Check the publish_post cap when publishing an already existing post.

Props nprasath002 Fixes #20474 git-svn-id: https://develop.svn.wordpress.org/trunk@20568 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-23 21:54:30 +00:00 · 2012-04-23 21:54:30 +00:00 · 5b9e7c07ba
commit 5b9e7c07ba
parent 381942320a
1 changed files with 14 additions and 4 deletions
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@ -785,13 +785,23 @@ class wp_xmlrpc_server extends IXR_Server {
 			case 'pending':
 				break;
 			case 'private':
-				if ( ! current_user_can( $post_type->cap->publish_posts ) )
-					return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type' ));
+                if ( $update ) {
+					if ( ! current_user_can( $post_type->cap->publish_post, $post_data[ 'ID' ] ) )
+						return new IXR_Error( 401, __( 'Sorry, you are not allowed to set this post as private.' ) );
+				} else {
+					if ( ! current_user_can( $post_type->cap->publish_posts ) )
+						return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type' ));
+				}
 				break;
 			case 'publish':
 			case 'future':
-				if ( ! current_user_can( $post_type->cap->publish_posts ) )
-					return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type' ));
+				if ( $update ) {
+					if ( ! current_user_can( $post_type->cap->publish_post, $post_data[ 'ID' ] ) )
+						return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) );
+				} else {
+					if ( ! current_user_can( $post_type->cap->publish_posts ) )
+						return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type' ));
+				}
 				break;
 			default:
 				$post_data['post_status'] = 'draft';