Problem with new “auto-save” function in WP2.1

I’ve redefined the standard Roles on my website, using the Role-Manager plugin. One of the roles has the “Publish Posts” capability, but NOT the “Edit Published Posts” capability.

Prior to WP2.1, my users could create a new post and publish it. Since 2.1, they can’t.

I think this is because in pre-2.1, when they clicked “Publish”, it would call the “wp_write_post” function, which checks for the “Publish posts” capability. Now, once the post has been auto-saved, it calls the “edit_post” function, which checks for the “Edit Published Posts” capability…which they don’t have.

I believe this is a bug. The edit_post function first sets the Post status to “published” (because the Publish button has been clicked), and only then checks the “Edit Published Posts” capability.

This is the code:

	if ('' != $_POST['publish'] )
		$_POST['post_status'] = 'publish';
	if ('' != $_POST['advanced'] )
		$_POST['post_status'] = 'draft';

	if ( 'page' == $_POST['post_type'] ) {
		if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_pages' ))
			$_POST['post_status'] = 'draft';
	} else {
		if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_posts' ))
			$_POST['post_status'] = 'draft';
	}

I think it should do the “edit_published_posts” check first, and then set the post status to published, if the user has the “publish_posts” capability:

I haven’t yet worked out a fix, but what do others think?