Remove private posts from front page query. Aadd private posts and page caps. fixes #2613

git-svn-id: http://svn.automattic.com/wordpress/trunk@3772 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/upgrade-functions.php

@@ -173,7 +173,7 @@ function upgrade_all() {
 	if ( $wp_current_db_version < 3308 )
 		upgrade_160();
 
-	if ( $wp_current_db_version < 3672 )
+	if ( $wp_current_db_version < 3767 )
 		upgrade_210();
 
 	$wp_rewrite->flush_rules();
@@ -492,7 +492,7 @@ function upgrade_210() {
 		}
 	}
 
-	if ( $wp_current_db_version < 3513 ) {
+	if ( $wp_current_db_version < 3767 ) {
 		populate_roles_210();
 	}
 

wp-admin/upgrade-schema.php

@@ -352,6 +352,12 @@ function populate_roles_210() {
 		$role->add_cap('delete_posts');
 		$role->add_cap('delete_others_posts');
 		$role->add_cap('delete_published_posts');
+		$role->add_cap('delete_private_posts');
+		$role->add_cap('edit_private_posts');
+		$role->add_cap('read_private_posts');
+		$role->add_cap('delete_private_pages');
+		$role->add_cap('edit_private_pages');
+		$role->add_cap('read_private_pages');
 	}
 
 	$role = get_role('author');

wp-includes/capabilities.php

@@ -296,6 +296,8 @@ function map_meta_cap($cap, $user_id) {
 			// The post is published, extra cap required.
 			if ($post->post_status == 'publish')
 				$caps[] = 'delete_published_posts';
+			else if ($post->post_status == 'private')
+				$caps[] = 'delete_private_posts';
 		}
 		break;
 	case 'delete_page':
@@ -318,6 +320,8 @@ function map_meta_cap($cap, $user_id) {
 			// The page is published, extra cap required.
 			if ($page->post_status == 'publish')
 				$caps[] = 'delete_published_pages';
+			else if ($page->post_status == 'private')
+				$caps[] = 'delete_private_pages';
 		}
 		break;
 		// edit_post breaks down to edit_posts, edit_published_posts, or
@@ -346,6 +350,8 @@ function map_meta_cap($cap, $user_id) {
 			// The post is published, extra cap required.
 			if ($post->post_status == 'publish')
 				$caps[] = 'edit_published_posts';
+			else if ($post->post_status == 'private')
+				$caps[] = 'edit_private_posts';
 		}
 		break;
 	case 'edit_page':
@@ -368,6 +374,8 @@ function map_meta_cap($cap, $user_id) {
 			// The page is published, extra cap required.
 			if ($page->post_status == 'publish')
 				$caps[] = 'edit_published_pages';
+			else if ($page->post_status == 'private')
+				$caps[] = 'edit_private_pages';
 		}
 		break;
 	case 'read_post':

wp-includes/query.php

@@ -828,13 +828,23 @@ class WP_Query {
 		} else {
 			$where .= " AND (post_type = '$post_type' AND (post_status = 'publish'";
 
-			if ( is_admin() )
+			if ( is_admin() ) {
 				$where .= " OR post_status = 'future' OR post_status = 'draft'";
 	
-			if ( is_user_logged_in() )
-				$where .= " OR post_author = $user_ID AND post_status = 'private'))";
-			else
-				$where .= '))';
+				if ( is_user_logged_in() ) {
+					if ( 'post' == $post_type )
+						$cap = 'edit_private_posts';
+					else
+						$cap = 'edit_private_pages';
+
+					if ( current_user_can($cap) )
+						$where .= "OR post_status = 'private'";
+					else
+					$where .= " OR post_author = $user_ID AND post_status = 'private'";
+				}
+			}
+
+			$where .= '))';
 		}
 
 		// Apply filters on where and join prior to paging so that any

wp-includes/version.php

@@ -3,6 +3,6 @@
 // This just holds the version number, in a separate file so we can bump it without cluttering the SVN
 
 $wp_version = '2.1-alpha1';
-$wp_db_version = 3672;
+$wp_db_version = 3767;
 
 ?>