Changeset 3513
- Timestamp:
- 02/11/2006 09:56:02 AM (19 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-functions.php
r3510 r3513 5 5 global $user_ID; 6 6 7 if (!current_user_can('edit_posts')) 8 die(__('You are not allowed to create posts or drafts on this blog.')); 7 if ( 'page' == $_POST['post_type'] ) { 8 if ( !current_user_can('edit_pages') ) 9 die(__('You are not allowed to create pages on this blog.')); 10 } else { 11 if ( !current_user_can('edit_posts') ) 12 die(__('You are not allowed to create posts or drafts on this blog.')); 13 } 9 14 10 15 // Rename. … … 16 21 if (!empty ($_POST['post_author_override'])) { 17 22 $_POST['post_author'] = (int) $_POST['post_author_override']; 18 } else 23 } else { 19 24 if (!empty ($_POST['post_author'])) { 20 25 $_POST['post_author'] = (int) $_POST['post_author']; … … 23 28 } 24 29 25 if (($_POST['post_author'] != $_POST['user_ID']) && !current_user_can('edit_others_posts')) 26 die(__('You cannot post as this user.')); 30 } 31 32 if ($_POST['post_author'] != $_POST['user_ID']) { 33 if ( 'page' == $_POST['post_type'] ) { 34 if ( !current_user_can('edit_others_pages') ) 35 die(__('You cannot create pages as this user.')); 36 } else { 37 if ( !current_user_can('edit_others_posts') ) 38 die(__('You cannot post as this user.')); 39 40 } 41 } 27 42 28 43 // What to do based on which button they pressed … … 35 50 if ('' != $_POST['advanced']) 36 51 $_POST['post_status'] = 'draft'; 37 //if ('' != $_POST['savepage']) { 38 // $_POST['post_status'] = 'draft';39 40 if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts'))41 $_POST['post_status'] = 'draft';42 43 if ('page' == $_POST['post_type'] && !current_user_can('edit_pages'))44 die(__('This user cannot edit pages.'));52 53 if ( 'page' == $_POST['post_type'] ) { 54 if ('publish' == $_POST['post_status'] && !current_user_can('publish_pages')) 55 $_POST['post_status'] = 'draft'; 56 } else { 57 if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) 58 $_POST['post_status'] = 'draft'; 59 } 45 60 46 61 if (!empty ($_POST['edit_date'])) { … … 124 139 $post_ID = (int) $_POST['post_ID']; 125 140 126 if (!current_user_can('edit_post', $post_ID)) 127 die(__('You are not allowed to edit this post.')); 141 if ( 'page' == $_POST['post_type'] ) { 142 if ( !current_user_can('edit_page', $post_ID) ) 143 die(__('You are not allowed to edit this page.')); 144 } else { 145 if ( !current_user_can('edit_post', $post_ID) ) 146 die(__('You are not allowed to edit this post.')); 147 } 128 148 129 149 // Rename. … … 143 163 } 144 164 145 if (($_POST['post_author'] != $_POST['user_ID']) && !current_user_can('edit_others_posts')) 146 die(__('You cannot post as this user.')); 165 if ($_POST['post_author'] != $_POST['user_ID']) { 166 if ( 'page' == $_POST['post_type'] ) { 167 if ( !current_user_can('edit_others_pages') ) 168 die(__('You cannot edit pages as this user.')); 169 } else { 170 if ( !current_user_can('edit_others_posts') ) 171 die(__('You cannot edit posts as this user.')); 172 173 } 174 } 147 175 148 176 // What to do based on which button they pressed … … 155 183 if ('' != $_POST['advanced']) 156 184 $_POST['post_status'] = 'draft'; 157 //if ('' != $_POST['savepage']) 158 // $_POST['post_status'] = 'static';159 160 if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts'))161 $_POST['post_status'] = 'draft';162 163 if ('static' == $_POST['post_status'] && !current_user_can('edit_pages'))164 die(__('This user cannot edit pages.'));185 186 if ( 'page' == $_POST['post_type'] ) { 187 if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_pages')) 188 $_POST['post_status'] = 'draft'; 189 } else { 190 if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_posts')) 191 $_POST['post_status'] = 'draft'; 192 } 165 193 166 194 if (!isset ($_POST['comment_status'])) -
trunk/wp-admin/edit-page-form.php
r3510 r3513 66 66 67 67 <fieldset id="passworddiv" class="dbx-box"> 68 <h3 class="dbx-handle"><?php _e('Password-Protect P ost') ?></h3>68 <h3 class="dbx-handle"><?php _e('Password-Protect Page') ?></h3> 69 69 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div> 70 70 </fieldset> … … 91 91 92 92 <fieldset id="slugdiv" class="dbx-box"> 93 <h3 class="dbx-handle"><?php _e('P ostslug') ?></h3>93 <h3 class="dbx-handle"><?php _e('Page slug') ?></h3> 94 94 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div> 95 95 </fieldset> … … 97 97 <?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?> 98 98 <fieldset id="authordiv" class="dbx-box"> 99 <h3 class="dbx-handle"><?php _e('P ostauthor'); ?>:</h3>99 <h3 class="dbx-handle"><?php _e('Page author'); ?>:</h3> 100 100 <div class="dbx-content"> 101 101 <select name="post_author_override" id="post_author_override"> -
trunk/wp-admin/edit-pages.php
r3510 r3513 44 44 foreach ( $posts as $post ) : 45 45 $class = ('alternate' != $class) ? 'alternate' : ''; ?> 46 <tr id='page-<?php echo $ id; ?>' class='<?php echo $class; ?>'>46 <tr id='page-<?php echo $post->ID; ?>' class='<?php echo $class; ?>'> 47 47 <th scope="row"><?php echo $post->ID; ?></th> 48 48 <td> … … 52 52 <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 53 53 <td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td> 54 <td><?php if ( current_user_can('edit_page s') ) { echo "<a href='post.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>55 <td><?php if ( current_user_can(' edit_pages') ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>54 <td><?php if ( current_user_can('edit_page', $post->ID) ) { echo "<a href='post.php?action=edit&post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td> 55 <td><?php if ( current_user_can('delete_page', $post->ID) ) { echo "<a href='post.php?action=delete&post=$post->ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 56 56 </tr> 57 57 <?php -
trunk/wp-admin/edit.php
r3422 r3513 211 211 case 'control_delete': 212 212 ?> 213 <td><?php if ( current_user_can(' edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>213 <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 214 214 <?php 215 215 break; -
trunk/wp-admin/upgrade-functions.php
r3510 r3513 34 34 upgrade_160(); 35 35 36 if ( $wp_current_db_version < 35 06)36 if ( $wp_current_db_version < 3513 ) 37 37 upgrade_210(); 38 38 … … 333 333 global $wpdb, $table_prefix, $wp_current_db_version; 334 334 335 // Update status and type. 336 $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts"); 337 338 if ( ! empty($posts) ) foreach ($posts as $post) { 339 $status = $post->post_status; 340 $type = 'post'; 341 342 if ( 'static' == $status ) { 343 $status = 'publish'; 344 $type = 'page'; 345 } else if ( 'attachment' == $status ) { 346 $status = 'inherit'; 347 $type = 'attachment'; 348 } 335 if ( $wp_current_db_version < 3506 ) { 336 // Update status and type. 337 $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts"); 338 339 if ( ! empty($posts) ) foreach ($posts as $post) { 340 $status = $post->post_status; 341 $type = 'post'; 342 343 if ( 'static' == $status ) { 344 $status = 'publish'; 345 $type = 'page'; 346 } else if ( 'attachment' == $status ) { 347 $status = 'inherit'; 348 $type = 'attachment'; 349 } 349 350 350 $wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'"); 351 $wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'"); 352 } 353 } 354 355 if ( $wp_current_db_version < 3513 ) { 356 populate_roles_210(); 351 357 } 352 358 } -
trunk/wp-admin/upgrade-schema.php
r3510 r3513 245 245 246 246 function populate_roles() { 247 populate_roles_160(); 247 populate_roles_160(); 248 populate_roles_210(); 248 249 } 249 250 … … 337 338 } 338 339 340 function populate_roles_210() { 341 $roles = array('administrator', 'editor'); 342 foreach ($roles as $role) { 343 $role = get_role($role); 344 if ( empty($role) ) 345 continue; 346 347 $role->add_cap('edit_others_pages'); 348 $role->add_cap('edit_published_pages'); 349 $role->add_cap('publish_pages'); 350 $role->add_cap('delete_pages'); 351 $role->add_cap('delete_others_pages'); 352 $role->add_cap('delete_published_pages'); 353 $role->add_cap('delete_posts'); 354 $role->add_cap('delete_others_posts'); 355 $role->add_cap('delete_published_posts'); 356 } 357 358 $role = get_role('author'); 359 if ( ! empty($role) ) { 360 $role->add_cap('delete_posts'); 361 $role->add_cap('delete_published_posts'); 362 } 363 364 $role = get_role('contributor'); 365 if ( ! empty($role) ) { 366 $role->add_cap('delete_posts'); 367 } 368 } 369 339 370 ?> -
trunk/wp-includes/capabilities.php
r3482 r3513 254 254 255 255 switch ($cap) { 256 case 'delete_post': 257 $author_data = get_userdata($user_id); 258 //echo "post ID: {$args[0]}<br/>"; 259 $post = get_post($args[0]); 260 $post_author_data = get_userdata($post->post_author); 261 //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br/>"; 262 // If the user is the author... 263 if ($user_id == $post_author_data->ID) { 264 // If the post is published... 265 if ($post->post_status == 'publish') 266 $caps[] = 'delete_published_posts'; 267 else 268 // If the post is draft... 269 $caps[] = 'delete_posts'; 270 } else { 271 // The user is trying to edit someone else's post. 272 $caps[] = 'delete_others_posts'; 273 // The post is published, extra cap required. 274 if ($post->post_status == 'publish') 275 $caps[] = 'delete_published_posts'; 276 } 277 break; 278 case 'delete_page': 279 $author_data = get_userdata($user_id); 280 //echo "post ID: {$args[0]}<br/>"; 281 $page = get_page($args[0]); 282 $page_author_data = get_userdata($post->post_author); 283 //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br/>"; 284 // If the user is the author... 285 if ($user_id == $page_author_data->ID) { 286 // If the page is published... 287 if ($page->post_status == 'publish') 288 $caps[] = 'delete_published_pages'; 289 else 290 // If the page is draft... 291 $caps[] = 'delete_pages'; 292 } else { 293 // The user is trying to edit someone else's page. 294 $caps[] = 'delete_others_pages'; 295 // The page is published, extra cap required. 296 if ($page->post_status == 'publish') 297 $caps[] = 'delete_published_pages'; 298 } 299 break; 256 300 // edit_post breaks down to edit_posts, edit_published_posts, or 257 301 // edit_others_posts … … 267 311 if ($post->post_status == 'publish') 268 312 $caps[] = 'edit_published_posts'; 269 else if ($post->post_status == 'static')270 $caps[] = 'edit_pages';271 313 else 272 314 // If the post is draft... 273 315 $caps[] = 'edit_posts'; 274 316 } else { 275 if ($post->post_status == 'static') {276 $caps[] = 'edit_pages';277 break;278 }279 280 317 // The user is trying to edit someone else's post. 281 318 $caps[] = 'edit_others_posts'; … … 283 320 if ($post->post_status == 'publish') 284 321 $caps[] = 'edit_published_posts'; 322 } 323 break; 324 case 'edit_page': 325 $author_data = get_userdata($user_id); 326 //echo "post ID: {$args[0]}<br/>"; 327 $page = get_page($args[0]); 328 $page_author_data = get_userdata($post->post_author); 329 //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br/>"; 330 // If the user is the author... 331 if ($user_id == $page_author_data->ID) { 332 // If the page is published... 333 if ($page->post_status == 'publish') 334 $caps[] = 'edit_published_pages'; 335 else 336 // If the page is draft... 337 $caps[] = 'edit_pages'; 338 } else { 339 // The user is trying to edit someone else's page. 340 $caps[] = 'edit_others_pages'; 341 // The page is published, extra cap required. 342 if ($page->post_status == 'publish') 343 $caps[] = 'edit_published_pages'; 285 344 } 286 345 break; -
trunk/wp-includes/version.php
r3510 r3513 4 4 5 5 $wp_version = '2.1-aplha1'; 6 $wp_db_version = 35 06;6 $wp_db_version = 3513; 7 7 8 8 ?>
Note: See TracChangeset
for help on using the changeset viewer.