Use meta caps edit_post, read_post, and delete_post directly, rather than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226.
git-svn-id: http://core.svn.wordpress.org/trunk@24593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin
@@ -47,8 +47,7 @@ if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id
|
||||
$post = get_post( $id );
|
||||
if ( 'attachment' != $post->post_type )
|
||||
wp_die( __( 'Unknown post type.' ) );
|
||||
$post_type_object = get_post_type_object( 'attachment' );
|
||||
if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) )
|
||||
if ( ! current_user_can( 'edit_post', $id ) )
|
||||
wp_die( __( 'You are not allowed to edit this item.' ) );
|
||||
|
||||
switch ( $_REQUEST['fetch'] ) {
|
||||
|
||||
@@ -78,7 +78,7 @@ if ( $doaction ) {
|
||||
$trashed = $locked = 0;
|
||||
|
||||
foreach( (array) $post_ids as $post_id ) {
|
||||
if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
|
||||
if ( !current_user_can( 'delete_post', $post_id) )
|
||||
wp_die( __('You are not allowed to move this item to the Trash.') );
|
||||
|
||||
if ( wp_check_post_lock( $post_id ) ) {
|
||||
@@ -97,7 +97,7 @@ if ( $doaction ) {
|
||||
case 'untrash':
|
||||
$untrashed = 0;
|
||||
foreach( (array) $post_ids as $post_id ) {
|
||||
if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
|
||||
if ( !current_user_can( 'delete_post', $post_id) )
|
||||
wp_die( __('You are not allowed to restore this item from the Trash.') );
|
||||
|
||||
if ( !wp_untrash_post($post_id) )
|
||||
@@ -112,7 +112,7 @@ if ( $doaction ) {
|
||||
foreach( (array) $post_ids as $post_id ) {
|
||||
$post_del = get_post($post_id);
|
||||
|
||||
if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
|
||||
if ( !current_user_can( 'delete_post', $post_id ) )
|
||||
wp_die( __('You are not allowed to delete this item.') );
|
||||
|
||||
if ( $post_del->post_type == 'attachment' ) {
|
||||
|
||||
@@ -480,7 +480,7 @@ class WP_Posts_List_Table extends WP_List_Table {
|
||||
$edit_link = get_edit_post_link( $post->ID );
|
||||
$title = _draft_or_post_title();
|
||||
$post_type_object = get_post_type_object( $post->post_type );
|
||||
$can_edit_post = current_user_can( $post_type_object->cap->edit_post, $post->ID );
|
||||
$can_edit_post = current_user_can( 'edit_post', $post->ID );
|
||||
|
||||
$alternate = 'alternate' == $alternate ? '' : 'alternate';
|
||||
$classes = $alternate . ' iedit author-' . ( get_current_user_id() == $post->post_author ? 'self' : 'other' );
|
||||
@@ -585,7 +585,7 @@ class WP_Posts_List_Table extends WP_List_Table {
|
||||
$actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '" title="' . esc_attr( __( 'Edit this item' ) ) . '">' . __( 'Edit' ) . '</a>';
|
||||
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . esc_attr( __( 'Edit this item inline' ) ) . '">' . __( 'Quick Edit' ) . '</a>';
|
||||
}
|
||||
if ( current_user_can( $post_type_object->cap->delete_post, $post->ID ) ) {
|
||||
if ( current_user_can( 'delete_post', $post->ID ) ) {
|
||||
if ( 'trash' == $post->post_status )
|
||||
$actions['untrash'] = "<a title='" . esc_attr( __( 'Restore this item from the Trash' ) ) . "' href='" . wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&action=untrash', $post->ID ) ), 'untrash-post_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
|
||||
elseif ( EMPTY_TRASH_DAYS )
|
||||
|
||||
@@ -496,9 +496,8 @@ function media_upload_form_handler() {
|
||||
|
||||
if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
|
||||
$post = $_post = get_post($attachment_id, ARRAY_A);
|
||||
$post_type_object = get_post_type_object( $post[ 'post_type' ] );
|
||||
|
||||
if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
|
||||
if ( !current_user_can( 'edit_post', $attachment_id ) )
|
||||
continue;
|
||||
|
||||
if ( isset($attachment['post_content']) )
|
||||
|
||||
@@ -28,7 +28,7 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
|
||||
|
||||
$ptype = get_post_type_object( $post_data['post_type'] );
|
||||
|
||||
if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
|
||||
if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) {
|
||||
if ( 'page' == $post_data['post_type'] )
|
||||
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
|
||||
else
|
||||
@@ -172,7 +172,7 @@ function edit_post( $post_data = null ) {
|
||||
$post_data['post_mime_type'] = $post->post_mime_type;
|
||||
|
||||
$ptype = get_post_type_object($post_data['post_type']);
|
||||
if ( !current_user_can( $ptype->cap->edit_post, $post_ID ) ) {
|
||||
if ( !current_user_can( 'edit_post', $post_ID ) ) {
|
||||
if ( 'page' == $post_data['post_type'] )
|
||||
wp_die( __('You are not allowed to edit this page.' ));
|
||||
else
|
||||
@@ -374,7 +374,7 @@ function bulk_edit_posts( $post_data = null ) {
|
||||
foreach ( $post_IDs as $post_ID ) {
|
||||
$post_type_object = get_post_type_object( get_post_type( $post_ID ) );
|
||||
|
||||
if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) {
|
||||
if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( 'edit_post', $post_ID ) ) {
|
||||
$skipped[] = $post_ID;
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -240,7 +240,7 @@ function wp_link_category_checklist( $link_id = 0 ) {
|
||||
*/
|
||||
function get_inline_data($post) {
|
||||
$post_type_object = get_post_type_object($post->post_type);
|
||||
if ( ! current_user_can($post_type_object->cap->edit_post, $post->ID) )
|
||||
if ( ! current_user_can( 'edit_post', $post->ID ) )
|
||||
return;
|
||||
|
||||
$title = esc_textarea( trim( $post->post_title ) );
|
||||
|
||||
@@ -139,7 +139,7 @@ case 'edit':
|
||||
if ( ! $post_type_object )
|
||||
wp_die( __( 'Unknown post type.' ) );
|
||||
|
||||
if ( ! current_user_can( $post_type_object->cap->edit_post, $post_id ) )
|
||||
if ( ! current_user_can( 'edit_post', $post_id ) )
|
||||
wp_die( __( 'You are not allowed to edit this item.' ) );
|
||||
|
||||
if ( 'trash' == $post->post_status )
|
||||
@@ -235,7 +235,7 @@ case 'trash':
|
||||
if ( ! $post_type_object )
|
||||
wp_die( __( 'Unknown post type.' ) );
|
||||
|
||||
if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
|
||||
if ( ! current_user_can( 'delete_post', $post_id ) )
|
||||
wp_die( __( 'You are not allowed to move this item to the Trash.' ) );
|
||||
|
||||
if ( $user_id = wp_check_post_lock( $post_id ) ) {
|
||||
@@ -259,7 +259,7 @@ case 'untrash':
|
||||
if ( ! $post_type_object )
|
||||
wp_die( __( 'Unknown post type.' ) );
|
||||
|
||||
if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
|
||||
if ( ! current_user_can( 'delete_post', $post_id ) )
|
||||
wp_die( __( 'You are not allowed to move this item out of the Trash.' ) );
|
||||
|
||||
if ( ! wp_untrash_post( $post_id ) )
|
||||
@@ -278,7 +278,7 @@ case 'delete':
|
||||
if ( ! $post_type_object )
|
||||
wp_die( __( 'Unknown post type.' ) );
|
||||
|
||||
if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
|
||||
if ( ! current_user_can( 'delete_post', $post_id ) )
|
||||
wp_die( __( 'You are not allowed to delete this item.' ) );
|
||||
|
||||
$force = ! EMPTY_TRASH_DAYS;
|
||||
|
||||
Reference in New Issue
Block a user