Make WordPress Core


Ignore:
Timestamp:
11/30/2012 02:03:47 PM (12 years ago)
Author:
ryan
Message:

Add a create_posts check to _wp_translate_postdata(). Move the edit_post check to the top of the function.

Props nacin
fixes #22417

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/post.php

    r22783 r22950  
    2626    if ( $update )
    2727        $post_data['ID'] = (int) $post_data['post_ID'];
     28
     29    $ptype = get_post_type_object( $post_data['post_type'] );
     30
     31    if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
     32        if ( 'page' == $post_data['post_type'] )
     33            return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
     34        else
     35            return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
     36    } elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) {
     37        if ( 'page' == $post_data['post_type'] )
     38            return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
     39        else
     40            return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
     41    }
    2842
    2943    if ( isset( $post_data['content'] ) )
     
    5266    }
    5367
    54     $ptype = get_post_type_object( $post_data['post_type'] );
    55     if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) {
    56         if ( $update ) {
    57             if ( ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
    58                 if ( 'page' == $post_data['post_type'] ) {
    59                     return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
    60                 } else {
    61                     return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
    62                 }
    63             }
    64         } else {
    65             if ( ! current_user_can( $ptype->cap->edit_others_posts )  ) {
    66                 if ( 'page' == $post_data['post_type'] ) {
    67                     return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
    68                 } else {
    69                     return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
    70                 }
    71             }
    72         }
     68    if ( ! $update && isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] )
     69         && ! current_user_can( $ptype->cap->edit_others_posts ) ) {
     70
     71        if ( 'page' == $post_data['post_type'] )
     72            return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
     73        else
     74            return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
    7375    }
    7476
Note: See TracChangeset for help on using the changeset viewer.