From 1a372ccc347bddfe19f7a63bc965fe971bb064e4 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Mon, 13 Oct 2008 17:30:45 +0000
Subject: [PATCH] Perform cap checks for favorite actions

git-svn-id: https://develop.svn.wordpress.org/trunk@9130 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/includes/template.php | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index b2991b3183..19deda1dd5 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -3003,15 +3003,31 @@ function the_post_password() {
  */
 function favorite_actions() {
 	$actions = array(
-		'page-new.php' => __('Add New Page'),
-		'edit-comments.php' => __('Manage Comments')
+		'post-new.php' => array(__('Add New Post'), 'edit_posts'),
+		'page-new.php' => array(__('Add New Page'), 'edit_pages'),
+		'edit-comments.php' => array(__('Manage Comments'), 'moderate_comments')
 		);
 
 	$actions = apply_filters('favorite_actions', $actions);
+
+	$allowed_actions = array();
+	foreach ( $actions as $action => $data ) {
+		if ( current_user_can($data[1]) )
+			$allowed_actions[$action] = $data[0];
+	}
+
+	if ( empty($allowed_actions) )
+		return;
+
+	$first = array_keys($allowed_actions);
+	$first = $first[0];
 	echo '<div id="favorite-actions">';
-	echo '<div id="favorite-first"><a href="post-new.php">' . __('Add New Post') . '</a></div>';
+	echo '<div id="favorite-first"><a href="$first">' . $allowed_actions[$first] . '</a></div>';
 	echo '<div id="favorite-action">';
-	foreach ( $actions as $action => $label) {
+
+	array_shift($allowed_actions);
+
+	foreach ( $allowed_actions as $action => $label) {
 		echo "<div class='favorite-action'><a href='$action'>";
 		echo $label;
 		echo "</a></div>\n";