WordPress.org

Make WordPress Core

Opened 9 years ago

Closed 8 years ago

Last modified 6 years ago

#3861 closed task (blessed) (fixed)

need a standardized way to include private posts in queries

Reported by: molecularbear Owned by: rob1n
Milestone: 2.2 Priority: normal
Severity: normal Version: 2.1.1
Component: General Keywords: has-patch commit
Focuses: Cc:

Description

The codebase is currently littered with ad hoc queries that perform various selections on wp_posts. This makes the code very difficult to maintain - case in point is the inclusion of "post_status = 'private'" when appropriate. The idea is that a user who has 'read_private_posts' should always see private posts; such a user should also see stats (i.e. post count) that include private posts. To make this possible, one would need to modify quite a few queries scattererd about the code.

While the ideal solution is to do a massive code cleanup, centralizing all the queries in a few classes, I have a less tedious solution. Attached is a patch to wp-includes/post.php that adds a single function: wp_get_pub_and_priv_sql($post_type). I'll let the comment block do the describing:

 * This function provides a standardized way to appropriately select on
 * the post_status of posts/pages. The function will return a piece of
 * SQL code that can be added to a WHERE clause; this SQL is constructed
 * to allow all published posts, and all private posts to which the user
 * has access.
 * @param string $post_type currently only supports 'post' or 'page'.
 * @return string SQL code that can be added to a where clause.

Instead of dropping in a bunch of code to every query that needs it, one would do something like:

$query = "SELECT * FROM wp_posts WHERE <conds> AND " . wp_get_pub_and_priv_sql('post');

This makes the code easier to write, takes some of the public-vs-private burden off of the programmer, and most importantly, centralizes the logic.

Attachments (2)

post.patch (1.1 KB) - added by molecularbear 9 years ago.
Changed function name from wp_get_pub_and_priv_sql to wp_get_pub_priv_sql
3861.diff (1.6 KB) - added by rob1n 8 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 @rob1n9 years ago

  • Keywords has-patch added
  • Milestone changed from 2.1.2 to 2.2

@molecularbear9 years ago

Changed function name from wp_get_pub_and_priv_sql to wp_get_pub_priv_sql

comment:2 @markjaquith9 years ago

  • Keywords 2nd-opinion added
  • Owner changed from anonymous to ryan

Ryan, your ball. I like the idea of consolidating the logic.

comment:4 @foolswisdom8 years ago

  • Keywords 2nd-opinion removed

comment:5 @rob1n8 years ago

I don't really like the function name. The name doesn't really mean anything unless you know what it does already, and it's a bit long. But I can't think of anything better :\.

comment:6 @rob1n8 years ago

  • Keywords commit added
  • Owner changed from ryan to rob1n

Thinking about it a bit more, I think the current function name is good.

+1.

@rob1n8 years ago

comment:7 @rob1n8 years ago

Rewrote the function and added support for filters so plugins can use wp_get_pub_priv_sql() too for their own post types.

comment:8 @rob1n8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [5189]) Add a function to unify private posts SQL based on capabilities -- get_private_posts_cap_sql().

Usage: get_private_posts_cap_sql($type), where $type is either 'post' or 'page'.

Props molecularbear. fixes #3861

Note: See TracTickets for help on using tickets.