Changeset 7109

Show
Ignore:
Timestamp:
02/29/08 21:49:49 (5 months ago)
Author:
ryan
Message:

Add option to check caps when querying a particular post status. fixes #6052

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/wp-admin/edit.php

    r7098 r7109  
    8282<?php 
    8383$status_links = array(); 
    84 $num_posts = wp_count_posts('post'); 
     84$num_posts = wp_count_posts('post', 'readable'); 
    8585foreach ( $post_stati as $status => $label ) { 
    8686    $class = ''; 
     
    8989        continue; 
    9090 
     91    if ( empty($num_posts->$status) ) 
     92        continue; 
    9193    if ( $status == $_GET['post_status'] ) 
    9294        $class = ' class="current"'; 

  • trunk/wp-admin/includes/post.php

    r7103 r7109  
    514514 
    515515    $post_status_q = ''; 
    516     if ( isset($q['post_status']) && in_array( $q['post_status'], array_keys($post_stati) ) ) 
     516    if ( isset($q['post_status']) && in_array( $q['post_status'], array_keys($post_stati) ) ) { 
    517517        $post_status_q = '&post_status=' . $q['post_status']; 
     518        $post_status_q .= '&perm=readable'; 
     519    } 
    518520 
    519521    if ( 'pending' === $q['post_status'] ) { 

  • trunk/wp-includes/classes.php

    r7103 r7109  
    44    var $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'debug', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots'); 
    55 
    6     var $private_query_vars = array('offset', 'posts_per_page', 'posts_per_archive_page', 'what_to_show', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type'); 
     6    var $private_query_vars = array('offset', 'posts_per_page', 'posts_per_archive_page', 'what_to_show', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type', 'perm'); 
    77    var $extra_query_vars = array(); 
    88 

  • trunk/wp-includes/post.php

    r7100 r7109  
    823823 * @return array Number of posts for each status 
    824824 */ 
    825 function wp_count_posts( $type = 'post' ) { 
     825function wp_count_posts( $type = 'post', $perm = '' ) { 
    826826    global $wpdb; 
    827827 
    828     $count = $wpdb->get_results( $wpdb->prepare( "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s GROUP BY post_status", $type ), ARRAY_A ); 
     828    $user = wp_get_current_user(); 
     829 
     830    $query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s"; 
     831    if ( 'readable' == $perm && is_user_logged_in() ) { 
     832        if ( !current_user_can("read_private_{$type}s") ) 
     833            $query .= " AND (post_status != 'private' OR ( post_author = '$user->ID' AND post_status = 'private' ))"; 
     834    } 
     835    $query .= ' GROUP BY post_status'; 
     836    $count = $wpdb->get_results( $wpdb->prepare( $query, $type ), ARRAY_A ); 
    829837 
    830838    $stats = array( ); 

  • trunk/wp-includes/query.php

    r7070 r7109  
    12141214            $q_status = explode(',', $q['post_status']); 
    12151215            $r_status = array(); 
     1216            $p_status = array(); 
    12161217            if ( in_array( 'draft'  , $q_status ) ) 
    12171218                $r_status[] = "post_status = 'draft'"; 
     
    12231224                $r_status[] = "post_status = 'inherit'"; 
    12241225            if ( in_array( 'private', $q_status ) ) 
    1225                 $r_status[] = "post_status = 'private'"; 
     1226                $p_status[] = "post_status = 'private'"; 
    12261227            if ( in_array( 'publish', $q_status ) ) 
    12271228                $r_status[] = "post_status = 'publish'"; 
    1228             if ( !empty($r_status) ) 
    1229                 $where .= " AND (" . join( ' OR ', $r_status ) . ")"; 
     1229 
     1230            if ( empty($q['perm'] ) || 'readable' != $q['perm'] ) { 
     1231                $r_status = array_merge($r_status, $p_status); 
     1232                unset($p_status); 
     1233            } 
     1234 
     1235            if ( !empty($r_status) ) { 
     1236                if ( !empty($q['perm'] ) && 'editable' == $q['perm'] && !current_user_can("edit_others_{$post_type}s") ) 
     1237                    $where .= " AND (post_author = $user_ID " .  "AND (" . join( ' OR ', $r_status ) . "))"; 
     1238                else 
     1239                    $where .= " AND (" . join( ' OR ', $r_status ) . ")"; 
     1240            } 
     1241            if ( !empty($p_status) ) { 
     1242                if ( !empty($q['perm'] ) && 'readable' == $q['perm'] && !current_user_can("read_private_{$post_type}s") ) 
     1243                    $where .= " AND (post_author = $user_ID " .  "AND (" . join( ' OR ', $p_status ) . "))"; 
     1244                else 
     1245                    $where .= " AND (" . join( ' OR ', $p_status ) . ")"; 
     1246            } 
    12301247        } elseif ( !$this->is_singular ) { 
    12311248            $where .= " AND (post_status = 'publish'";