- // The post_type defaults to post, but could also be page.
- $post_type = "post";
- if(
- !empty($content_struct["post_type"])
- && ($content_struct["post_type"] == "page")
- ) {
- $post_type = "page";
+ $cap = ( $publish ) ? 'publish_posts' : 'edit_posts';
+ $error_message = __( 'Sorry, you are not allowed to publish posts on this blog.' );
+ $post_type = 'post';
+ if( !empty( $content_struct['post_type'] ) ) {
+ if( $content_struct['post_type'] == 'page' ) {
+ $cap = ( $publish ) ? 'publish_pages' : 'edit_pages';
+ $error_message = __( 'Sorry, you are not allowed to publish pages on this blog.' );
+ $post_type = 'page';
+ }
+ elseif( $content_type['post_type'] == 'post' ) {
+ // This is the default, no changes needed
+ }
+ else {
+ // No other post_type values are allowed here
+ return new IXR_Error( 401, __( 'Invalid post type.' ) );
+ }
+ }
+
+ if( !current_user_can( $cap ) ) {
+ return new IXR_Error( 401, $error_message );