Make WordPress Core

Changeset 24593


Ignore:
Timestamp:
07/08/2013 08:05:42 PM (11 years ago)
Author:
nacin
Message:

Use meta caps edit_post, read_post, and delete_post directly, rather than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226.

Location:
trunk
Files:
12 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/async-upload.php

    r24214 r24593  
    4848    if ( 'attachment' != $post->post_type )
    4949        wp_die( __( 'Unknown post type.' ) );
    50     $post_type_object = get_post_type_object( 'attachment' );
    51     if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) )
     50    if ( ! current_user_can( 'edit_post', $id ) )
    5251        wp_die( __( 'You are not allowed to edit this item.' ) );
    5352
  • trunk/wp-admin/edit.php

    r24207 r24593  
    7979
    8080            foreach( (array) $post_ids as $post_id ) {
    81                 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
     81                if ( !current_user_can( 'delete_post', $post_id) )
    8282                    wp_die( __('You are not allowed to move this item to the Trash.') );
    8383
     
    9898            $untrashed = 0;
    9999            foreach( (array) $post_ids as $post_id ) {
    100                 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
     100                if ( !current_user_can( 'delete_post', $post_id) )
    101101                    wp_die( __('You are not allowed to restore this item from the Trash.') );
    102102
     
    113113                $post_del = get_post($post_id);
    114114
    115                 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
     115                if ( !current_user_can( 'delete_post', $post_id ) )
    116116                    wp_die( __('You are not allowed to delete this item.') );
    117117
  • trunk/wp-admin/includes/class-wp-posts-list-table.php

    r24576 r24593  
    481481        $title = _draft_or_post_title();
    482482        $post_type_object = get_post_type_object( $post->post_type );
    483         $can_edit_post = current_user_can( $post_type_object->cap->edit_post, $post->ID );
     483        $can_edit_post = current_user_can( 'edit_post', $post->ID );
    484484
    485485        $alternate = 'alternate' == $alternate ? '' : 'alternate';
     
    586586                    $actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . esc_attr( __( 'Edit this item inline' ) ) . '">' . __( 'Quick&nbsp;Edit' ) . '</a>';
    587587                }
    588                 if ( current_user_can( $post_type_object->cap->delete_post, $post->ID ) ) {
     588                if ( current_user_can( 'delete_post', $post->ID ) ) {
    589589                    if ( 'trash' == $post->post_status )
    590590                        $actions['untrash'] = "<a title='" . esc_attr( __( 'Restore this item from the Trash' ) ) . "' href='" . wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&amp;action=untrash', $post->ID ) ), 'untrash-post_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
  • trunk/wp-admin/includes/media.php

    r24585 r24593  
    497497    if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
    498498        $post = $_post = get_post($attachment_id, ARRAY_A);
    499         $post_type_object = get_post_type_object( $post[ 'post_type' ] );
    500 
    501         if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
     499
     500        if ( !current_user_can( 'edit_post', $attachment_id ) )
    502501            continue;
    503502
  • trunk/wp-admin/includes/post.php

    r24527 r24593  
    2929    $ptype = get_post_type_object( $post_data['post_type'] );
    3030
    31     if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
     31    if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) {
    3232        if ( 'page' == $post_data['post_type'] )
    3333            return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
     
    173173
    174174    $ptype = get_post_type_object($post_data['post_type']);
    175     if ( !current_user_can( $ptype->cap->edit_post, $post_ID ) ) {
     175    if ( !current_user_can( 'edit_post', $post_ID ) ) {
    176176        if ( 'page' == $post_data['post_type'] )
    177177            wp_die( __('You are not allowed to edit this page.' ));
     
    375375        $post_type_object = get_post_type_object( get_post_type( $post_ID ) );
    376376
    377         if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) {
     377        if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( 'edit_post', $post_ID ) ) {
    378378            $skipped[] = $post_ID;
    379379            continue;
  • trunk/wp-admin/includes/template.php

    r24377 r24593  
    241241function get_inline_data($post) {
    242242    $post_type_object = get_post_type_object($post->post_type);
    243     if ( ! current_user_can($post_type_object->cap->edit_post, $post->ID) )
     243    if ( ! current_user_can( 'edit_post', $post->ID ) )
    244244        return;
    245245
  • trunk/wp-admin/post.php

    r24304 r24593  
    140140        wp_die( __( 'Unknown post type.' ) );
    141141
    142     if ( ! current_user_can( $post_type_object->cap->edit_post, $post_id ) )
     142    if ( ! current_user_can( 'edit_post', $post_id ) )
    143143        wp_die( __( 'You are not allowed to edit this item.' ) );
    144144
     
    236236        wp_die( __( 'Unknown post type.' ) );
    237237
    238     if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
     238    if ( ! current_user_can( 'delete_post', $post_id ) )
    239239        wp_die( __( 'You are not allowed to move this item to the Trash.' ) );
    240240
     
    260260        wp_die( __( 'Unknown post type.' ) );
    261261
    262     if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
     262    if ( ! current_user_can( 'delete_post', $post_id ) )
    263263        wp_die( __( 'You are not allowed to move this item out of the Trash.' ) );
    264264
     
    279279        wp_die( __( 'Unknown post type.' ) );
    280280
    281     if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
     281    if ( ! current_user_can( 'delete_post', $post_id ) )
    282282        wp_die( __( 'You are not allowed to delete this item.' ) );
    283283
  • trunk/wp-includes/admin-bar.php

    r24214 r24593  
    430430            && 'add' != $current_screen->action
    431431            && ( $post_type_object = get_post_type_object( $post->post_type ) )
    432             && current_user_can( $post_type_object->cap->read_post, $post->ID )
     432            && current_user_can( 'read_post', $post->ID )
    433433            && ( $post_type_object->public )
    434434            && ( $post_type_object->show_in_admin_bar ) )
     
    458458        if ( ! empty( $current_object->post_type )
    459459            && ( $post_type_object = get_post_type_object( $current_object->post_type ) )
    460             && current_user_can( $post_type_object->cap->edit_post, $current_object->ID )
     460            && current_user_can( 'edit_post', $current_object->ID )
    461461            && $post_type_object->show_ui && $post_type_object->show_in_admin_bar )
    462462        {
  • trunk/wp-includes/capabilities.php

    r24491 r24593  
    11631163    case 'add_post_meta':
    11641164        $post = get_post( $args[0] );
    1165         $post_type_object = get_post_type_object( $post->post_type );
    1166         $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
     1165        $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
    11671166
    11681167        $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false;
     
    11791178        $comment = get_comment( $args[0] );
    11801179        $post = get_post( $comment->comment_post_ID );
    1181         $post_type_object = get_post_type_object( $post->post_type );
    1182 
    1183         $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
     1180        $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
    11841181        break;
    11851182    case 'unfiltered_upload':
  • trunk/wp-includes/class-wp-xmlrpc-server.php

    r24521 r24593  
    10181018            if ( ! get_post( $post_data['ID'] ) )
    10191019                return new IXR_Error( 401, __( 'Invalid post ID.' ) );
    1020             if ( ! current_user_can( $post_type->cap->edit_post, $post_data['ID'] ) )
     1020            if ( ! current_user_can( 'edit_post', $post_data['ID'] ) )
    10211021                return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
    10221022            if ( $post_data['post_type'] != get_post_type( $post_data['ID'] ) )
     
    13281328            return new IXR_Error( 404, __( 'Invalid post ID.' ) );
    13291329
    1330         $post_type = get_post_type_object( $post['post_type'] );
    1331         if ( ! current_user_can( $post_type->cap->delete_post, $post_id ) )
     1330        if ( ! current_user_can( 'delete_post', $post_id ) )
    13321331            return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) );
    13331332
     
    14101409            return new IXR_Error( 404, __( 'Invalid post ID.' ) );
    14111410
    1412         $post_type = get_post_type_object( $post['post_type'] );
    1413         if ( ! current_user_can( $post_type->cap->edit_post, $post_id ) )
     1411        if ( ! current_user_can( 'edit_post', $post_id ) )
    14141412            return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) );
    14151413
     
    15061504
    15071505        foreach ( $posts_list as $post ) {
    1508             $post_type = get_post_type_object( $post['post_type'] );
    1509             if ( ! current_user_can( $post_type->cap->edit_post, $post['ID'] ) )
     1506            if ( ! current_user_can( 'edit_post', $post['ID'] ) )
    15101507                continue;
    15111508
  • trunk/wp-includes/link-template.php

    r24506 r24593  
    907907        return;
    908908
    909     if ( !current_user_can( $post_type_object->cap->edit_post, $post->ID ) )
     909    if ( !current_user_can( 'edit_post', $post->ID ) )
    910910        return;
    911911
     
    961961        return;
    962962
    963     if ( !current_user_can( $post_type_object->cap->delete_post, $post->ID ) )
     963    if ( !current_user_can( 'delete_post', $post->ID ) )
    964964        return;
    965965
  • trunk/wp-includes/query.php

    r24456 r24593  
    24412441        }
    24422442
     2443        $edit_cap = 'edit_post';
     2444        $read_cap = 'read_post';
     2445
    24432446        if ( ! empty( $post_type_object ) ) {
    2444             $edit_cap = $post_type_object->cap->edit_post;
    2445             $read_cap = $post_type_object->cap->read_post;
    24462447            $edit_others_cap = $post_type_object->cap->edit_others_posts;
    24472448            $read_private_cap = $post_type_object->cap->read_private_posts;
    24482449        } else {
    2449             $edit_cap = 'edit_' . $post_type_cap;
    2450             $read_cap = 'read_' . $post_type_cap;
    24512450            $edit_others_cap = 'edit_others_' . $post_type_cap . 's';
    24522451            $read_private_cap = 'read_private_' . $post_type_cap . 's';
Note: See TracChangeset for help on using the changeset viewer.