Retrieves the post SQL based on capability, author, and type.
Description
See also
Parameters
$post_type
string|string[]required- Single post type or an array of post types.
$full
booloptional- Returns a full WHERE statement instead of just an
'andalso'
term.Default:
true
$post_author
intoptional- Query posts having a single author ID.
Default:
null
$public_only
booloptional- Only return public posts. Skips cap checks for $current_user.
Default:
false
Source
function get_posts_by_author_sql( $post_type, $full = true, $post_author = null, $public_only = false ) {
global $wpdb;
if ( is_array( $post_type ) ) {
$post_types = $post_type;
} else {
$post_types = array( $post_type );
}
$post_type_clauses = array();
foreach ( $post_types as $post_type ) {
$post_type_obj = get_post_type_object( $post_type );
if ( ! $post_type_obj ) {
continue;
}
/**
* Filters the capability to read private posts for a custom post type
* when generating SQL for getting posts by author.
*
* @since 2.2.0
* @deprecated 3.2.0 The hook transitioned from "somewhat useless" to "totally useless".
*
* @param string $cap Capability.
*/
$cap = apply_filters_deprecated( 'pub_priv_sql_capability', array( '' ), '3.2.0' );
if ( ! $cap ) {
$cap = current_user_can( $post_type_obj->cap->read_private_posts );
}
// Only need to check the cap if $public_only is false.
$post_status_sql = "post_status = 'publish'";
if ( false === $public_only ) {
if ( $cap ) {
// Does the user have the capability to view private posts? Guess so.
$post_status_sql .= " OR post_status = 'private'";
} elseif ( is_user_logged_in() ) {
// Users can view their own private posts.
$id = get_current_user_id();
if ( null === $post_author || ! $full ) {
$post_status_sql .= " OR post_status = 'private' AND post_author = $id";
} elseif ( $id == (int) $post_author ) {
$post_status_sql .= " OR post_status = 'private'";
} // Else none.
} // Else none.
}
$post_type_clauses[] = "( post_type = '" . $post_type . "' AND ( $post_status_sql ) )";
}
if ( empty( $post_type_clauses ) ) {
return $full ? 'WHERE 1 = 0' : '1 = 0';
}
$sql = '( ' . implode( ' OR ', $post_type_clauses ) . ' )';
if ( null !== $post_author ) {
$sql .= $wpdb->prepare( ' AND post_author = %d', $post_author );
}
if ( $full ) {
$sql = 'WHERE ' . $sql;
}
return $sql;
}
Hooks
- apply_filters_deprecated( ‘pub_priv_sql_capability’,
string $cap ) Filters the capability to read private posts for a custom post type when generating SQL for getting posts by author.
the full option set to false currently doesn’t return the post filter as you would expect
see this patch and test for more info
https://core.trac.wordpress.org/ticket/30354
Example