WordPress.org

Make WordPress Core

Changeset 3513


Ignore:
Timestamp:
02/11/06 09:56:02 (9 years ago)
Author:
ryan
Message:

Add new page caps now that pages can be draft or publish. Brings page caps to parity with posts. Add delete caps for posts and pages. fixes #2382 #2336 #2301

Location:
trunk
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-functions.php

    r3510 r3513  
    55    global $user_ID; 
    66 
    7     if (!current_user_can('edit_posts')) 
    8         die(__('You are not allowed to create posts or drafts on this blog.')); 
     7    if ( 'page' == $_POST['post_type'] ) { 
     8        if ( !current_user_can('edit_pages') ) 
     9            die(__('You are not allowed to create pages on this blog.'));    
     10    } else { 
     11        if ( !current_user_can('edit_posts') ) 
     12            die(__('You are not allowed to create posts or drafts on this blog.')); 
     13    } 
    914 
    1015    // Rename. 
     
    1621    if (!empty ($_POST['post_author_override'])) { 
    1722        $_POST['post_author'] = (int) $_POST['post_author_override']; 
    18     } else 
     23    } else { 
    1924        if (!empty ($_POST['post_author'])) { 
    2025            $_POST['post_author'] = (int) $_POST['post_author']; 
     
    2328        } 
    2429 
    25     if (($_POST['post_author'] != $_POST['user_ID']) && !current_user_can('edit_others_posts')) 
    26         die(__('You cannot post as this user.')); 
     30    } 
     31 
     32    if ($_POST['post_author'] != $_POST['user_ID']) { 
     33        if ( 'page' == $_POST['post_type'] ) {       
     34            if ( !current_user_can('edit_others_pages') ) 
     35                die(__('You cannot create pages as this user.')); 
     36        } else { 
     37            if ( !current_user_can('edit_others_posts') ) 
     38                die(__('You cannot post as this user.')); 
     39             
     40        } 
     41    } 
    2742 
    2843    // What to do based on which button they pressed 
     
    3550    if ('' != $_POST['advanced']) 
    3651        $_POST['post_status'] = 'draft'; 
    37     //if ('' != $_POST['savepage']) { 
    38     //  $_POST['post_status'] = 'draft'; 
    39  
    40     if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) 
    41         $_POST['post_status'] = 'draft'; 
    42  
    43     if ('page' == $_POST['post_type'] && !current_user_can('edit_pages')) 
    44         die(__('This user cannot edit pages.')); 
     52 
     53    if ( 'page' == $_POST['post_type'] ) { 
     54        if ('publish' == $_POST['post_status'] && !current_user_can('publish_pages')) 
     55            $_POST['post_status'] = 'draft';     
     56    } else { 
     57        if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) 
     58            $_POST['post_status'] = 'draft'; 
     59    } 
    4560 
    4661    if (!empty ($_POST['edit_date'])) { 
     
    124139    $post_ID = (int) $_POST['post_ID']; 
    125140 
    126     if (!current_user_can('edit_post', $post_ID)) 
    127         die(__('You are not allowed to edit this post.')); 
     141    if ( 'page' == $_POST['post_type'] ) { 
     142        if ( !current_user_can('edit_page', $post_ID) ) 
     143            die(__('You are not allowed to edit this page.'));   
     144    } else { 
     145        if ( !current_user_can('edit_post', $post_ID) ) 
     146            die(__('You are not allowed to edit this post.')); 
     147    } 
    128148 
    129149    // Rename. 
     
    143163        } 
    144164 
    145     if (($_POST['post_author'] != $_POST['user_ID']) && !current_user_can('edit_others_posts')) 
    146         die(__('You cannot post as this user.')); 
     165    if ($_POST['post_author'] != $_POST['user_ID']) { 
     166        if ( 'page' == $_POST['post_type'] ) {       
     167            if ( !current_user_can('edit_others_pages') ) 
     168                die(__('You cannot edit pages as this user.')); 
     169        } else { 
     170            if ( !current_user_can('edit_others_posts') ) 
     171                die(__('You cannot edit posts as this user.')); 
     172             
     173        } 
     174    } 
    147175 
    148176    // What to do based on which button they pressed 
     
    155183    if ('' != $_POST['advanced']) 
    156184        $_POST['post_status'] = 'draft'; 
    157     //if ('' != $_POST['savepage']) 
    158     //  $_POST['post_status'] = 'static'; 
    159  
    160     if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) 
    161         $_POST['post_status'] = 'draft'; 
    162  
    163     if ('static' == $_POST['post_status'] && !current_user_can('edit_pages')) 
    164         die(__('This user cannot edit pages.')); 
     185 
     186    if ( 'page' == $_POST['post_type'] ) { 
     187        if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_pages')) 
     188            $_POST['post_status'] = 'draft';     
     189    } else { 
     190        if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_posts')) 
     191            $_POST['post_status'] = 'draft'; 
     192    } 
    165193 
    166194    if (!isset ($_POST['comment_status'])) 
  • trunk/wp-admin/edit-page-form.php

    r3510 r3513  
    6666 
    6767<fieldset id="passworddiv" class="dbx-box"> 
    68 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3>  
     68<h3 class="dbx-handle"><?php _e('Password-Protect Page') ?></h3>  
    6969<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div> 
    7070</fieldset> 
     
    9191 
    9292<fieldset id="slugdiv" class="dbx-box"> 
    93 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3>  
     93<h3 class="dbx-handle"><?php _e('Page slug') ?></h3>  
    9494<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div> 
    9595</fieldset> 
     
    9797<?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?> 
    9898<fieldset id="authordiv" class="dbx-box"> 
    99 <h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3> 
     99<h3 class="dbx-handle"><?php _e('Page author'); ?>:</h3> 
    100100<div class="dbx-content"> 
    101101<select name="post_author_override" id="post_author_override"> 
  • trunk/wp-admin/edit-pages.php

    r3510 r3513  
    4444foreach ( $posts as $post ) :  
    4545    $class = ('alternate' != $class) ? 'alternate' : ''; ?> 
    46   <tr id='page-<?php echo $id; ?>' class='<?php echo $class; ?>'>  
     46  <tr id='page-<?php echo $post->ID; ?>' class='<?php echo $class; ?>'>  
    4747    <th scope="row"><?php echo $post->ID; ?></th>  
    4848    <td> 
     
    5252    <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>  
    5353    <td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td> 
    54     <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>  
    55     <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>  
     54    <td><?php if ( current_user_can('edit_page', $post->ID) ) { echo "<a href='post.php?action=edit&amp;post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>  
     55    <td><?php if ( current_user_can('delete_page', $post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$post->ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>  
    5656  </tr> 
    5757<?php 
  • trunk/wp-admin/edit.php

    r3422 r3513  
    211211    case 'control_delete': 
    212212        ?> 
    213         <td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
     213        <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
    214214        <?php 
    215215        break; 
  • trunk/wp-admin/upgrade-functions.php

    r3510 r3513  
    3434        upgrade_160(); 
    3535 
    36     if ( $wp_current_db_version < 3506 ) 
     36    if ( $wp_current_db_version < 3513 ) 
    3737        upgrade_210(); 
    3838 
     
    333333    global $wpdb, $table_prefix, $wp_current_db_version; 
    334334 
    335     // Update status and type. 
    336     $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts"); 
    337      
    338     if ( ! empty($posts) ) foreach ($posts as $post) { 
    339         $status = $post->post_status; 
    340         $type = 'post'; 
    341  
    342         if ( 'static' == $status ) { 
    343             $status = 'publish'; 
    344             $type = 'page'; 
    345         } else if ( 'attachment' == $status ) { 
    346             $status = 'inherit'; 
    347             $type = 'attachment';    
    348         } 
     335    if ( $wp_current_db_version < 3506 ) { 
     336        // Update status and type. 
     337        $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts"); 
     338     
     339        if ( ! empty($posts) ) foreach ($posts as $post) { 
     340            $status = $post->post_status; 
     341            $type = 'post'; 
     342 
     343            if ( 'static' == $status ) { 
     344                $status = 'publish'; 
     345                $type = 'page'; 
     346            } else if ( 'attachment' == $status ) { 
     347                $status = 'inherit'; 
     348                $type = 'attachment';    
     349            } 
    349350         
    350         $wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'"); 
     351            $wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'"); 
     352        } 
     353    } 
     354     
     355    if ( $wp_current_db_version < 3513 ) { 
     356        populate_roles_210();    
    351357    } 
    352358} 
  • trunk/wp-admin/upgrade-schema.php

    r3510 r3513  
    245245 
    246246function populate_roles() { 
    247     populate_roles_160();    
     247    populate_roles_160(); 
     248    populate_roles_210(); 
    248249} 
    249250 
     
    337338} 
    338339 
     340function populate_roles_210() { 
     341    $roles = array('administrator', 'editor'); 
     342    foreach ($roles as $role) { 
     343        $role = get_role($role); 
     344        if ( empty($role) ) 
     345            continue; 
     346 
     347        $role->add_cap('edit_others_pages'); 
     348        $role->add_cap('edit_published_pages'); 
     349        $role->add_cap('publish_pages'); 
     350        $role->add_cap('delete_pages'); 
     351        $role->add_cap('delete_others_pages'); 
     352        $role->add_cap('delete_published_pages'); 
     353        $role->add_cap('delete_posts'); 
     354        $role->add_cap('delete_others_posts'); 
     355        $role->add_cap('delete_published_posts'); 
     356    } 
     357     
     358    $role = get_role('author');  
     359    if ( ! empty($role) ) { 
     360        $role->add_cap('delete_posts'); 
     361        $role->add_cap('delete_published_posts');        
     362    } 
     363 
     364    $role = get_role('contributor');     
     365    if ( ! empty($role) ) { 
     366        $role->add_cap('delete_posts'); 
     367    } 
     368} 
     369 
    339370?> 
  • trunk/wp-includes/capabilities.php

    r3482 r3513  
    254254 
    255255    switch ($cap) { 
     256    case 'delete_post': 
     257        $author_data = get_userdata($user_id); 
     258        //echo "post ID: {$args[0]}<br/>"; 
     259        $post = get_post($args[0]); 
     260        $post_author_data = get_userdata($post->post_author); 
     261        //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br/>"; 
     262        // If the user is the author... 
     263        if ($user_id == $post_author_data->ID) { 
     264            // If the post is published... 
     265            if ($post->post_status == 'publish') 
     266                $caps[] = 'delete_published_posts'; 
     267            else 
     268                // If the post is draft... 
     269                $caps[] = 'delete_posts'; 
     270        } else { 
     271            // The user is trying to edit someone else's post. 
     272            $caps[] = 'delete_others_posts'; 
     273            // The post is published, extra cap required. 
     274            if ($post->post_status == 'publish') 
     275                $caps[] = 'delete_published_posts'; 
     276        } 
     277        break; 
     278    case 'delete_page': 
     279        $author_data = get_userdata($user_id); 
     280        //echo "post ID: {$args[0]}<br/>"; 
     281        $page = get_page($args[0]); 
     282        $page_author_data = get_userdata($post->post_author); 
     283        //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br/>"; 
     284        // If the user is the author... 
     285        if ($user_id == $page_author_data->ID) { 
     286            // If the page is published... 
     287            if ($page->post_status == 'publish') 
     288                $caps[] = 'delete_published_pages'; 
     289            else 
     290                // If the page is draft... 
     291                $caps[] = 'delete_pages'; 
     292        } else { 
     293            // The user is trying to edit someone else's page. 
     294            $caps[] = 'delete_others_pages'; 
     295            // The page is published, extra cap required. 
     296            if ($page->post_status == 'publish') 
     297                $caps[] = 'delete_published_pages'; 
     298        } 
     299        break; 
    256300        // edit_post breaks down to edit_posts, edit_published_posts, or 
    257301        // edit_others_posts 
     
    267311            if ($post->post_status == 'publish') 
    268312                $caps[] = 'edit_published_posts'; 
    269             else if ($post->post_status == 'static') 
    270                 $caps[] = 'edit_pages'; 
    271313            else 
    272314                // If the post is draft... 
    273315                $caps[] = 'edit_posts'; 
    274316        } else { 
    275             if ($post->post_status == 'static') { 
    276                 $caps[] = 'edit_pages'; 
    277                 break; 
    278             } 
    279  
    280317            // The user is trying to edit someone else's post. 
    281318            $caps[] = 'edit_others_posts'; 
     
    283320            if ($post->post_status == 'publish') 
    284321                $caps[] = 'edit_published_posts'; 
     322        } 
     323        break; 
     324    case 'edit_page': 
     325        $author_data = get_userdata($user_id); 
     326        //echo "post ID: {$args[0]}<br/>"; 
     327        $page = get_page($args[0]); 
     328        $page_author_data = get_userdata($post->post_author); 
     329        //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br/>"; 
     330        // If the user is the author... 
     331        if ($user_id == $page_author_data->ID) { 
     332            // If the page is published... 
     333            if ($page->post_status == 'publish') 
     334                $caps[] = 'edit_published_pages'; 
     335            else 
     336                // If the page is draft... 
     337                $caps[] = 'edit_pages'; 
     338        } else { 
     339            // The user is trying to edit someone else's page. 
     340            $caps[] = 'edit_others_pages'; 
     341            // The page is published, extra cap required. 
     342            if ($page->post_status == 'publish') 
     343                $caps[] = 'edit_published_pages'; 
    285344        } 
    286345        break; 
  • trunk/wp-includes/version.php

    r3510 r3513  
    44 
    55$wp_version = '2.1-aplha1'; 
    6 $wp_db_version = 3506; 
     6$wp_db_version = 3513; 
    77 
    88?> 
Note: See TracChangeset for help on using the changeset viewer.