WordPress.org

Make WordPress Core

Changeset 3513


Ignore:
Timestamp:
02/11/2006 09:56:02 AM (12 years ago)
Author:
ryan
Message:

Add new page caps now that pages can be draft or publish. Brings page caps to parity with posts. Add delete caps for posts and pages. fixes #2382 #2336 #2301

Location:
trunk
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-functions.php

    r3510 r3513  
    55    global $user_ID;
    66
    7     if (!current_user_can('edit_posts'))
    8         die(__('You are not allowed to create posts or drafts on this blog.'));
     7    if ( 'page' == $_POST['post_type'] ) {
     8        if ( !current_user_can('edit_pages') )
     9            die(__('You are not allowed to create pages on this blog.'));   
     10    } else {
     11        if ( !current_user_can('edit_posts') )
     12            die(__('You are not allowed to create posts or drafts on this blog.'));
     13    }
    914
    1015    // Rename.
     
    1621    if (!empty ($_POST['post_author_override'])) {
    1722        $_POST['post_author'] = (int) $_POST['post_author_override'];
    18     } else
     23    } else {
    1924        if (!empty ($_POST['post_author'])) {
    2025            $_POST['post_author'] = (int) $_POST['post_author'];
     
    2328        }
    2429
    25     if (($_POST['post_author'] != $_POST['user_ID']) && !current_user_can('edit_others_posts'))
    26         die(__('You cannot post as this user.'));
     30    }
     31
     32    if ($_POST['post_author'] != $_POST['user_ID']) {
     33        if ( 'page' == $_POST['post_type'] ) {     
     34            if ( !current_user_can('edit_others_pages') )
     35                die(__('You cannot create pages as this user.'));
     36        } else {
     37            if ( !current_user_can('edit_others_posts') )
     38                die(__('You cannot post as this user.'));
     39           
     40        }
     41    }
    2742
    2843    // What to do based on which button they pressed
     
    3550    if ('' != $_POST['advanced'])
    3651        $_POST['post_status'] = 'draft';
    37     //if ('' != $_POST['savepage']) {
    38     //  $_POST['post_status'] = 'draft';
    39 
    40     if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts'))
    41         $_POST['post_status'] = 'draft';
    42 
    43     if ('page' == $_POST['post_type'] && !current_user_can('edit_pages'))
    44         die(__('This user cannot edit pages.'));
     52
     53    if ( 'page' == $_POST['post_type'] ) {
     54        if ('publish' == $_POST['post_status'] && !current_user_can('publish_pages'))
     55            $_POST['post_status'] = 'draft';   
     56    } else {
     57        if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts'))
     58            $_POST['post_status'] = 'draft';
     59    }
    4560
    4661    if (!empty ($_POST['edit_date'])) {
     
    124139    $post_ID = (int) $_POST['post_ID'];
    125140
    126     if (!current_user_can('edit_post', $post_ID))
    127         die(__('You are not allowed to edit this post.'));
     141    if ( 'page' == $_POST['post_type'] ) {
     142        if ( !current_user_can('edit_page', $post_ID) )
     143            die(__('You are not allowed to edit this page.')); 
     144    } else {
     145        if ( !current_user_can('edit_post', $post_ID) )
     146            die(__('You are not allowed to edit this post.'));
     147    }
    128148
    129149    // Rename.
     
    143163        }
    144164
    145     if (($_POST['post_author'] != $_POST['user_ID']) && !current_user_can('edit_others_posts'))
    146         die(__('You cannot post as this user.'));
     165    if ($_POST['post_author'] != $_POST['user_ID']) {
     166        if ( 'page' == $_POST['post_type'] ) {     
     167            if ( !current_user_can('edit_others_pages') )
     168                die(__('You cannot edit pages as this user.'));
     169        } else {
     170            if ( !current_user_can('edit_others_posts') )
     171                die(__('You cannot edit posts as this user.'));
     172           
     173        }
     174    }
    147175
    148176    // What to do based on which button they pressed
     
    155183    if ('' != $_POST['advanced'])
    156184        $_POST['post_status'] = 'draft';
    157     //if ('' != $_POST['savepage'])
    158     //  $_POST['post_status'] = 'static';
    159 
    160     if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts'))
    161         $_POST['post_status'] = 'draft';
    162 
    163     if ('static' == $_POST['post_status'] && !current_user_can('edit_pages'))
    164         die(__('This user cannot edit pages.'));
     185
     186    if ( 'page' == $_POST['post_type'] ) {
     187        if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_pages'))
     188            $_POST['post_status'] = 'draft';   
     189    } else {
     190        if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_posts'))
     191            $_POST['post_status'] = 'draft';
     192    }
    165193
    166194    if (!isset ($_POST['comment_status']))
  • trunk/wp-admin/edit-page-form.php

    r3510 r3513  
    6666
    6767<fieldset id="passworddiv" class="dbx-box">
    68 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3>
     68<h3 class="dbx-handle"><?php _e('Password-Protect Page') ?></h3>
    6969<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
    7070</fieldset>
     
    9191
    9292<fieldset id="slugdiv" class="dbx-box">
    93 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3>
     93<h3 class="dbx-handle"><?php _e('Page slug') ?></h3>
    9494<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
    9595</fieldset>
     
    9797<?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
    9898<fieldset id="authordiv" class="dbx-box">
    99 <h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3>
     99<h3 class="dbx-handle"><?php _e('Page author'); ?>:</h3>
    100100<div class="dbx-content">
    101101<select name="post_author_override" id="post_author_override">
  • trunk/wp-admin/edit-pages.php

    r3510 r3513  
    4444foreach ( $posts as $post ) :
    4545    $class = ('alternate' != $class) ? 'alternate' : ''; ?>
    46   <tr id='page-<?php echo $id; ?>' class='<?php echo $class; ?>'>
     46  <tr id='page-<?php echo $post->ID; ?>' class='<?php echo $class; ?>'>
    4747    <th scope="row"><?php echo $post->ID; ?></th>
    4848    <td>
     
    5252    <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
    5353    <td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
    54     <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
    55     <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
     54    <td><?php if ( current_user_can('edit_page', $post->ID) ) { echo "<a href='post.php?action=edit&amp;post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
     55    <td><?php if ( current_user_can('delete_page', $post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$post->ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
    5656  </tr>
    5757<?php
  • trunk/wp-admin/edit.php

    r3422 r3513  
    211211    case 'control_delete':
    212212        ?>
    213         <td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
     213        <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
    214214        <?php
    215215        break;
  • trunk/wp-admin/upgrade-functions.php

    r3510 r3513  
    3434        upgrade_160();
    3535
    36     if ( $wp_current_db_version < 3506 )
     36    if ( $wp_current_db_version < 3513 )
    3737        upgrade_210();
    3838
     
    333333    global $wpdb, $table_prefix, $wp_current_db_version;
    334334
    335     // Update status and type.
    336     $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts");
    337    
    338     if ( ! empty($posts) ) foreach ($posts as $post) {
    339         $status = $post->post_status;
    340         $type = 'post';
    341 
    342         if ( 'static' == $status ) {
    343             $status = 'publish';
    344             $type = 'page';
    345         } else if ( 'attachment' == $status ) {
    346             $status = 'inherit';
    347             $type = 'attachment';   
    348         }
     335    if ( $wp_current_db_version < 3506 ) {
     336        // Update status and type.
     337        $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts");
     338   
     339        if ( ! empty($posts) ) foreach ($posts as $post) {
     340            $status = $post->post_status;
     341            $type = 'post';
     342
     343            if ( 'static' == $status ) {
     344                $status = 'publish';
     345                $type = 'page';
     346            } else if ( 'attachment' == $status ) {
     347                $status = 'inherit';
     348                $type = 'attachment';   
     349            }
    349350       
    350         $wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'");
     351            $wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'");
     352        }
     353    }
     354   
     355    if ( $wp_current_db_version < 3513 ) {
     356        populate_roles_210();   
    351357    }
    352358}
  • trunk/wp-admin/upgrade-schema.php

    r3510 r3513  
    245245
    246246function populate_roles() {
    247     populate_roles_160();   
     247    populate_roles_160();
     248    populate_roles_210();
    248249}
    249250
     
    337338}
    338339
     340function populate_roles_210() {
     341    $roles = array('administrator', 'editor');
     342    foreach ($roles as $role) {
     343        $role = get_role($role);
     344        if ( empty($role) )
     345            continue;
     346
     347        $role->add_cap('edit_others_pages');
     348        $role->add_cap('edit_published_pages');
     349        $role->add_cap('publish_pages');
     350        $role->add_cap('delete_pages');
     351        $role->add_cap('delete_others_pages');
     352        $role->add_cap('delete_published_pages');
     353        $role->add_cap('delete_posts');
     354        $role->add_cap('delete_others_posts');
     355        $role->add_cap('delete_published_posts');
     356    }
     357   
     358    $role = get_role('author');
     359    if ( ! empty($role) ) {
     360        $role->add_cap('delete_posts');
     361        $role->add_cap('delete_published_posts');       
     362    }
     363
     364    $role = get_role('contributor');   
     365    if ( ! empty($role) ) {
     366        $role->add_cap('delete_posts');
     367    }
     368}
     369
    339370?>
  • trunk/wp-includes/capabilities.php

    r3482 r3513  
    254254
    255255    switch ($cap) {
     256    case 'delete_post':
     257        $author_data = get_userdata($user_id);
     258        //echo "post ID: {$args[0]}<br/>";
     259        $post = get_post($args[0]);
     260        $post_author_data = get_userdata($post->post_author);
     261        //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br/>";
     262        // If the user is the author...
     263        if ($user_id == $post_author_data->ID) {
     264            // If the post is published...
     265            if ($post->post_status == 'publish')
     266                $caps[] = 'delete_published_posts';
     267            else
     268                // If the post is draft...
     269                $caps[] = 'delete_posts';
     270        } else {
     271            // The user is trying to edit someone else's post.
     272            $caps[] = 'delete_others_posts';
     273            // The post is published, extra cap required.
     274            if ($post->post_status == 'publish')
     275                $caps[] = 'delete_published_posts';
     276        }
     277        break;
     278    case 'delete_page':
     279        $author_data = get_userdata($user_id);
     280        //echo "post ID: {$args[0]}<br/>";
     281        $page = get_page($args[0]);
     282        $page_author_data = get_userdata($post->post_author);
     283        //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br/>";
     284        // If the user is the author...
     285        if ($user_id == $page_author_data->ID) {
     286            // If the page is published...
     287            if ($page->post_status == 'publish')
     288                $caps[] = 'delete_published_pages';
     289            else
     290                // If the page is draft...
     291                $caps[] = 'delete_pages';
     292        } else {
     293            // The user is trying to edit someone else's page.
     294            $caps[] = 'delete_others_pages';
     295            // The page is published, extra cap required.
     296            if ($page->post_status == 'publish')
     297                $caps[] = 'delete_published_pages';
     298        }
     299        break;
    256300        // edit_post breaks down to edit_posts, edit_published_posts, or
    257301        // edit_others_posts
     
    267311            if ($post->post_status == 'publish')
    268312                $caps[] = 'edit_published_posts';
    269             else if ($post->post_status == 'static')
    270                 $caps[] = 'edit_pages';
    271313            else
    272314                // If the post is draft...
    273315                $caps[] = 'edit_posts';
    274316        } else {
    275             if ($post->post_status == 'static') {
    276                 $caps[] = 'edit_pages';
    277                 break;
    278             }
    279 
    280317            // The user is trying to edit someone else's post.
    281318            $caps[] = 'edit_others_posts';
     
    283320            if ($post->post_status == 'publish')
    284321                $caps[] = 'edit_published_posts';
     322        }
     323        break;
     324    case 'edit_page':
     325        $author_data = get_userdata($user_id);
     326        //echo "post ID: {$args[0]}<br/>";
     327        $page = get_page($args[0]);
     328        $page_author_data = get_userdata($post->post_author);
     329        //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br/>";
     330        // If the user is the author...
     331        if ($user_id == $page_author_data->ID) {
     332            // If the page is published...
     333            if ($page->post_status == 'publish')
     334                $caps[] = 'edit_published_pages';
     335            else
     336                // If the page is draft...
     337                $caps[] = 'edit_pages';
     338        } else {
     339            // The user is trying to edit someone else's page.
     340            $caps[] = 'edit_others_pages';
     341            // The page is published, extra cap required.
     342            if ($page->post_status == 'publish')
     343                $caps[] = 'edit_published_pages';
    285344        }
    286345        break;
  • trunk/wp-includes/version.php

    r3510 r3513  
    44
    55$wp_version = '2.1-aplha1';
    6 $wp_db_version = 3506;
     6$wp_db_version = 3513;
    77
    88?>
Note: See TracChangeset for help on using the changeset viewer.