Changeset 27390
- Timestamp:
- 03/04/2014 03:08:54 AM (12 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
-
src/wp-includes/capabilities.php (modified) (5 diffs)
-
tests/phpunit/tests/user/capabilities.php (modified) (1 diff)
-
tests/phpunit/tests/user/mapMetaCap.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/capabilities.php
r26126 r27390 1072 1072 } 1073 1073 1074 $post_author_id = $post->post_author; 1075 1076 // If no author set yet, default to current user for cap checks. 1077 if ( ! $post_author_id ) 1078 $post_author_id = $user_id; 1079 1080 // If the user is the author... 1081 if ( $user_id == $post_author_id ) { 1074 // If the post author is set and the user is the author... 1075 if ( $post->post_author && $user_id == $post->post_author ) { 1082 1076 // If the post is published... 1083 1077 if ( 'publish' == $post->post_status ) { 1084 1078 $caps[] = $post_type->cap->delete_published_posts; 1085 1079 } elseif ( 'trash' == $post->post_status ) { 1086 if ( 'publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) )1080 if ( 'publish' == get_post_meta( $post->ID, '_wp_trash_meta_status', true ) ) { 1087 1081 $caps[] = $post_type->cap->delete_published_posts; 1082 } 1088 1083 } else { 1089 1084 // If the post is draft... … … 1094 1089 $caps[] = $post_type->cap->delete_others_posts; 1095 1090 // The post is published, extra cap required. 1096 if ( 'publish' == $post->post_status ) 1091 if ( 'publish' == $post->post_status ) { 1097 1092 $caps[] = $post_type->cap->delete_published_posts; 1098 elseif ( 'private' == $post->post_status )1093 } elseif ( 'private' == $post->post_status ) { 1099 1094 $caps[] = $post_type->cap->delete_private_posts; 1095 } 1100 1096 } 1101 1097 break; … … 1122 1118 } 1123 1119 1124 $post_author_id = $post->post_author; 1125 1126 // If no author set yet, default to current user for cap checks. 1127 if ( ! $post_author_id ) 1128 $post_author_id = $user_id; 1129 1130 // If the user is the author... 1131 if ( $user_id == $post_author_id ) { 1120 // If the post author is set and the user is the author... 1121 if ( $post->post_author && $user_id == $post->post_author ) { 1132 1122 // If the post is published... 1133 1123 if ( 'publish' == $post->post_status ) { 1134 1124 $caps[] = $post_type->cap->edit_published_posts; 1135 1125 } elseif ( 'trash' == $post->post_status ) { 1136 if ( 'publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) )1126 if ( 'publish' == get_post_meta( $post->ID, '_wp_trash_meta_status', true ) ) { 1137 1127 $caps[] = $post_type->cap->edit_published_posts; 1128 } 1138 1129 } else { 1139 1130 // If the post is draft... … … 1144 1135 $caps[] = $post_type->cap->edit_others_posts; 1145 1136 // The post is published, extra cap required. 1146 if ( 'publish' == $post->post_status ) 1137 if ( 'publish' == $post->post_status ) { 1147 1138 $caps[] = $post_type->cap->edit_published_posts; 1148 elseif ( 'private' == $post->post_status )1139 } elseif ( 'private' == $post->post_status ) { 1149 1140 $caps[] = $post_type->cap->edit_private_posts; 1141 } 1150 1142 } 1151 1143 break; … … 1174 1166 } 1175 1167 1176 $post_author_id = $post->post_author; 1177 1178 // If no author set yet, default to current user for cap checks. 1179 if ( ! $post_author_id ) 1180 $post_author_id = $user_id; 1181 1182 if ( $user_id == $post_author_id ) 1168 if ( $post->post_author && $user_id == $post->post_author ) { 1183 1169 $caps[] = $post_type->cap->read; 1184 elseif ( $status_obj->private )1170 } elseif ( $status_obj->private ) { 1185 1171 $caps[] = $post_type->cap->read_private_posts; 1186 else1172 } else { 1187 1173 $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); 1174 } 1188 1175 break; 1189 1176 case 'publish_post': -
trunk/tests/phpunit/tests/user/capabilities.php
r25409 r27390 523 523 $this->assertFalse( $admin->has_cap('delete_post_meta', $post, 'not_protected') ); 524 524 } 525 } 526 527 function authorless_post_statuses() { 528 return array( array( 'draft' ), array( 'private' ), array( 'publish' ) ); 529 } 530 531 /** 532 * @ticket 27020 533 * @dataProvider authorless_post_statuses 534 */ 535 function test_authorless_post( $status ) { 536 // Make a post without an author 537 $post = $this->factory->post->create( array( 'post_author' => 0, 'post_type' => 'post', 'post_status' => $status ) ); 538 539 // Add an editor and contributor 540 $editor = $this->factory->user->create_and_get( array( 'role' => 'editor' ) ); 541 $contributor = $this->factory->user->create_and_get( array( 'role' => 'contributor' ) ); 542 543 // editor can edit, view, and trash 544 $this->assertTrue( $editor->has_cap( 'edit_post', $post ) ); 545 $this->assertTrue( $editor->has_cap( 'delete_post', $post ) ); 546 $this->assertTrue( $editor->has_cap( 'read_post', $post ) ); 547 548 // a contributor cannot (except read a published post) 549 $this->assertFalse( $contributor->has_cap( 'edit_post', $post ) ); 550 $this->assertFalse( $contributor->has_cap( 'delete_post', $post ) ); 551 $this->assertEquals( $status === 'publish', $contributor->has_cap( 'read_post', $post ) ); 525 552 } 526 553 -
trunk/tests/phpunit/tests/user/mapMetaCap.php
r25002 r27390 233 233 $this->assertEquals( array( 'edit_plugins' ), map_meta_cap( 'edit_plugins', $this->user_id ) ); 234 234 } 235 236 /** 237 * Test a post without an author. 238 * 239 * @ticket 27020 240 */ 241 function test_authorless_posts_capabilties() { 242 $post_id = $this->factory->post->create( array( 'post_author' => 0, 'post_type' => 'post', 'post_status' => 'publish' ) ); 243 $editor = $this->factory->user->create( array( 'role' => 'editor' ) ); 244 245 $this->assertEquals( array( 'edit_others_posts', 'edit_published_posts' ), map_meta_cap( 'edit_post', $editor, $post_id ) ); 246 $this->assertEquals( array( 'delete_others_posts', 'delete_published_posts' ), map_meta_cap( 'delete_post', $editor, $post_id ) ); 247 248 } 235 249 }
Note: See TracChangeset
for help on using the changeset viewer.