WordPress.org

Make WordPress Core

Changeset 5189


Ignore:
Timestamp:
04/06/07 03:25:41 (7 years ago)
Author:
rob1n
Message:

Add a function to unify private posts SQL based on capabilities -- get_private_posts_cap_sql().

Usage: get_private_posts_cap_sql($type), where $type is either 'post' or 'page'.

Props molecularbear. fixes #3861

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post.php

    r5184 r5189  
    16441644} 
    16451645 
     1646/** 
     1647 * This function provides a standardized way to appropriately select on 
     1648 * the post_status of posts/pages. The function will return a piece of 
     1649 * SQL code that can be added to a WHERE clause; this SQL is constructed 
     1650 * to allow all published posts, and all private posts to which the user 
     1651 * has access. 
     1652 *  
     1653 * @param string $post_type currently only supports 'post' or 'page'. 
     1654 * @return string SQL code that can be added to a where clause. 
     1655 */ 
     1656function get_private_posts_cap_sql($post_type) { 
     1657    global $user_ID; 
     1658    $cap = ''; 
     1659 
     1660    // Private posts 
     1661    if ($post_type == 'post') { 
     1662        $cap = 'read_private_posts'; 
     1663    // Private pages 
     1664    } elseif ($post_type == 'page') { 
     1665        $cap = 'read_private_pages'; 
     1666    // Dunno what it is, maybe plugins have their own post type? 
     1667    } else { 
     1668        $cap = apply_filters('pub_priv_sql_capability', $cap); 
     1669 
     1670        if (empty($cap)) { 
     1671            // We don't know what it is, filters don't change anything, 
     1672            // so set the SQL up to return nothing. 
     1673            return '1 = 0'; 
     1674        } 
     1675    } 
     1676 
     1677    $sql = '(post_status = \'publish\''; 
     1678 
     1679    if (current_user_can($cap)) { 
     1680        // Does the user have the capability to view private posts? Guess so. 
     1681        $sql .= ' OR post_status = \'private\''; 
     1682    } elseif (is_user_logged_in()) { 
     1683        // Users can view their own private posts. 
     1684        $sql .= ' OR post_status = \'private\' AND post_author \'' . $user_ID . '\''; 
     1685    } 
     1686 
     1687    $sql .= ')'; 
     1688 
     1689    return $sql; 
     1690} 
     1691 
    16461692?> 
Note: See TracChangeset for help on using the changeset viewer.