From 16c4e7b986f5aeb10929e0744a863432f804b563 Mon Sep 17 00:00:00 2001 From: ryan Date: Fri, 2 Feb 2007 07:43:59 +0000 Subject: [PATCH] More XMLRPC updates from Joseph Scott. git-svn-id: http://svn.automattic.com/wordpress/trunk@4862 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/user.php | 4 ++-- xmlrpc.php | 45 +++++++++++++++++++++++++++++++++++++++----- 2 files changed, 42 insertions(+), 7 deletions(-) diff --git a/wp-includes/user.php b/wp-includes/user.php index 277e9c178b..bada06afdd 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -56,7 +56,7 @@ function get_users_of_blog( $id = '' ) { global $wpdb, $blog_id; if ( empty($id) ) $id = $blog_id; - $users = $wpdb->get_results( "SELECT user_id, user_login, user_email, meta_value FROM $wpdb->users, $wpdb->usermeta WHERE " . $wpdb->users . ".ID = " . $wpdb->usermeta . ".user_id AND meta_key = '" . $wpdb->prefix . "_capabilities' ORDER BY {$wpdb->usermeta}.user_id" ); + $users = $wpdb->get_results( "SELECT user_id, user_login, display_name, user_email, meta_value FROM $wpdb->users, $wpdb->usermeta WHERE " . $wpdb->users . ".ID = " . $wpdb->usermeta . ".user_id AND meta_key = '" . $wpdb->prefix . "capabilities' ORDER BY {$wpdb->usermeta}.user_id" ); return $users; } @@ -178,4 +178,4 @@ function setup_userdata($user_id = '') { $user_identity = $user->display_name; } -?> \ No newline at end of file +?> diff --git a/xmlrpc.php b/xmlrpc.php index 7036d6ab9d..90ddc95632 100644 --- a/xmlrpc.php +++ b/xmlrpc.php @@ -227,7 +227,8 @@ class wp_xmlrpc_server extends IXR_Server { "wp_page_parent_id" => $page->post_parent, "wp_page_parent_title" => $parent_title, "wp_page_order" => $page->menu_order, - "wp_author_username" => $author->user_login + "wp_author_id" => $author->ID, + "wp_author_display_username" => $author->display_name ); return($page_struct); @@ -947,6 +948,23 @@ class wp_xmlrpc_server extends IXR_Server { // If an author id was provided then use it instead. if(!empty($content_struct["wp_author_id"])) { + switch($post_type) { + case "post": + if(!current_user_can("edit_others_posts")) { + return(new IXR_Error(401, "You are not allowed to " . + "post as this user")); + } + break; + case "page": + if(!current_user_can("edit_others_pages")) { + return(new IXR_Error(401, "You are not allowed to " . + "create pages as this user")); + } + break; + default: + return(new IXR_Error(401, "Invalid post type.")); + break; + } $post_author = $content_struct["wp_author_id"]; } @@ -1079,6 +1097,23 @@ class wp_xmlrpc_server extends IXR_Server { // Only set the post_author if one is set. if(!empty($content_struct["wp_author_id"])) { + switch($post_type) { + case "post": + if(!current_user_can("edit_others_posts")) { + return(new IXR_Error(401, "You are not allowed to " . + "change the post author as this user.")); + } + break; + case "page": + if(!current_user_can("edit_others_pages")) { + return(new IXR_Error(401, "You are not allowed to " . + "change the page author as this user.")); + } + break; + default: + return(new IXR_Error(401, "Invalid post type.")); + break; + } $post_author = $content_struct["wp_author_id"]; } @@ -1199,8 +1234,8 @@ class wp_xmlrpc_server extends IXR_Server { 'mt_allow_pings' => $allow_pings, 'wp_slug' => $postdata['post_name'], 'wp_password' => $postdata['post_password'], - 'wp_author' => $author->display_name, - 'wp_author_username' => $author->user_login + 'wp_author_id' => $author->ID, + 'wp_author_display_name' => $author->display_name ); return $resp; @@ -1266,8 +1301,8 @@ class wp_xmlrpc_server extends IXR_Server { 'mt_allow_pings' => $allow_pings, 'wp_slug' => $entry['post_name'], 'wp_password' => $entry['post_password'], - 'wp_author' => $author->display_name, - 'wp_author_username' => $author->user_login + 'wp_author_id' => $author->ID, + 'wp_author_display_name' => $author->display_name ); }