WordPress.org

Make WordPress Core

Changeset 5189


Ignore:
Timestamp:
04/06/2007 03:25:41 AM (13 years ago)
Author:
rob1n
Message:

Add a function to unify private posts SQL based on capabilities -- get_private_posts_cap_sql().

Usage: get_private_posts_cap_sql($type), where $type is either 'post' or 'page'.

Props molecularbear. fixes #3861

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post.php

    r5184 r5189  
    16441644}
    16451645
     1646/**
     1647 * This function provides a standardized way to appropriately select on
     1648 * the post_status of posts/pages. The function will return a piece of
     1649 * SQL code that can be added to a WHERE clause; this SQL is constructed
     1650 * to allow all published posts, and all private posts to which the user
     1651 * has access.
     1652 *
     1653 * @param string $post_type currently only supports 'post' or 'page'.
     1654 * @return string SQL code that can be added to a where clause.
     1655 */
     1656function get_private_posts_cap_sql($post_type) {
     1657    global $user_ID;
     1658    $cap = '';
     1659
     1660    // Private posts
     1661    if ($post_type == 'post') {
     1662        $cap = 'read_private_posts';
     1663    // Private pages
     1664    } elseif ($post_type == 'page') {
     1665        $cap = 'read_private_pages';
     1666    // Dunno what it is, maybe plugins have their own post type?
     1667    } else {
     1668        $cap = apply_filters('pub_priv_sql_capability', $cap);
     1669
     1670        if (empty($cap)) {
     1671            // We don't know what it is, filters don't change anything,
     1672            // so set the SQL up to return nothing.
     1673            return '1 = 0';
     1674        }
     1675    }
     1676
     1677    $sql = '(post_status = \'publish\'';
     1678
     1679    if (current_user_can($cap)) {
     1680        // Does the user have the capability to view private posts? Guess so.
     1681        $sql .= ' OR post_status = \'private\'';
     1682    } elseif (is_user_logged_in()) {
     1683        // Users can view their own private posts.
     1684        $sql .= ' OR post_status = \'private\' AND post_author \'' . $user_ID . '\'';
     1685    }
     1686
     1687    $sql .= ')';
     1688
     1689    return $sql;
     1690}
     1691
    16461692?>
Note: See TracChangeset for help on using the changeset viewer.