Only user with customize_publish cap can publish snapshot

PatelUtkarsh · PatelUtkarsh · commit d6885fffd058 · 2016-08-16T21:52:37.000+05:30
diff --git a/php/class-customize-snapshot-manager.php b/php/class-customize-snapshot-manager.php
@@ -1079,6 +1079,10 @@ public function handle_update_snapshot_request() {
 			status_header( 400 );
 			wp_send_json_error( 'bad_status' );
 		}
+		if ( 'future' === $status && ! current_user_can( 'customize_publish' ) ) {
+			status_header( 400 );
+			wp_send_json_error( 'customize_not_allowed' );
+		}
 		$publish_date = isset( $_POST['publish_date'] ) ? $_POST['publish_date'] : '';
 		if ( 'future' === $status ) {
 			$publish_date_obj = new \DateTime( $publish_date );
diff --git a/php/class-post-type.php b/php/class-post-type.php
@@ -585,6 +585,10 @@ public function filter_user_has_cap( $allcaps, $caps ) {
 				$allcaps[ $granted_cap ] = current_user_can( 'customize' );
 			}
 
+			if ( ! current_user_can( 'customize_publish' ) || empty( $allcaps['customize_publish'] ) ) {
+				$allcaps[ $post_type_obj->cap->publish_posts ] = false;
+			}
+
 			if ( ! current_user_can( 'edit_others_posts' ) ) {
 				$allcaps[ $post_type_obj->cap->edit_others_posts ] = false;
 			}

Original file line number	Diff line number	Diff line change
`@@ -585,6 +585,10 @@ public function filter_user_has_cap( $allcaps, $caps ) {`
`585`	`585`	`$allcaps[ $granted_cap ] = current_user_can( 'customize' );`
`586`	`586`	`}`
`587`	`587`
	`588`	`+ if ( ! current_user_can( 'customize_publish' ) \|\| empty( $allcaps['customize_publish'] ) ) {`
	`589`	`+ $allcaps[ $post_type_obj->cap->publish_posts ] = false;`
	`590`	`+ }`
	`591`	`+`
`588`	`592`	`if ( ! current_user_can( 'edit_others_posts' ) ) {`
`589`	`593`	`$allcaps[ $post_type_obj->cap->edit_others_posts ] = false;`
`590`	`594`	`}`