WordPress.org

Make WordPress Core

Changeset 14130


Ignore:
Timestamp:
04/18/10 04:26:39 (5 years ago)
Author:
dd32
Message:

Update _wp_translate_postdata() capability checks to use Post Type API capability fields. Props duck_. Fixes #12987

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/post.php

    r14124 r14130  
    4545    } 
    4646 
     47    $ptype = get_post_type_object( $post_data['post_type'] ); 
    4748    if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) { 
    48         if ( 'page' == $post_data['post_type'] ) { 
    49             if ( !current_user_can( 'edit_others_pages' ) ) { 
     49        if ( !current_user_can( $ptype->edit_others_cap ) ) { 
     50            if ( 'page' == $post_data['post_type'] ) { 
    5051                return new WP_Error( 'edit_others_pages', $update ? 
    5152                    __( 'You are not allowed to edit pages as this user.' ) : 
    5253                    __( 'You are not allowed to create pages as this user.' ) 
    5354                ); 
    54             } 
    55         } else { 
    56             if ( !current_user_can( 'edit_others_posts' ) ) { 
     55            } else { 
    5756                return new WP_Error( 'edit_others_posts', $update ? 
    5857                    __( 'You are not allowed to edit posts as this user.' ) : 
     
    8382    // Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published. 
    8483    // Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts. 
    85     if ( isset( $post_data['post_type'] ) && 'page' == $post_data['post_type'] ) { 
    86         $publish_cap = 'publish_pages'; 
    87         $edit_cap = 'edit_published_pages'; 
    88     } else { 
    89         $publish_cap = 'publish_posts'; 
    90         $edit_cap = 'edit_published_posts'; 
    91     } 
    92     if ( isset($post_data['post_status']) && ('publish' == $post_data['post_status'] && !current_user_can( $publish_cap )) ) 
    93         if ( $previous_status != 'publish' || !current_user_can( $edit_cap ) ) 
     84    if ( isset($post_data['post_status']) && ('publish' == $post_data['post_status'] && !current_user_can( $ptype->publish_cap )) ) 
     85        if ( $previous_status != 'publish' || !current_user_can( 'edit_post', $post_id ) ) 
    9486            $post_data['post_status'] = 'pending'; 
    9587 
Note: See TracChangeset for help on using the changeset viewer.