Use meta caps edit_post, read_post, and delete_post directly, rather …

…than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226.

git-svn-id: http://core.svn.wordpress.org/trunk@24593 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/async-upload.php

@@ -47,8 +47,7 @@
 	$post = get_post( $id );
 	if ( 'attachment' != $post->post_type )
 		wp_die( __( 'Unknown post type.' ) );
-	$post_type_object = get_post_type_object( 'attachment' );
-	if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) )
+	if ( ! current_user_can( 'edit_post', $id ) )
 		wp_die( __( 'You are not allowed to edit this item.' ) );
 
 	switch ( $_REQUEST['fetch'] ) {

wp-admin/edit.php

@@ -78,7 +78,7 @@
 			$trashed = $locked = 0;
 
 			foreach( (array) $post_ids as $post_id ) {
-				if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
+				if ( !current_user_can( 'delete_post', $post_id) )
 					wp_die( __('You are not allowed to move this item to the Trash.') );
 
 				if ( wp_check_post_lock( $post_id ) ) {
@@ -97,7 +97,7 @@
 		case 'untrash':
 			$untrashed = 0;
 			foreach( (array) $post_ids as $post_id ) {
-				if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
+				if ( !current_user_can( 'delete_post', $post_id) )
 					wp_die( __('You are not allowed to restore this item from the Trash.') );
 
 				if ( !wp_untrash_post($post_id) )
@@ -112,7 +112,7 @@
 			foreach( (array) $post_ids as $post_id ) {
 				$post_del = get_post($post_id);
 
-				if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
+				if ( !current_user_can( 'delete_post', $post_id ) )
 					wp_die( __('You are not allowed to delete this item.') );
 
 				if ( $post_del->post_type == 'attachment' ) {

wp-admin/includes/class-wp-posts-list-table.php

@@ -480,7 +480,7 @@ function single_row( $post, $level = 0 ) {
 		$edit_link = get_edit_post_link( $post->ID );
 		$title = _draft_or_post_title();
 		$post_type_object = get_post_type_object( $post->post_type );
-		$can_edit_post = current_user_can( $post_type_object->cap->edit_post, $post->ID );
+		$can_edit_post = current_user_can( 'edit_post', $post->ID );
 
 		$alternate = 'alternate' == $alternate ? '' : 'alternate';
 		$classes = $alternate . ' iedit author-' . ( get_current_user_id() == $post->post_author ? 'self' : 'other' );
@@ -585,7 +585,7 @@ function single_row( $post, $level = 0 ) {
 					$actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '" title="' . esc_attr( __( 'Edit this item' ) ) . '">' . __( 'Edit' ) . '</a>';
 					$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . esc_attr( __( 'Edit this item inline' ) ) . '">' . __( 'Quick&nbsp;Edit' ) . '</a>';
 				}
-				if ( current_user_can( $post_type_object->cap->delete_post, $post->ID ) ) {
+				if ( current_user_can( 'delete_post', $post->ID ) ) {
 					if ( 'trash' == $post->post_status )
 						$actions['untrash'] = "<a title='" . esc_attr( __( 'Restore this item from the Trash' ) ) . "' href='" . wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&amp;action=untrash', $post->ID ) ), 'untrash-post_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
 					elseif ( EMPTY_TRASH_DAYS )

wp-admin/includes/media.php

@@ -496,9 +496,8 @@ function media_upload_form_handler() {
 
 	if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
 		$post = $_post = get_post($attachment_id, ARRAY_A);
-		$post_type_object = get_post_type_object( $post[ 'post_type' ] );
 
-		if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
+		if ( !current_user_can( 'edit_post', $attachment_id ) )
 			continue;
 
 		if ( isset($attachment['post_content']) )

wp-admin/includes/post.php

@@ -28,7 +28,7 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 
 	$ptype = get_post_type_object( $post_data['post_type'] );
 
-	if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
+	if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) {
 		if ( 'page' == $post_data['post_type'] )
 			return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
 		else
@@ -172,7 +172,7 @@ function edit_post( $post_data = null ) {
 	$post_data['post_mime_type'] = $post->post_mime_type;
 
 	$ptype = get_post_type_object($post_data['post_type']);
-	if ( !current_user_can( $ptype->cap->edit_post, $post_ID ) ) {
+	if ( !current_user_can( 'edit_post', $post_ID ) ) {
 		if ( 'page' == $post_data['post_type'] )
 			wp_die( __('You are not allowed to edit this page.' ));
 		else
@@ -374,7 +374,7 @@ function bulk_edit_posts( $post_data = null ) {
 	foreach ( $post_IDs as $post_ID ) {
 		$post_type_object = get_post_type_object( get_post_type( $post_ID ) );
 
-		if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) {
+		if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( 'edit_post', $post_ID ) ) {
 			$skipped[] = $post_ID;
 			continue;
 		}

wp-admin/includes/template.php

@@ -240,7 +240,7 @@ function wp_link_category_checklist( $link_id = 0 ) {
  */
 function get_inline_data($post) {
 	$post_type_object = get_post_type_object($post->post_type);
-	if ( ! current_user_can($post_type_object->cap->edit_post, $post->ID) )
+	if ( ! current_user_can( 'edit_post', $post->ID ) )
 		return;
 
 	$title = esc_textarea( trim( $post->post_title ) );

wp-admin/post.php

@@ -139,7 +139,7 @@ function redirect_post($post_id = '') {
 	if ( ! $post_type_object )
 		wp_die( __( 'Unknown post type.' ) );
 
-	if ( ! current_user_can( $post_type_object->cap->edit_post, $post_id ) )
+	if ( ! current_user_can( 'edit_post', $post_id ) )
 		wp_die( __( 'You are not allowed to edit this item.' ) );
 
 	if ( 'trash' == $post->post_status )
@@ -235,7 +235,7 @@ function redirect_post($post_id = '') {
 	if ( ! $post_type_object )
 		wp_die( __( 'Unknown post type.' ) );
 
-	if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
+	if ( ! current_user_can( 'delete_post', $post_id ) )
 		wp_die( __( 'You are not allowed to move this item to the Trash.' ) );
 
 	if ( $user_id = wp_check_post_lock( $post_id ) ) {
@@ -259,7 +259,7 @@ function redirect_post($post_id = '') {
 	if ( ! $post_type_object )
 		wp_die( __( 'Unknown post type.' ) );
 
-	if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
+	if ( ! current_user_can( 'delete_post', $post_id ) )
 		wp_die( __( 'You are not allowed to move this item out of the Trash.' ) );
 
 	if ( ! wp_untrash_post( $post_id ) )
@@ -278,7 +278,7 @@ function redirect_post($post_id = '') {
 	if ( ! $post_type_object )
 		wp_die( __( 'Unknown post type.' ) );
 
-	if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
+	if ( ! current_user_can( 'delete_post', $post_id ) )
 		wp_die( __( 'You are not allowed to delete this item.' ) );
 
 	$force = ! EMPTY_TRASH_DAYS;

wp-includes/admin-bar.php

@@ -429,7 +429,7 @@ function wp_admin_bar_edit_menu( $wp_admin_bar ) {
 		if ( 'post' == $current_screen->base
 			&& 'add' != $current_screen->action
 			&& ( $post_type_object = get_post_type_object( $post->post_type ) )
-			&& current_user_can( $post_type_object->cap->read_post, $post->ID )
+			&& current_user_can( 'read_post', $post->ID )
 			&& ( $post_type_object->public )
 			&& ( $post_type_object->show_in_admin_bar ) )
 		{
@@ -457,7 +457,7 @@ function wp_admin_bar_edit_menu( $wp_admin_bar ) {
 
 		if ( ! empty( $current_object->post_type )
 			&& ( $post_type_object = get_post_type_object( $current_object->post_type ) )
-			&& current_user_can( $post_type_object->cap->edit_post, $current_object->ID )
+			&& current_user_can( 'edit_post', $current_object->ID )
 			&& $post_type_object->show_ui && $post_type_object->show_in_admin_bar )
 		{
 			$wp_admin_bar->add_menu( array(

wp-includes/capabilities.php

@@ -1162,8 +1162,7 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'delete_post_meta':
 	case 'add_post_meta':
 		$post = get_post( $args[0] );
-		$post_type_object = get_post_type_object( $post->post_type );
-		$caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
+		$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
 
 		$meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false;
 
@@ -1178,9 +1177,7 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'edit_comment':
 		$comment = get_comment( $args[0] );
 		$post = get_post( $comment->comment_post_ID );
-		$post_type_object = get_post_type_object( $post->post_type );
-
-		$caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
+		$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
 		break;
 	case 'unfiltered_upload':
 		if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )

wp-includes/class-wp-xmlrpc-server.php

@@ -1017,7 +1017,7 @@ protected function _insert_post( $user, $content_struct ) {
 		if ( $update ) {
 			if ( ! get_post( $post_data['ID'] ) )
 				return new IXR_Error( 401, __( 'Invalid post ID.' ) );
-			if ( ! current_user_can( $post_type->cap->edit_post, $post_data['ID'] ) )
+			if ( ! current_user_can( 'edit_post', $post_data['ID'] ) )
 				return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
 			if ( $post_data['post_type'] != get_post_type( $post_data['ID'] ) )
 				return new IXR_Error( 401, __( 'The post type may not be changed.' ) );
@@ -1327,8 +1327,7 @@ function wp_deletePost( $args ) {
 		if ( empty( $post['ID'] ) )
 			return new IXR_Error( 404, __( 'Invalid post ID.' ) );
 
-		$post_type = get_post_type_object( $post['post_type'] );
-		if ( ! current_user_can( $post_type->cap->delete_post, $post_id ) )
+		if ( ! current_user_can( 'delete_post', $post_id ) )
 			return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) );
 
 		$result = wp_delete_post( $post_id );
@@ -1409,8 +1408,7 @@ function wp_getPost( $args ) {
 		if ( empty( $post['ID'] ) )
 			return new IXR_Error( 404, __( 'Invalid post ID.' ) );
 
-		$post_type = get_post_type_object( $post['post_type'] );
-		if ( ! current_user_can( $post_type->cap->edit_post, $post_id ) )
+		if ( ! current_user_can( 'edit_post', $post_id ) )
 			return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) );
 
 		return $this->_prepare_post( $post, $fields );
@@ -1505,8 +1503,7 @@ function wp_getPosts( $args ) {
 		$struct = array();
 
 		foreach ( $posts_list as $post ) {
-			$post_type = get_post_type_object( $post['post_type'] );
-			if ( ! current_user_can( $post_type->cap->edit_post, $post['ID'] ) )
+			if ( ! current_user_can( 'edit_post', $post['ID'] ) )
 				continue;
 
 			$struct[] = $this->_prepare_post( $post, $fields );

wp-includes/link-template.php

@@ -906,7 +906,7 @@ function get_edit_post_link( $id = 0, $context = 'display' ) {
 	if ( !$post_type_object )
 		return;
 
-	if ( !current_user_can( $post_type_object->cap->edit_post, $post->ID ) )
+	if ( !current_user_can( 'edit_post', $post->ID ) )
 		return;
 
 	return apply_filters( 'get_edit_post_link', admin_url( sprintf($post_type_object->_edit_link . $action, $post->ID) ), $post->ID, $context );
@@ -960,7 +960,7 @@ function get_delete_post_link( $id = 0, $deprecated = '', $force_delete = false
 	if ( !$post_type_object )
 		return;
 
-	if ( !current_user_can( $post_type_object->cap->delete_post, $post->ID ) )
+	if ( !current_user_can( 'delete_post', $post->ID ) )
 		return;
 
 	$action = ( $force_delete || !EMPTY_TRASH_DAYS ) ? 'delete' : 'trash';

wp-includes/query.php

@@ -2440,14 +2440,13 @@ function get_posts() {
 			$post_type_object = get_post_type_object ( 'post' );
 		}
 
+		$edit_cap = 'edit_post';
+		$read_cap = 'read_post';
+
 		if ( ! empty( $post_type_object ) ) {
-			$edit_cap = $post_type_object->cap->edit_post;
-			$read_cap = $post_type_object->cap->read_post;
 			$edit_others_cap = $post_type_object->cap->edit_others_posts;
 			$read_private_cap = $post_type_object->cap->read_private_posts;
 		} else {
-			$edit_cap = 'edit_' . $post_type_cap;
-			$read_cap = 'read_' . $post_type_cap;
 			$edit_others_cap = 'edit_others_' . $post_type_cap . 's';
 			$read_private_cap = 'read_private_' . $post_type_cap . 's';
 		}