Browse files

better permission checks

  • Loading branch information...
1 parent 17b6e85 commit 1b5aab2c90131baffc20ae6222e79d48c8896cb5 @benbalter committed Sep 10, 2011
Showing with 9 additions and 9 deletions.
  1. +9 −9 state-permissions.php
View
18 state-permissions.php
@@ -20,9 +20,9 @@ class WPDR_State_Permissions {
function __construct() {
add_action( 'init', array( &$this, 'add_caps' ), 20 );
add_action( 'serve_document', array( &$this, 'serve_file_perm_check' ), 1, 1 );
- add_action( 'save_post', array( &$this, 'save_post_perm_check' ), 1, 1 );
+ add_action( 'pre_post_update', array( &$this, 'save_post_perm_check' ), 1, 1 );
add_action( 'admin_head', array( &$this, 'hide_upload_button') );
- add_filter( 'document_lock_check', array( &$this, 'edit_document_perm_check' ) );
+ add_filter( 'document_lock_check', array( &$this, 'edit_document_perm_check' ), 1, 2 );
}
/**
@@ -66,7 +66,7 @@ function add_caps() {
*/
function serve_file_perm_check( $postID ) {
- if ( !$this->check_permission( $postID ) )
+ if ( !$this->check_permission( $postID, 'read' ) )
wp_die( 'You do not have sufficient permissions to do that' );
}
@@ -81,7 +81,7 @@ function save_post_perm_check( $postID ) {
if ( $post->post_type != 'document' )
return;
- if ( !$this->check_permission( $postID ) )
+ if ( !$this->check_permission( $postID, 'edit' ) )
wp_die( 'You do not have sufficient permissions to do that' );
}
@@ -91,7 +91,7 @@ function save_post_perm_check( $postID ) {
*/
function edit_document_perm_check( $user, $post ) {
- if ( !$this->check_permission( $post->ID ) )
+ if ( !$this->check_permission( $post->ID, 'edit' ) )
return false;
return $user;
@@ -104,18 +104,18 @@ function edit_document_perm_check( $user, $post ) {
function hide_upload_button( ) {
global $post;
- if ( $post->post_type != 'document' )
+ if ( !$post || $post->post_type != 'document' )
return;
- if ( !$this->check_permission( $post->ID ) )
+ if ( !$this->check_permission( $post->ID, 'edit' ) )
echo "<style>#publish, #add_media, #lock-notice {display: none;}</style>";
}
/**
* Helper function to check permissions
*/
- function check_permission( $postID ) {
+ function check_permission( $postID, $action ) {
//get the terms in the taxonomy
$terms = wp_get_post_terms( $postID, $this->taxonomy );
@@ -125,7 +125,7 @@ function check_permission( $postID ) {
return true;
//check permission and die if necessary
- if ( !current_user_can( 'edit_documents_in_' . $terms[0]->slug ) )
+ if ( !current_user_can( $action . '_documents_in_' . $terms[0]->slug ) )
return false;
return true;

0 comments on commit 1b5aab2

Please sign in to comment.