Make read_post more useful. Map read_post to edit_post for posts with protected post states. This makes read_post work naturally for draft, future, and pending posts belonging to other users. If the current user cannot edit these non-public posts then the user should not be able to read them either.

git-svn-id: https://develop.svn.wordpress.org/trunk@21046 602fd350-edb4-49c9-b593-d223f7449a82
2012-06-10 16:21:44 +00:00 · 2012-06-10 16:21:44 +00:00 · e61ac6e607
commit e61ac6e607
parent 9d6698e9a6
1 changed files with 5 additions and 2 deletions
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@ -1076,7 +1076,8 @@ function map_meta_cap( $cap, $user_id ) {
 			break;
 		}

-		if ( 'private' != $post->post_status ) {
+		$status_obj = get_post_status_object( $post->post_status );
+		if ( $status_obj->public ) {
 			$caps[] = $post_type->cap->read;
 			break;
 		}
@ -1090,8 +1091,10 @@ function map_meta_cap( $cap, $user_id ) {

 		if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID )
 			$caps[] = $post_type->cap->read;
-		else
+		elseif ( $status_obj->private )
 			$caps[] = $post_type->cap->read_private_posts;
+		else
+			$caps[] = map_meta_cap( 'edit_post', $user_id, $post->ID );
 		break;
 	case 'edit_post_meta':
 	case 'delete_post_meta':