Make WordPress Core

Changeset 7109


Ignore:
Timestamp:
02/29/2008 09:49:49 PM (17 years ago)
Author:
ryan
Message:

Add option to check caps when querying a particular post status. fixes #6052

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit.php

    r7098 r7109  
    8282<?php
    8383$status_links = array();
    84 $num_posts = wp_count_posts('post');
     84$num_posts = wp_count_posts('post', 'readable');
    8585foreach ( $post_stati as $status => $label ) {
    8686    $class = '';
     
    8989        continue;
    9090
     91    if ( empty($num_posts->$status) )
     92        continue;
    9193    if ( $status == $_GET['post_status'] )
    9294        $class = ' class="current"';
  • trunk/wp-admin/includes/post.php

    r7103 r7109  
    514514
    515515    $post_status_q = '';
    516     if ( isset($q['post_status']) && in_array( $q['post_status'], array_keys($post_stati) ) )
     516    if ( isset($q['post_status']) && in_array( $q['post_status'], array_keys($post_stati) ) ) {
    517517        $post_status_q = '&post_status=' . $q['post_status'];
     518        $post_status_q .= '&perm=readable';
     519    }
    518520
    519521    if ( 'pending' === $q['post_status'] ) {
  • trunk/wp-includes/classes.php

    r7103 r7109  
    44    var $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'debug', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots');
    55
    6     var $private_query_vars = array('offset', 'posts_per_page', 'posts_per_archive_page', 'what_to_show', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type');
     6    var $private_query_vars = array('offset', 'posts_per_page', 'posts_per_archive_page', 'what_to_show', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type', 'perm');
    77    var $extra_query_vars = array();
    88
  • trunk/wp-includes/post.php

    r7100 r7109  
    823823 * @return array Number of posts for each status
    824824 */
    825 function wp_count_posts( $type = 'post' ) {
     825function wp_count_posts( $type = 'post', $perm = '' ) {
    826826    global $wpdb;
    827827
    828     $count = $wpdb->get_results( $wpdb->prepare( "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s GROUP BY post_status", $type ), ARRAY_A );
     828    $user = wp_get_current_user();
     829
     830    $query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s";
     831    if ( 'readable' == $perm && is_user_logged_in() ) {
     832        if ( !current_user_can("read_private_{$type}s") )
     833            $query .= " AND (post_status != 'private' OR ( post_author = '$user->ID' AND post_status = 'private' ))";
     834    }
     835    $query .= ' GROUP BY post_status';
     836    $count = $wpdb->get_results( $wpdb->prepare( $query, $type ), ARRAY_A );
    829837
    830838    $stats = array( );
  • trunk/wp-includes/query.php

    r7070 r7109  
    12141214            $q_status = explode(',', $q['post_status']);
    12151215            $r_status = array();
     1216            $p_status = array();
    12161217            if ( in_array( 'draft'  , $q_status ) )
    12171218                $r_status[] = "post_status = 'draft'";
     
    12231224                $r_status[] = "post_status = 'inherit'";
    12241225            if ( in_array( 'private', $q_status ) )
    1225                 $r_status[] = "post_status = 'private'";
     1226                $p_status[] = "post_status = 'private'";
    12261227            if ( in_array( 'publish', $q_status ) )
    12271228                $r_status[] = "post_status = 'publish'";
    1228             if ( !empty($r_status) )
    1229                 $where .= " AND (" . join( ' OR ', $r_status ) . ")";
     1229
     1230            if ( empty($q['perm'] ) || 'readable' != $q['perm'] ) {
     1231                $r_status = array_merge($r_status, $p_status);
     1232                unset($p_status);
     1233            }
     1234
     1235            if ( !empty($r_status) ) {
     1236                if ( !empty($q['perm'] ) && 'editable' == $q['perm'] && !current_user_can("edit_others_{$post_type}s") )
     1237                    $where .= " AND (post_author = $user_ID " .  "AND (" . join( ' OR ', $r_status ) . "))";
     1238                else
     1239                    $where .= " AND (" . join( ' OR ', $r_status ) . ")";
     1240            }
     1241            if ( !empty($p_status) ) {
     1242                if ( !empty($q['perm'] ) && 'readable' == $q['perm'] && !current_user_can("read_private_{$post_type}s") )
     1243                    $where .= " AND (post_author = $user_ID " .  "AND (" . join( ' OR ', $p_status ) . "))";
     1244                else
     1245                    $where .= " AND (" . join( ' OR ', $p_status ) . ")";
     1246            }
    12301247        } elseif ( !$this->is_singular ) {
    12311248            $where .= " AND (post_status = 'publish'";
Note: See TracChangeset for help on using the changeset viewer.