Allow users 9+ to post as other users, minor advanced post reorg.

git-svn-id: https://develop.svn.wordpress.org/trunk@1861 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Matt Mullenweg 2004-11-18 19:40:36 +00:00
parent cc06069384
commit 0e36c1f615
4 changed files with 86 additions and 35 deletions

View File

@ -20,8 +20,8 @@ $form_pingback = '<input type="hidden" name="post_pingback" value="1" id="post_p
$form_prevstatus = '<input type="hidden" name="prev_status" value="'.$post_status.'" />';
$form_trackback = '<p><label for="trackback"><a href="http://wordpress.org/docs/reference/post/#trackback" title="' . __('Help on trackbacks') . '">' . __('<strong>TrackBack</strong> a <abbr title="Universal Resource Identifier">URI</abbr></a>') . '</label> ' . __('(Separate multiple <abbr title="Universal Resource Identifier">URI</abbr>s with spaces.)') . '<br />
<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $to_ping) .'" /></p>';
$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $to_ping) .'" />';
if ('' != $pinged) {
$pings .= '<p>'. __('Already pinged:') . '</p><ul>';
$already_pinged = explode("\n", trim($pinged));
@ -82,10 +82,6 @@ window.onload = focusit;
<?php _e('Allow Comments') ?></label>
<label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($ping_status, 'open'); ?> /> <?php _e('Allow Pings') ?></label>
</div>
</fieldset>
<fieldset id="slugdiv">
<legend><?php _e('Post Slug') ?></legend>
<div><input name="post_name" type="text" size="17" id="post_name" value="<?php echo $post_name ?>" /></div>
</fieldset>
<fieldset id="postpassworddiv">
<legend><a href="http://wordpress.org/docs/reference/post/#post_password" title="<?php _e('Help on post password') ?>"><?php _e('Post Password') ?></a></legend>
@ -118,7 +114,7 @@ edCanvas = document.getElementById('content');
<?php echo $form_pingback ?>
<?php echo $form_prevstatus ?>
<?php echo $form_trackback; ?>
<p class="submit"><?php echo $saveasdraft; ?> <input type="submit" name="submit" value="<?php _e('Save') ?>" style="font-weight: bold;" tabindex="6" />
<?php
@ -132,19 +128,58 @@ if ('publish' != $post_status || 0 == $post_ID) {
?>
<input name="referredby" type="hidden" id="referredby" value="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']); ?>" />
</p>
<?php
if ('' != $pinged) {
echo $pings;
}
// if the level is 5+, allow user to edit the timestamp - not on 'new post' screen though
// if (($user_level > 4) && ($action != "post"))
if ($user_level > 4) {
touch_time(($action == 'edit'));
}
?>
<?php do_action('edit_form_advanced', ''); ?>
</div>
</div>
<div class="wrap">
<h2><?php _e('Advanced'); ?></h2>
<table width="100%" cellspacing="2" cellpadding="5" class="editform">
<tr>
<th scope="row" valign="top"><?php _e('Send trackbacks to'); ?>:</th>
<td><?php echo $form_trackback; ?> <br />
<?php _e('Separate multiple URIs with spaces'); ?></td>
</tr>
<tr valign="top">
<th scope="row" width="25%"><?php _e('Post slug') ?>:</th>
<td><input name="post_name" type="text" size="25" id="post_name" value="<?php echo $post_name ?>" /></td>
</tr>
<?php if ($user_level > 7 && $users = $wpdb->get_results("SELECT ID, user_login, user_firstname, user_lastname FROM $wpdb->users WHERE user_level <= $user_level") ) : ?>
<tr>
<th scope="row"><?php _e('Post author'); ?>:</th>
<td>
<select name="post_author" id="post_author">
<?php
foreach ($users as $o) :
if ( $post_author == $o->ID ) $selected = 'selected="selected"';
else $selected = '';
echo "<option value='$o->ID' $selected>$o->user_login ($o->user_firstname $o->user_lastname)</option>";
endforeach;
?>
</select>
</td>
</tr>
<?php endif; ?>
<?php if ($user_level > 4) : ?>
<tr>
<th scope="row"><?php _e('Edit time'); ?>:</th>
<td><?php touch_time(($action == 'edit')); ?></td>
</tr>
<?php endif; ?>
<tr>
<th scope="row"><?php _e('Delete'); ?>:</th>
<td><?php if ('edit' == $action) : ?>
<input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($edited_post_title) ) . "')\""; ?> />
<?php endif; ?></td>
</tr>
</table>
<fieldset id="postcustom">
<legend><?php _e('Custom Fields') ?></legend>
<div id="postcustomstuff">
<?php
if($metadata = has_meta($post_ID)) {
?>
@ -155,11 +190,12 @@ if($metadata = has_meta($post_ID)) {
}
meta_form();
?>
</fieldset>
<?php do_action('edit_form_advanced', ''); ?>
</div>
</form>
<?php if ('edit' == $action) echo "
<p><a class='delete' href='post.php?action=delete&amp;post=$post_ID' onclick=\"return confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($edited_post_title)) . "')\">" . __('Delete this post') . "</a></p>";
</fieldset>
<?php
if ('' != $pinged)
echo $pings;
?>
</div>
</form>

View File

@ -82,9 +82,9 @@ edCanvas = document.getElementById('content');
<fieldset id="pageoptions">
<legend><?php _e('Page Options') ?></legend>
<table width="100%" cellspacing="2" cellpadding="5" class="editform">
<table width="100%" cellspacing="2" cellpadding="5" class="editform">
<tr valign="top">
<th scope="row"><?php _e('Page Template:') ?></th>
<th scope="row" width="30%"><?php _e('Page Template:') ?></th>
<td><div><select name="page_template">
<option value='default'><?php _e('Default Template'); ?></option>
<?php page_template_dropdown($page_template); ?>
@ -92,7 +92,7 @@ edCanvas = document.getElementById('content');
</div>
</td>
</tr>
</table>
</table>
</fieldset>
<?php do_action('edit_page_form', ''); ?>

View File

@ -190,6 +190,7 @@ case 'edit':
$pinged = $postdata->pinged;
$post_name = $postdata->post_name;
$post_parent = $postdata->post_parent;
$post_author = $postdata->post_author;
if ($post_status == 'static') {
$page_template = get_post_meta($post_ID, '_wp_page_template', true);
@ -222,9 +223,9 @@ case 'editpost':
}
$post_ID = $_POST['post_ID'];
if (!user_can_edit_post($user_ID, $post_ID, $blog_ID)) {
if (!user_can_edit_post($user_ID, $post_ID, $blog_ID))
die('You are not allowed to edit this post.');
}
$post_categories = $_POST['post_category'];
if (!$post_categories) $post_categories[] = 1;
$content = apply_filters('content_save_pre', $_POST['content']);
@ -234,6 +235,10 @@ case 'editpost':
$post_title = $_POST['post_title'];
$prev_status = $_POST['prev_status'];
$post_status = $_POST['post_status'];
$post_author = (int) $_POST['post_author'];
if ( !user_can_edit_user($user_ID, $post_author) )
die( __('You cannot post as this user.') );
$comment_status = $_POST['comment_status'];
if (empty($comment_status)) $comment_status = 'closed';
//if (!$_POST['comment_status']) $comment_status = get_settings('default_comment_status');
@ -313,6 +318,7 @@ case 'editpost':
post_status = '$post_status',
comment_status = '$comment_status',
ping_status = '$ping_status',
post_author = '$post_author',
post_password = '$post_password',
post_name = '$post_name',
to_ping = '$trackback',

View File

@ -379,6 +379,15 @@ function user_can_delete_post_comments($user_id, $post_id, $blog_id = 1) {
return user_can_edit_post_comments($user_id, $post_id, $blog_id);
}
function user_can_edit_user($user_id, $other_user) {
$user = get_userdata($user_id);
$other = get_userdata($other_user);
if ( $user->user_level > $other->user_level || $user->user_level > 8 || $user->ID == $other->ID )
return true;
else
return false;
}
function wp_new_comment($commentdata) {
global $wpdb;