From e54d8a34c2741d293897ab178fe2032a9d86e52a Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sat, 9 Apr 2005 17:12:36 +0000
Subject: [PATCH] Remove old preview stuff.  Allow draft posts to be displayed
 if the logged in user has edit permissions on the draft.  Don't use
 cruft-free links for drafts since they might not have a slug.
 http://mosquito.wordpress.org/view.php?id=1220

git-svn-id: http://svn.automattic.com/wordpress/trunk@2523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-blog-header.php                       |  3 +-
 wp-includes/classes.php                  | 40 +++++++++++++++---------
 wp-includes/functions-post.php           |  6 ++--
 wp-includes/functions.php                | 21 +++----------
 wp-includes/template-functions-links.php |  2 +-
 5 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/wp-blog-header.php b/wp-blog-header.php
index cd53ce9cf3..f34d6835bb 100644
--- a/wp-blog-header.php
+++ b/wp-blog-header.php
@@ -85,7 +85,7 @@ if ((isset($_GET['error']) && $_GET['error'] == '404') ||
 	}
  }
 
-$wpvarstoreset = array('m','p','posts','w', 'cat','withcomments','s','search','exact', 'sentence','preview','debug', 'calendar','page','paged','more','tb', 'pb','author','order','orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup');
+$wpvarstoreset = array('m','p','posts','w', 'cat','withcomments','s','search','exact', 'sentence', 'debug', 'calendar','page','paged','more','tb', 'pb','author','order','orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup');
 
 $wpvarstoreset = apply_filters('query_vars', $wpvarstoreset);
 
@@ -167,6 +167,7 @@ foreach (array_merge($wpvarstoreset, $more_wpvars) as $wpvar) {
 $query_string = apply_filters('query_string', $query_string);
 
 update_category_cache();
+get_currentuserinfo();
 
 // Call query posts to do the work.
 $posts = & query_posts($query_string);
diff --git a/wp-includes/classes.php b/wp-includes/classes.php
index 125d43868a..fa8bffc2d0 100644
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -493,16 +493,17 @@ class WP_Query {
 		}
 
 		if ($this->is_page) {
-			$where .= ' AND (post_status = "static"';
+			$where .= ' AND (post_status = "static")';
+		} elseif ($this->is_single) {
+			$where .= ' AND (post_status != "static")';
 		} else {
 			$where .= ' AND (post_status = "publish"';
-		}
 
-		// Get private posts
-		if (isset($user_ID) && ('' != intval($user_ID)))
-			$where .= " OR post_author = $user_ID AND post_status != 'draft' AND post_status != 'static')";
-		else
-			$where .= ')';
+			if (isset($user_ID) && ('' != intval($user_ID)))
+				$where .= " OR post_author = $user_ID AND post_status != 'draft' AND post_status != 'static')";
+			else
+				$where .= ')';				
+		}
 
 		// Apply filters on where and join prior to paging so that any
 		// manipulations to them are reflected in the paging by day queries.
@@ -543,16 +544,27 @@ class WP_Query {
 		$orderby = apply_filters('posts_orderby', $orderby); 
 		$request = " SELECT $distinct * FROM $wpdb->posts $join WHERE 1=1".$where." ORDER BY " . $orderby . " $limits";
 
-		if ($q['preview']) {
-			$request = 'SELECT 1-1'; // dummy mysql query for the preview
-			// little funky fix for IEwin, rawk on that code
-			$is_winIE = ((preg_match('/MSIE/',$HTTP_USER_AGENT)) && (preg_match('/Win/',$HTTP_USER_AGENT)));
-			if (($is_winIE) && (!isset($IEWin_bookmarklet_fix))) {
-				$preview_content =  preg_replace('/\%u([0-9A-F]{4,4})/e',  "'&#'.base_convert('\\1',16,10).';'", $preview_content);
+		$this->posts = $wpdb->get_results($request);
+
+		// Check post status to determine if post should be displayed.
+		if ($this->is_single) {
+			if ('publish' != $this->posts[0]->post_status) {
+				if ( ! (isset($user_ID) && ('' != intval($user_ID))) ) {
+					// User must be logged in to view unpublished posts.
+					$this->posts = array();
+				} else {
+					if ('draft' == $this->posts[0]->post_status) {
+						// User must have edit permissions on the draft to preview.
+						if (! user_can_edit_post($user_ID, $this->posts[0]->ID))
+							$this->posts = array();
+					} elseif ('private' == $this->posts[0]->post_status) {
+						if ($this->posts[0]->post_author != $user_ID)
+							$this->posts = array();
+					}
+				}
 			}
 		}
 
-		$this->posts = $wpdb->get_results($request);
 		$this->posts = apply_filters('the_posts', $this->posts);
 		$this->post_count = count($this->posts);
 		if ($this->post_count > 0) {
diff --git a/wp-includes/functions-post.php b/wp-includes/functions-post.php
index b7fdd3d7ac..2e5f7d6c67 100644
--- a/wp-includes/functions-post.php
+++ b/wp-includes/functions-post.php
@@ -351,10 +351,10 @@ function user_can_create_draft($user_id, $blog_id = 1, $category_id = 'None') {
 /* returns true if $user_id can edit $post_id */
 function user_can_edit_post($user_id, $post_id, $blog_id = 1) {
 	$author_data = get_userdata($user_id);
-	$post_data   = get_postdata($post_id);
-	$post_author_data = get_userdata($post_data['Author_ID']);
+	$post = get_post($post_id);
+	$post_author_data = get_userdata($post->post_author);
 
-	if ( (($user_id == $post_author_data->ID) && !($post_data['post_status'] == 'publish' &&  $author_data->user_level < 2))
+	if ( (($user_id == $post_author_data->ID) && !($post->post_status == 'publish' &&  $author_data->user_level < 2))
 	     || ($author_data->user_level > $post_author_data->user_level)
 	     || ($author_data->user_level >= 10) ) {
 		return true;
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index 0cfc9caec6..17eddf3f0c 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -856,24 +856,11 @@ function start_wp() {
 
 // Setup global post data.
 function setup_postdata($post) {
-  global $id, $postdata, $authordata, $day, $preview, $page, $pages, $multipage, $more, $numpages, $wp_query;
+  global $id, $postdata, $authordata, $day, $page, $pages, $multipage, $more, $numpages, $wp_query;
 	global $pagenow;
 
-	if (!$preview) {
-		$id = $post->ID;
-	} else {
-		$id = 0;
-		$postdata = array (
-			'ID' => 0,
-			'Author_ID' => $_GET['preview_userid'],
-			'Date' => $_GET['preview_date'],
-			'Content' => $_GET['preview_content'],
-			'Excerpt' => $_GET['preview_excerpt'],
-			'Title' => $_GET['preview_title'],
-			'Category' => $_GET['preview_category'],
-			'Notify' => 1
-			);
-	}
+	$id = $post->ID;
+
 	$authordata = get_userdata($post->post_author);
 
 	$day = mysql2date('d.m.y', $post->post_date);
@@ -1158,7 +1145,7 @@ function update_post_caches(&$posts) {
 	$comment_counts = $wpdb->get_results("SELECT ID, COUNT( comment_ID ) AS ccount
 	FROM $wpdb->posts
 	LEFT JOIN $wpdb->comments ON ( comment_post_ID = ID  AND comment_approved =  '1')
-	WHERE post_status =  'publish' AND ID IN ($post_id_list)
+	WHERE ID IN ($post_id_list)
 	GROUP BY ID");
 	
 	if ($comment_counts) {
diff --git a/wp-includes/template-functions-links.php b/wp-includes/template-functions-links.php
index 9eec371563..d25a064c8a 100644
--- a/wp-includes/template-functions-links.php
+++ b/wp-includes/template-functions-links.php
@@ -44,7 +44,7 @@ function get_permalink($id = 0) {
 
 	$permalink = get_settings('permalink_structure');
 
-	if ('' != $permalink) {
+	if ('' != $permalink && 'draft' != $post->post_status) {
 		$unixtime = strtotime($post->post_date);
 
 		$category = '';