Changeset 39179 for trunk/src/wp-includes/capabilities.php
- Timestamp:
- 11/09/2016 03:41:07 AM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/capabilities.php
r39175 r39179 243 243 case 'delete_post_meta': 244 244 case 'add_post_meta': 245 $post = get_post( $args[0] ); 246 if ( ! $post ) { 247 $caps[] = 'do_not_allow'; 248 break; 249 } 250 251 $post_type = get_post_type( $post ); 252 253 $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); 254 255 $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false; 256 257 if ( $meta_key && ( has_filter( "auth_post_meta_{$meta_key}" ) || has_filter( "auth_post_{$post_type}_meta_{$meta_key}" ) ) ) { 258 /** 259 * Filters whether the user is allowed to add post meta to a post. 260 * 261 * The dynamic portion of the hook name, `$meta_key`, refers to the 262 * meta key passed to map_meta_cap(). 263 * 264 * @since 3.3.0 265 * 266 * @param bool $allowed Whether the user can add the post meta. Default false. 267 * @param string $meta_key The meta key. 268 * @param int $post_id Post ID. 269 * @param int $user_id User ID. 270 * @param string $cap Capability name. 271 * @param array $caps User capabilities. 272 */ 273 $allowed = apply_filters( "auth_post_meta_{$meta_key}", false, $meta_key, $post->ID, $user_id, $cap, $caps ); 274 275 /** 276 * Filters whether the user is allowed to add post meta to a post of a given type. 277 * 278 * The dynamic portions of the hook name, `$meta_key` and `$post_type`, 279 * refer to the meta key passed to map_meta_cap() and the post type, respectively. 280 * 281 * @since 4.6.0 282 * 283 * @param bool $allowed Whether the user can add the post meta. Default false. 284 * @param string $meta_key The meta key. 285 * @param int $post_id Post ID. 286 * @param int $user_id User ID. 287 * @param string $cap Capability name. 288 * @param array $caps User capabilities. 289 */ 290 $allowed = apply_filters( "auth_post_{$post_type}_meta_{$meta_key}", $allowed, $meta_key, $post->ID, $user_id, $cap, $caps ); 291 292 if ( ! $allowed ) 245 case 'edit_comment_meta': 246 case 'delete_comment_meta': 247 case 'add_comment_meta': 248 case 'edit_term_meta': 249 case 'delete_term_meta': 250 case 'add_term_meta': 251 case 'edit_user_meta': 252 case 'delete_user_meta': 253 case 'add_user_meta': 254 list( $_, $object_type, $_ ) = explode( '_', $cap ); 255 $object_id = (int) $args[0]; 256 257 switch ( $object_type ) { 258 case 'post': 259 $post = get_post( $object_id ); 260 if ( ! $post ) { 261 break; 262 } 263 264 $sub_type = get_post_type( $post ); 265 break; 266 267 case 'comment': 268 $comment = get_comment( $object_id ); 269 if ( ! $comment ) { 270 break; 271 } 272 273 $sub_type = empty( $comment->comment_type ) ? 'comment' : $comment->comment_type; 274 break; 275 276 case 'term': 277 $term = get_term( $object_id ); 278 if ( ! $term ) { 279 break; 280 } 281 282 $sub_type = $term->taxonomy; 283 break; 284 285 case 'user': 286 $user = get_user_by( 'id', $object_id ); 287 if ( ! $user ) { 288 break; 289 } 290 291 $sub_type = 'user'; 292 break; 293 } 294 295 if ( empty( $sub_type ) ) { 296 $caps[] = 'do_not_allow'; 297 break; 298 } 299 300 $caps = map_meta_cap( "edit_{$object_type}", $user_id, $object_id ); 301 302 $meta_key = isset( $args[1] ) ? $args[1] : false; 303 304 $has_filter = has_filter( "auth_{$object_type}_meta_{$meta_key}" ) || has_filter( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}" ); 305 if ( $meta_key && $has_filter ) { 306 /** This filter is documented in wp-includes/meta.php */ 307 $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", false, $meta_key, $object_id, $user_id, $cap, $caps ); 308 309 /** This filter is documented in wp-includes/meta.php */ 310 $allowed = apply_filters( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps ); 311 312 if ( ! $allowed ) { 293 313 $caps[] = $cap; 294 } elseif ( $meta_key && is_protected_meta( $meta_key, 'post' ) ) { 314 } 315 } elseif ( $meta_key && is_protected_meta( $meta_key, $object_type ) ) { 295 316 $caps[] = $cap; 296 317 }
Note: See TracChangeset
for help on using the changeset viewer.