- } else {
- $sql = '';
- }
-
- $sql .= "(post_status = 'publish'";
-
- // Only need to check the cap if $public_only is false.
- if ( false === $public_only ) {
- if ( current_user_can( $cap ) ) {
- // Does the user have the capability to view private posts? Guess so.
- $sql .= " OR post_status = 'private'";
- } elseif ( is_user_logged_in() ) {
- // Users can view their own private posts.
- $id = get_current_user_id();
- if ( null === $post_author || ! $full ) {
- $sql .= " OR post_status = 'private' AND post_author = $id";
- } elseif ( $id == (int) $post_author ) {
- $sql .= " OR post_status = 'private'";
+
+ /**
+ * Filter the capability to read private posts for a custom post type
+ * when generating SQL for getting posts by author.
+ *
+ * @since 2.2.0
+ * @deprecated 3.2.0 The hook transitioned from "somewhat useless" to "totally useless".
+ *
+ * @param string $cap Capability.
+ */
+ if ( ! $cap = apply_filters( 'pub_priv_sql_capability', '' ) ) {
+ $cap = current_user_can( $post_type_obj->cap->read_private_posts );
+ }
+
+ // Only need to check the cap if $public_only is false.
+ $post_status_sql = "post_status = 'publish'";
+ if ( false === $public_only ) {
+ if ( $cap ) {
+ // Does the user have the capability to view private posts? Guess so.
+ $post_status_sql .= " OR post_status = 'private'";
+ } elseif ( is_user_logged_in() ) {
+ // Users can view their own private posts.
+ $id = get_current_user_id();
+ if ( null === $post_author || ! $full ) {
+ $post_status_sql .= " OR post_status = 'private' AND post_author = $id";
+ } elseif ( $id == (int) $post_author ) {
+ $post_status_sql .= " OR post_status = 'private'";
+ } // else none