Changeset 5189
- Timestamp:
- 04/06/2007 03:25:41 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/post.php
r5184 r5189 1644 1644 } 1645 1645 1646 /** 1647 * This function provides a standardized way to appropriately select on 1648 * the post_status of posts/pages. The function will return a piece of 1649 * SQL code that can be added to a WHERE clause; this SQL is constructed 1650 * to allow all published posts, and all private posts to which the user 1651 * has access. 1652 * 1653 * @param string $post_type currently only supports 'post' or 'page'. 1654 * @return string SQL code that can be added to a where clause. 1655 */ 1656 function get_private_posts_cap_sql($post_type) { 1657 global $user_ID; 1658 $cap = ''; 1659 1660 // Private posts 1661 if ($post_type == 'post') { 1662 $cap = 'read_private_posts'; 1663 // Private pages 1664 } elseif ($post_type == 'page') { 1665 $cap = 'read_private_pages'; 1666 // Dunno what it is, maybe plugins have their own post type? 1667 } else { 1668 $cap = apply_filters('pub_priv_sql_capability', $cap); 1669 1670 if (empty($cap)) { 1671 // We don't know what it is, filters don't change anything, 1672 // so set the SQL up to return nothing. 1673 return '1 = 0'; 1674 } 1675 } 1676 1677 $sql = '(post_status = \'publish\''; 1678 1679 if (current_user_can($cap)) { 1680 // Does the user have the capability to view private posts? Guess so. 1681 $sql .= ' OR post_status = \'private\''; 1682 } elseif (is_user_logged_in()) { 1683 // Users can view their own private posts. 1684 $sql .= ' OR post_status = \'private\' AND post_author \'' . $user_ID . '\''; 1685 } 1686 1687 $sql .= ')'; 1688 1689 return $sql; 1690 } 1691 1646 1692 ?>
Note: See TracChangeset
for help on using the changeset viewer.