WordPress.org
Get WordPress

Make WordPress Core

Ticket #32243: 32243_r2.diff

File 32243_r2.diff, 5.6 KB (added by nikonratm, 10 years ago)

updated to respect capabilities per post type

  • post.php

     
    53305330 *
    53315331 * @see get_private_posts_cap_sql()
    53325332 *
    5333  * @param string $post_type   Post type.
    5334  * @param bool   $full        Optional. Returns a full WHERE statement instead of just
    5335  *                            an 'andalso' term. Default true.
    5336  * @param int    $post_author Optional. Query posts having a single author ID. Default null.
    5337  * @param bool   $public_only Optional. Only return public posts. Skips cap checks for
    5338  *                            $current_user.  Default false.
     5333 * @param array/string  $post_types  Post type(s).
     5334 * @param bool          $full        Optional. Returns a full WHERE statement instead of just
     5335 *                                   an 'andalso' term. Default true.
     5336 * @param int           $post_author Optional. Query posts having a single author ID. Default null.
     5337 * @param bool          $public_only Optional. Only return public posts. Skips cap checks for
     5338 *                                   $current_user.  Default false.
    53395339 * @return string SQL WHERE code that can be added to a query.
    53405340 */
    5341 function get_posts_by_author_sql( $post_type, $full = true, $post_author = null, $public_only = false ) {
     5341function get_posts_by_author_sql( $post_types, $full = true, $post_author = null, $public_only = false ) {
    53425342        global $wpdb;
    5343 
    5344         // Private posts.
    5345         $post_type_obj = get_post_type_object( $post_type );
    5346         if ( ! $post_type_obj )
    5347                 return $full ? 'WHERE 1 = 0' : ' 1 = 0 ';
    5348 
     5343        if (is_string($post_types)) $post_types = explode(',', $post_types);
     5344               
    53495345        /**
    53505346         * Filter the capability to read private posts for a custom post type
    53515347         * when generating SQL for getting posts by author.
     
    53555351         *
    53565352         * @param string $cap Capability.
    53575353         */
    5358         if ( ! $cap = apply_filters( 'pub_priv_sql_capability', '' ) ) {
    5359                 $cap = $post_type_obj->cap->read_private_posts;
     5354        $cap_hooked = apply_filters( 'pub_priv_sql_capability', '' );
     5355               
     5356        $wheres = array();
     5357        foreach ($post_types as $post_type) {
     5358                $post_type_obj = get_post_type_object( $post_type );
     5359                if ( ! $post_type_obj )
     5360                        return $full ? 'WHERE 1 = 0' : ' 1 = 0 ';
     5361               
     5362                $cap = current_user_can( $post_type_obj->cap->read_private_posts );
     5363               
     5364                // Only need to check the cap if $public_only is false.
     5365                $post_status_sql = "post_status = 'publish'";
     5366                if ( false === $public_only ) {
     5367                        if ( !$cap_hooked && $cap ) {
     5368                                // Does the user have the capability to view private posts? Guess so.
     5369                                $post_status_sql .= " OR post_status = 'private'";
     5370                        } elseif ( is_user_logged_in() ) {
     5371                                // Users can view their own private posts.
     5372                                $id = get_current_user_id();
     5373                                if ( null === $post_author || ! $full ) {
     5374                                        $post_status_sql .= " OR post_status = 'private' AND post_author = $id";
     5375                                } elseif ( $id == (int) $post_author ) {
     5376                                        $post_status_sql .= " OR post_status = 'private'";
     5377                                } // else none
     5378                        } // else none
     5379                }
     5380                $wheres[] = "(post_type = '".$post_type."' AND (".$post_status_sql.'))';
    53605381        }
    5361 
    5362         $sql = $wpdb->prepare( 'post_type = %s', $post_type );
     5382       
     5383        $sql = '(' . implode(' OR ', $wheres) . ')';
    53635384
    53645385        if ( null !== $post_author ) {
    53655386                $sql .= $wpdb->prepare( ' AND post_author = %d', $post_author );
    53665387        }
    53675388
    5368         // Only need to check the cap if $public_only is false.
    5369         $post_status_sql = "post_status = 'publish'";
    5370         if ( false === $public_only ) {
    5371                 if ( current_user_can( $cap ) ) {
    5372                         // Does the user have the capability to view private posts? Guess so.
    5373                         $post_status_sql .= " OR post_status = 'private'";
    5374                 } elseif ( is_user_logged_in() ) {
    5375                         // Users can view their own private posts.
    5376                         $id = get_current_user_id();
    5377                         if ( null === $post_author || ! $full ) {
    5378                                 $post_status_sql .= " OR post_status = 'private' AND post_author = $id";
    5379                         } elseif ( $id == (int) $post_author ) {
    5380                                 $post_status_sql .= " OR post_status = 'private'";
    5381                         } // else none
    5382                 } // else none
    5383         }
    5384 
    5385         $sql .= " AND ($post_status_sql)";
    5386 
    53875389        if ( $full ) {
    53885390                $sql = 'WHERE ' . $sql;
    53895391        }
    5390 
     5392       
    53915393        return $sql;
    53925394}
    53935395Index: user.php

  • user.php

     
    254254 *
    255255 * @global wpdb $wpdb WordPress database object for queries.
    256256 *
    257  * @param int    $userid    User ID.
    258  * @param string $post_type Optional. Post type to count the number of posts for. Default 'post'.
     257 * @param int           $userid User ID.
     258 * @param array/string  $post_types Optional. Post type(s) to count the number of posts for. Default 'post'.
    259259 * @return int Number of posts the user has written in this post type.
    260260 */
    261 function count_user_posts( $userid, $post_type = 'post' ) {
     261function count_user_posts( $userid, $post_types = 'post' ) {
    262262        global $wpdb;
     263       
     264        if ( is_string( $post_types ) ) $post_types = explode(',', $post_types);
    263265
    264         $where = get_posts_by_author_sql( $post_type, true, $userid );
     266        $where = get_posts_by_author_sql( $post_types, true, $userid );
    265267
    266268        $count = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->posts $where" );
    267269
     
    273275         *
    274276         * @param int    $count     The user's post count.
    275277         * @param int    $userid    User ID.
    276          * @param string $post_type Post type to count the number of posts for.
     278         * @param array  $post_types Post types to count the number of posts for.
    277279         */
    278         return apply_filters( 'get_usernumposts', $count, $userid, $post_type );
     280        return apply_filters( 'get_usernumposts', $count, $userid, $post_types );
    279281}
    280282
    281283/**