need a standardized way to include private posts in queries
|Reported by:||molecularbear||Owned by:||rob1n|
The codebase is currently littered with ad hoc queries that perform various selections on wp_posts. This makes the code very difficult to maintain - case in point is the inclusion of "post_status = 'private'" when appropriate. The idea is that a user who has 'read_private_posts' should always see private posts; such a user should also see stats (i.e. post count) that include private posts. To make this possible, one would need to modify quite a few queries scattererd about the code.
While the ideal solution is to do a massive code cleanup, centralizing all the queries in a few classes, I have a less tedious solution. Attached is a patch to wp-includes/post.php that adds a single function: wp_get_pub_and_priv_sql($post_type). I'll let the comment block do the describing:
* This function provides a standardized way to appropriately select on * the post_status of posts/pages. The function will return a piece of * SQL code that can be added to a WHERE clause; this SQL is constructed * to allow all published posts, and all private posts to which the user * has access. * @param string $post_type currently only supports 'post' or 'page'. * @return string SQL code that can be added to a where clause.
Instead of dropping in a bunch of code to every query that needs it, one would do something like:
$query = "SELECT * FROM wp_posts WHERE <conds> AND " . wp_get_pub_and_priv_sql('post');
This makes the code easier to write, takes some of the public-vs-private burden off of the programmer, and most importantly, centralizes the logic.