From c2db94d10cb01fbb5babcd717896c89fa82f90e0 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Mon, 8 Jul 2013 20:05:42 +0000 Subject: [PATCH] Use meta caps edit_post, read_post, and delete_post directly, rather than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226. git-svn-id: http://core.svn.wordpress.org/trunk@24593 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/async-upload.php | 3 +-- wp-admin/edit.php | 6 +++--- wp-admin/includes/class-wp-posts-list-table.php | 4 ++-- wp-admin/includes/media.php | 3 +-- wp-admin/includes/post.php | 6 +++--- wp-admin/includes/template.php | 2 +- wp-admin/post.php | 8 ++++---- wp-includes/admin-bar.php | 4 ++-- wp-includes/capabilities.php | 7 ++----- wp-includes/class-wp-xmlrpc-server.php | 11 ++++------- wp-includes/link-template.php | 4 ++-- wp-includes/query.php | 7 +++---- 12 files changed, 28 insertions(+), 37 deletions(-) diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php index 63497642f946..296342eaa13f 100644 --- a/wp-admin/async-upload.php +++ b/wp-admin/async-upload.php @@ -47,8 +47,7 @@ $post = get_post( $id ); if ( 'attachment' != $post->post_type ) wp_die( __( 'Unknown post type.' ) ); - $post_type_object = get_post_type_object( 'attachment' ); - if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) ) + if ( ! current_user_can( 'edit_post', $id ) ) wp_die( __( 'You are not allowed to edit this item.' ) ); switch ( $_REQUEST['fetch'] ) { diff --git a/wp-admin/edit.php b/wp-admin/edit.php index ab71f61031a8..65fd03426aa4 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -78,7 +78,7 @@ $trashed = $locked = 0; foreach( (array) $post_ids as $post_id ) { - if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) + if ( !current_user_can( 'delete_post', $post_id) ) wp_die( __('You are not allowed to move this item to the Trash.') ); if ( wp_check_post_lock( $post_id ) ) { @@ -97,7 +97,7 @@ case 'untrash': $untrashed = 0; foreach( (array) $post_ids as $post_id ) { - if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) + if ( !current_user_can( 'delete_post', $post_id) ) wp_die( __('You are not allowed to restore this item from the Trash.') ); if ( !wp_untrash_post($post_id) ) @@ -112,7 +112,7 @@ foreach( (array) $post_ids as $post_id ) { $post_del = get_post($post_id); - if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) + if ( !current_user_can( 'delete_post', $post_id ) ) wp_die( __('You are not allowed to delete this item.') ); if ( $post_del->post_type == 'attachment' ) { diff --git a/wp-admin/includes/class-wp-posts-list-table.php b/wp-admin/includes/class-wp-posts-list-table.php index 74d253d34124..f6ab106b0d08 100644 --- a/wp-admin/includes/class-wp-posts-list-table.php +++ b/wp-admin/includes/class-wp-posts-list-table.php @@ -480,7 +480,7 @@ function single_row( $post, $level = 0 ) { $edit_link = get_edit_post_link( $post->ID ); $title = _draft_or_post_title(); $post_type_object = get_post_type_object( $post->post_type ); - $can_edit_post = current_user_can( $post_type_object->cap->edit_post, $post->ID ); + $can_edit_post = current_user_can( 'edit_post', $post->ID ); $alternate = 'alternate' == $alternate ? '' : 'alternate'; $classes = $alternate . ' iedit author-' . ( get_current_user_id() == $post->post_author ? 'self' : 'other' ); @@ -585,7 +585,7 @@ function single_row( $post, $level = 0 ) { $actions['edit'] = '' . __( 'Edit' ) . ''; $actions['inline hide-if-no-js'] = '' . __( 'Quick Edit' ) . ''; } - if ( current_user_can( $post_type_object->cap->delete_post, $post->ID ) ) { + if ( current_user_can( 'delete_post', $post->ID ) ) { if ( 'trash' == $post->post_status ) $actions['untrash'] = "ID ) ), 'untrash-post_' . $post->ID ) . "'>" . __( 'Restore' ) . ""; elseif ( EMPTY_TRASH_DAYS ) diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index 54e2eb7e930e..c725ec313096 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -496,9 +496,8 @@ function media_upload_form_handler() { if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) { $post = $_post = get_post($attachment_id, ARRAY_A); - $post_type_object = get_post_type_object( $post[ 'post_type' ] ); - if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) ) + if ( !current_user_can( 'edit_post', $attachment_id ) ) continue; if ( isset($attachment['post_content']) ) diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index da6dd4fd915f..6e53d4017c91 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -28,7 +28,7 @@ function _wp_translate_postdata( $update = false, $post_data = null ) { $ptype = get_post_type_object( $post_data['post_type'] ); - if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) { + if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) { if ( 'page' == $post_data['post_type'] ) return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) ); else @@ -172,7 +172,7 @@ function edit_post( $post_data = null ) { $post_data['post_mime_type'] = $post->post_mime_type; $ptype = get_post_type_object($post_data['post_type']); - if ( !current_user_can( $ptype->cap->edit_post, $post_ID ) ) { + if ( !current_user_can( 'edit_post', $post_ID ) ) { if ( 'page' == $post_data['post_type'] ) wp_die( __('You are not allowed to edit this page.' )); else @@ -374,7 +374,7 @@ function bulk_edit_posts( $post_data = null ) { foreach ( $post_IDs as $post_ID ) { $post_type_object = get_post_type_object( get_post_type( $post_ID ) ); - if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) { + if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( 'edit_post', $post_ID ) ) { $skipped[] = $post_ID; continue; } diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index 9b2128e25712..ab4f2af89a14 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -240,7 +240,7 @@ function wp_link_category_checklist( $link_id = 0 ) { */ function get_inline_data($post) { $post_type_object = get_post_type_object($post->post_type); - if ( ! current_user_can($post_type_object->cap->edit_post, $post->ID) ) + if ( ! current_user_can( 'edit_post', $post->ID ) ) return; $title = esc_textarea( trim( $post->post_title ) ); diff --git a/wp-admin/post.php b/wp-admin/post.php index 01d46100093c..eab89e6b09e6 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -139,7 +139,7 @@ function redirect_post($post_id = '') { if ( ! $post_type_object ) wp_die( __( 'Unknown post type.' ) ); - if ( ! current_user_can( $post_type_object->cap->edit_post, $post_id ) ) + if ( ! current_user_can( 'edit_post', $post_id ) ) wp_die( __( 'You are not allowed to edit this item.' ) ); if ( 'trash' == $post->post_status ) @@ -235,7 +235,7 @@ function redirect_post($post_id = '') { if ( ! $post_type_object ) wp_die( __( 'Unknown post type.' ) ); - if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) ) + if ( ! current_user_can( 'delete_post', $post_id ) ) wp_die( __( 'You are not allowed to move this item to the Trash.' ) ); if ( $user_id = wp_check_post_lock( $post_id ) ) { @@ -259,7 +259,7 @@ function redirect_post($post_id = '') { if ( ! $post_type_object ) wp_die( __( 'Unknown post type.' ) ); - if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) ) + if ( ! current_user_can( 'delete_post', $post_id ) ) wp_die( __( 'You are not allowed to move this item out of the Trash.' ) ); if ( ! wp_untrash_post( $post_id ) ) @@ -278,7 +278,7 @@ function redirect_post($post_id = '') { if ( ! $post_type_object ) wp_die( __( 'Unknown post type.' ) ); - if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) ) + if ( ! current_user_can( 'delete_post', $post_id ) ) wp_die( __( 'You are not allowed to delete this item.' ) ); $force = ! EMPTY_TRASH_DAYS; diff --git a/wp-includes/admin-bar.php b/wp-includes/admin-bar.php index 109db6c64c24..756fc1260954 100644 --- a/wp-includes/admin-bar.php +++ b/wp-includes/admin-bar.php @@ -429,7 +429,7 @@ function wp_admin_bar_edit_menu( $wp_admin_bar ) { if ( 'post' == $current_screen->base && 'add' != $current_screen->action && ( $post_type_object = get_post_type_object( $post->post_type ) ) - && current_user_can( $post_type_object->cap->read_post, $post->ID ) + && current_user_can( 'read_post', $post->ID ) && ( $post_type_object->public ) && ( $post_type_object->show_in_admin_bar ) ) { @@ -457,7 +457,7 @@ function wp_admin_bar_edit_menu( $wp_admin_bar ) { if ( ! empty( $current_object->post_type ) && ( $post_type_object = get_post_type_object( $current_object->post_type ) ) - && current_user_can( $post_type_object->cap->edit_post, $current_object->ID ) + && current_user_can( 'edit_post', $current_object->ID ) && $post_type_object->show_ui && $post_type_object->show_in_admin_bar ) { $wp_admin_bar->add_menu( array( diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php index 2f5cd137e4f2..c3bb58f627a7 100644 --- a/wp-includes/capabilities.php +++ b/wp-includes/capabilities.php @@ -1162,8 +1162,7 @@ function map_meta_cap( $cap, $user_id ) { case 'delete_post_meta': case 'add_post_meta': $post = get_post( $args[0] ); - $post_type_object = get_post_type_object( $post->post_type ); - $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID ); + $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false; @@ -1178,9 +1177,7 @@ function map_meta_cap( $cap, $user_id ) { case 'edit_comment': $comment = get_comment( $args[0] ); $post = get_post( $comment->comment_post_ID ); - $post_type_object = get_post_type_object( $post->post_type ); - - $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID ); + $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); break; case 'unfiltered_upload': if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) ) diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php index 74b26f3b0eb5..0e7507afa468 100644 --- a/wp-includes/class-wp-xmlrpc-server.php +++ b/wp-includes/class-wp-xmlrpc-server.php @@ -1017,7 +1017,7 @@ protected function _insert_post( $user, $content_struct ) { if ( $update ) { if ( ! get_post( $post_data['ID'] ) ) return new IXR_Error( 401, __( 'Invalid post ID.' ) ); - if ( ! current_user_can( $post_type->cap->edit_post, $post_data['ID'] ) ) + if ( ! current_user_can( 'edit_post', $post_data['ID'] ) ) return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); if ( $post_data['post_type'] != get_post_type( $post_data['ID'] ) ) return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); @@ -1327,8 +1327,7 @@ function wp_deletePost( $args ) { if ( empty( $post['ID'] ) ) return new IXR_Error( 404, __( 'Invalid post ID.' ) ); - $post_type = get_post_type_object( $post['post_type'] ); - if ( ! current_user_can( $post_type->cap->delete_post, $post_id ) ) + if ( ! current_user_can( 'delete_post', $post_id ) ) return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) ); $result = wp_delete_post( $post_id ); @@ -1409,8 +1408,7 @@ function wp_getPost( $args ) { if ( empty( $post['ID'] ) ) return new IXR_Error( 404, __( 'Invalid post ID.' ) ); - $post_type = get_post_type_object( $post['post_type'] ); - if ( ! current_user_can( $post_type->cap->edit_post, $post_id ) ) + if ( ! current_user_can( 'edit_post', $post_id ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit this post.' ) ); return $this->_prepare_post( $post, $fields ); @@ -1505,8 +1503,7 @@ function wp_getPosts( $args ) { $struct = array(); foreach ( $posts_list as $post ) { - $post_type = get_post_type_object( $post['post_type'] ); - if ( ! current_user_can( $post_type->cap->edit_post, $post['ID'] ) ) + if ( ! current_user_can( 'edit_post', $post['ID'] ) ) continue; $struct[] = $this->_prepare_post( $post, $fields ); diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php index a7e09b2477fd..16af6271ce68 100644 --- a/wp-includes/link-template.php +++ b/wp-includes/link-template.php @@ -906,7 +906,7 @@ function get_edit_post_link( $id = 0, $context = 'display' ) { if ( !$post_type_object ) return; - if ( !current_user_can( $post_type_object->cap->edit_post, $post->ID ) ) + if ( !current_user_can( 'edit_post', $post->ID ) ) return; return apply_filters( 'get_edit_post_link', admin_url( sprintf($post_type_object->_edit_link . $action, $post->ID) ), $post->ID, $context ); @@ -960,7 +960,7 @@ function get_delete_post_link( $id = 0, $deprecated = '', $force_delete = false if ( !$post_type_object ) return; - if ( !current_user_can( $post_type_object->cap->delete_post, $post->ID ) ) + if ( !current_user_can( 'delete_post', $post->ID ) ) return; $action = ( $force_delete || !EMPTY_TRASH_DAYS ) ? 'delete' : 'trash'; diff --git a/wp-includes/query.php b/wp-includes/query.php index 6ba10c4f73ed..c17dd5eb9e8c 100644 --- a/wp-includes/query.php +++ b/wp-includes/query.php @@ -2440,14 +2440,13 @@ function get_posts() { $post_type_object = get_post_type_object ( 'post' ); } + $edit_cap = 'edit_post'; + $read_cap = 'read_post'; + if ( ! empty( $post_type_object ) ) { - $edit_cap = $post_type_object->cap->edit_post; - $read_cap = $post_type_object->cap->read_post; $edit_others_cap = $post_type_object->cap->edit_others_posts; $read_private_cap = $post_type_object->cap->read_private_posts; } else { - $edit_cap = 'edit_' . $post_type_cap; - $read_cap = 'read_' . $post_type_cap; $edit_others_cap = 'edit_others_' . $post_type_cap . 's'; $read_private_cap = 'read_private_' . $post_type_cap . 's'; }