WordPress.org

Ready to get started?Download WordPress

Forums

Private posts' categories not displayed (1 post)

  1. makkes
    Member
    Posted 6 years ago #

    Hi,

    following initual situation:

    I've setup a blog for some friends of mine. Everyone has a account with the author role associated. Since they'd like to discuss things in their blog posts which aren't meant to be read by the public I've advised them to mark such posts as "private". I've also changed the author role so that an author can read private posts from others (using the "Role Manager" plugin) so they can share their thoughts internally but not in public.

    Everyone could be happy, if, oh, if the following problem didn't occur.

    the problem:

    I've added some widgets to the sidebar (using the default theme btw) including the calendar, tag cloud and category list. But if someone writes a private post in some category and perhaps adds some tags to it, neither the tag cloud nor the category list nor the calendar take notice from it, even when I'm logged in as author and have the right to read private posts. The problem arises from the fact, that the access rights of the current user are not checked properly. Let me give an example in the next section.

    the problem in detail:

    an example for this messy situation: wp-includes/category-template.php defines a function called wp_tag_cloud() which is called when the tag cloud widget is being displayed. This function again calls get_tags() from wp-includes/category.php and this little function delegates to wp-includes/taxonomy.php. And there is the rub.

    get_terms() fetches all categories from the "$wpdb->terms" table joined with the "$wpdb->term_taxonomy" table. get_terms() relies per default on the "count" column from term_taxonomy to see if a term is being used by a post/page or not. But: the term_taxonomy table's count column has a 0 in it if a term is only used in private posts. This is very odd behaviour since - as explained above - there can be situations in which other users are allowed to see private posts and then e.g. also want to see the associated tags in the tag cloud.

    the workaround:

    I've worked around this ugly situation by inserting the following piece of code into the wp_tag_cloud() function:

    if(current_user_can("read_private_posts")) {
              $tags = get_tags( array_merge($args, array('hide_empty' => 0, 'orderby' => 'count', 'order
    ' => 'DESC')) ); // Always query top tags
      } else {
            $tags = get_tags( array_merge($args, array('orderby' => 'count', 'order' => 'DESC')) ); // A
    lways query top tags
      }

    Of course this doesn't really solve the problem since now the user sees every tag and every category even if there is no actual post associated with it. But at least he now sees tags and categories from posts he actually is allowed to see.

    What do you think is the best solution to this problem? Does the taxonomy semantics have to be adapted to the kinda complex permission system in WP?

    Cheers!
    Max

Topic Closed

This topic has been closed to new replies.

About this Topic