Changeset 21085

Timestamp:

06/15/2012 05:48:01 PM (13 years ago)

Author:

markjaquith

Message:

Make read_post more useful. Map read_post to edit_post for posts with protected post states. This makes read_post work naturally for draft, future, and pending posts belonging to other users. If the current user cannot edit these non-public posts then the user should not be able to read them either.

Backports [21046] for the 3.3 branch.

File:

• branches/3.3/wp-includes/capabilities.php (modified) (2 diffs)

branches/3.3/wp-includes/capabilities.php

@@ -1066 +1066 @@
         }
 
-        if ( 'private' != $post->post_status ) {
+        $status_obj = get_post_status_object( $post->post_status );
+        if ( $status_obj->public ) {
             $caps[] = $post_type->cap->read;
             break;
@@ -1080 +1081 @@
         if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID )
             $caps[] = $post_type->cap->read;
+        elseif ( $status_obj->private )
+            $caps[] = $post_type->cap->read_private_posts;
         else
-            $caps[] = $post_type->cap->read_private_posts;
+            $caps[] = map_meta_cap( 'edit_post', $user_id, $post->ID );
         break;
     case 'edit_post_meta':