From 7d116a2ae424bc78460867b9dcc831279f543883 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Fri, 14 Nov 2008 18:23:48 +0000
Subject: [PATCH] Check caps when showing media edit and delete links. fixes
 #8117

git-svn-id: https://develop.svn.wordpress.org/trunk@9686 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/upload.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index 2190c138d4..e52bab8771 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -337,10 +337,13 @@ foreach ($arc_result as $arc_row) {
 		<p>
 		<?php
 		$actions = array();
-		$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
-		$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
+		if ( current_user_can('edit_post', $post->ID) )
+			$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
+		if ( current_user_can('delete_post', $post->ID) )
+			$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
 		$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
-		$actions['attach'] = '<a href="#the-list" onclick="findPosts.open(\'media[]\',\''.$post->ID.'\');return false;">'.__('Attach').'</a>';
+		if ( current_user_can('edit_post', $post->ID) )
+			$actions['attach'] = '<a href="#the-list" onclick="findPosts.open(\'media[]\',\''.$post->ID.'\');return false;">'.__('Attach').'</a>';
 		$action_count = count($actions);
 		$i = 0;
 		foreach ( $actions as $action => $link ) {