Changeset 2441

Show
Ignore:
Timestamp:
03/14/05 00:48:11 (4 years ago)
Author:
ryan
Message:

Don't let users who cannot publish edit published posts, even their own. Make consistent use of user_can_create_post(). http://mosquito.wordpress.org/view.php?id=1004 Props: MC_incubus

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/wp-admin/edit-form-advanced.php

    r2413 r2441  
    116116if ('publish' != $post_status || 0 == $post_ID) { 
    117117?> 
    118 <?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?> 
     118<?php if ( user_can_create_post($user_ID) ) : ?> 
    119119    <input name="publish" type="submit" id="publish" tabindex="10" value="<?php _e('Publish') ?>" />  
    120120<?php endif; ?> 
     
    136136    <tr> 
    137137        <th scope="row" valign="top"><?php _e('Post Status') ?>:</th> 
    138         <td><?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?> 
     138        <td><?php if ( user_can_create_post($user_ID) ) : ?> 
    139139<label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post_status, 'publish'); ?> /> <?php _e('Published') ?></label><br /> 
    140140<?php endif; ?> 

  • trunk/wp-admin/edit-form.php

    r2413 r2441  
    5959  <input name="saveasprivate" type="submit" id="saveasprivate" tabindex="10" value="<?php _e('Save as Private') ?>" /> 
    6060 
    61 <?php if ( 1 < $user_level || (1 == $user_level && 2 == get_option('new_users_can_blog')) ) : ?> 
     61    <?php if ( user_can_create_post($user_ID) ) : ?> 
    6262  <input name="publish" type="submit" id="publish" tabindex="6" style="font-weight: bold;" value="<?php _e('Publish') ?>" />  
    6363<?php endif; ?> 

  • trunk/wp-admin/post.php

    r2426 r2441  
    6262        $post_status = 'draft'; 
    6363    // Double-check 
    64     if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) && 2 != get_option('new_users_can_blog')
     64    if ( 'publish' == $post_status && (!user_can_create_post($user_ID))
    6565        $post_status = 'draft'; 
    6666    $comment_status = $_POST['comment_status']; 
     
    230230        die ( __('You are not allowed to view other users\' private posts.') ); 
    231231 
     232    if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) ) { 
     233         _e('You are not allowed to edit published posts.'); 
     234         break; 
     235    } 
     236 
    232237    if ($post_status == 'static') { 
    233238        $page_template = get_post_meta($post_ID, '_wp_page_template', true); 
     
    306311    if (isset($_POST['publish'])) $post_status = 'publish'; 
    307312    // Double-check 
    308     if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) && 2 != get_option('new_users_can_blog')
     313    if ( 'publish' == $post_status && (!user_can_create_post($user_ID))
    309314        $post_status = 'draft'; 
    310315 

  • trunk/wp-register.php

    r2437 r2441  
    5555   $user_nicename = sanitize_title($user_nickname); 
    5656    $now = gmdate('Y-m-d H:i:s'); 
    57     if (get_settings('new_users_can_blog') >= 1) $user_level = 1
     57    $user_level = get_settings('new_users_can_blog')
    5858    $password = substr( md5( uniqid( microtime() ) ), 0, 7); 
    5959