From 1d2af63ae8d0cc81033e186c04e3480c834c3123 Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Wed, 7 Sep 2005 00:20:04 +0000 Subject: [PATCH] Capability updates for xmlrpc. git-svn-id: https://develop.svn.wordpress.org/trunk@2846 602fd350-edb4-49c9-b593-d223f7449a82 --- xmlrpc.php | 44 ++++++++++++++++++-------------------------- 1 file changed, 18 insertions(+), 26 deletions(-) diff --git a/xmlrpc.php b/xmlrpc.php index 35af5ff4b0..b1f230dc3d 100644 --- a/xmlrpc.php +++ b/xmlrpc.php @@ -366,15 +366,16 @@ class wp_xmlrpc_server extends IXR_Server { if (!$this->login_pass_ok($user_login, $user_pass)) { return $this->error; } + + $cap = ($publish) ? 'publish_posts' : 'edit_posts'; - $user_data = get_userdatabylogin($user_login); - if (!user_can_create_post($user_data->ID, $blog_ID)) { + $user = new WP_User($user_login); + if ( !$user->has_cap($cap) ) return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.'); - } $post_status = ($publish) ? 'publish' : 'draft'; - $post_author = $user_data->ID; + $post_author = $user->ID; $post_title = xmlrpc_getposttitle($content); $post_category = xmlrpc_getpostcategory($content); @@ -424,12 +425,9 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape($actual_post); - $post_author_data = get_userdata($actual_post['post_author']); - $user_data = get_userdatabylogin($user_login); - - if (!user_can_edit_post($user_data->ID, $post_ID)) { + $user = new WP_User($user_login); + if ( !$user->has_cap('edit_post', $post_ID) ) return new IXR_Error(401, 'Sorry, you do not have the right to edit this post.'); - } extract($actual_post); @@ -475,11 +473,9 @@ class wp_xmlrpc_server extends IXR_Server { return new IXR_Error(404, 'Sorry, no such post.'); } - $user_data = get_userdatabylogin($user_login); - - if (!user_can_delete_post($user_data->ID, $post_ID)) { + $user = new WP_User($user_login); + if ( !$user->has_cap('edit_post', $post_ID) ) return new IXR_Error(401, 'Sorry, you do not have the right to delete this post.'); - } $result = wp_delete_post($post_ID); @@ -513,12 +509,11 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - $user_data = get_userdatabylogin($user_login); - if (!user_can_create_post($user_data->ID, $blog_ID)) { + $user = new WP_User($user_login); + if ( !$user->has_cap('publish_posts', $post_ID) ) return new IXR_Error(401, 'Sorry, you can not post on this weblog or category.'); - } - $post_author = $user_data->ID; + $post_author = $user->ID; $post_title = $content_struct['title']; $post_content = apply_filters( 'content_save_pre', $content_struct['description'] ); @@ -594,10 +589,9 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - $user_data = get_userdatabylogin($user_login); - if (!user_can_edit_post($user_data->ID, $post_ID)) { + $user = new WP_User($user_login); + if ( !$user->has_cap('edit_post', $post_ID) ) return new IXR_Error(401, 'Sorry, you can not edit this post.'); - } $postdata = wp_get_single_post($post_ID, ARRAY_A); extract($postdata); @@ -1014,10 +1008,9 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - $user_data = get_userdatabylogin($user_login); - if (!user_can_edit_post($user_data->ID, $post_ID)) { + $user = new WP_User($user_login); + if ( !$user->has_cap('edit_post', $post_ID) ) return new IXR_Error(401, 'Sorry, you can not edit this post.'); - } foreach($categories as $cat) { $catids[] = $cat['categoryId']; @@ -1097,10 +1090,9 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - $user_data = get_userdatabylogin($user_login); - if (!user_can_edit_post($user_data->ID, $post_ID)) { + $user = new WP_User($user_login); + if ( !$user->has_cap('edit_post', $post_ID) ) return new IXR_Error(401, 'Sorry, you can not edit this post.'); - } $postdata = wp_get_single_post($post_ID,ARRAY_A);