContains( "post_type = 'baz' AND ( post_status = 'publish' OR post_status = 'private' )", $maybe_string ); 142 143 _unregister_post_type( 'foo' ); 144 _unregister_post_type( 'bar' ); 145 _unregister_post_type( 'baz' ); 146 wp_set_current_user( $current_user ); 147 } 115 148 }