| 1646 | /** |
| 1647 | * This function provides a standardized way to appropriately select on |
| 1648 | * the post_status of posts/pages. The function will return a piece of |
| 1649 | * SQL code that can be added to a WHERE clause; this SQL is constructed |
| 1650 | * to allow all published posts, and all private posts to which the user |
| 1651 | * has access. |
| 1652 | * |
| 1653 | * @param string $post_type currently only supports 'post' or 'page'. |
| 1654 | * @return string SQL code that can be added to a where clause. |
| 1655 | */ |
| 1656 | function wp_get_pub_priv_sql($post_type) { |
| 1657 | global $user_ID; |
| 1658 | $cap = ''; |
| 1659 | |
| 1660 | // Private posts |
| 1661 | if ($post_type == 'post') { |
| 1662 | $cap = 'read_private_posts'; |
| 1663 | // Private pages |
| 1664 | } elseif ($post_type == 'page') { |
| 1665 | $cap = 'read_private_pages'; |
| 1666 | // Dunno what it is, maybe plugins have their own post type? |
| 1667 | } else { |
| 1668 | $cap = apply_filters('pub_priv_sql_capability', $cap); |
| 1669 | |
| 1670 | if (empty($cap)) { |
| 1671 | // We don't know what it is, filters don't change anything, |
| 1672 | // so set the SQL up to return nothing. |
| 1673 | return '1 = 0'; |
| 1674 | } |
| 1675 | } |
| 1676 | |
| 1677 | $sql = '(post_status = \'publish\''; |
| 1678 | |
| 1679 | if (current_user_can($cap)) { |
| 1680 | // Does the user have the capability to view private posts? Guess so. |
| 1681 | $sql .= ' OR post_status = \'private\''; |
| 1682 | } elseif (is_user_logged_in()) { |
| 1683 | // Users can view their own private posts. |
| 1684 | $sql .= ' OR post_status = \'private\' AND post_author \'' . $user_ID . '\''; |
| 1685 | } |
| 1686 | |
| 1687 | $sql .= ')'; |
| 1688 | |
| 1689 | return $sql; |
| 1690 | } |
| 1691 | |