Changeset 15596

Timestamp:

09/07/2010 11:35:28 PM (13 years ago)

Author:

scribu

Message:

Introduce 'edit_comment' meta cap. Fixes #14520

Location:

trunk

Files:

• wp-admin/comment.php (modified) (4 diffs)
• wp-admin/edit-comments.php (modified) (1 diff)
• wp-admin/includes/dashboard.php (modified) (1 diff)
• wp-admin/includes/default-list-tables.php (modified) (2 diffs)
• wp-includes/capabilities.php (modified) (2 diffs)
• wp-includes/link-template.php (modified) (2 diffs)

trunk/wp-admin/comment.php

@@ -61 +61 @@
         comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') );
 
-    if ( !current_user_can('edit_post', $comment->comment_post_ID) )
-        comment_footer_die( __('You are not allowed to edit comments on this post.') );
+    if ( !current_user_can( 'edit_comment', $comment_id ) )
+        comment_footer_die( __('You are not allowed to edit this comment.') );
 
     if ( 'trash' == $comment->comment_approved )
@@ -85 +85 @@
     }
 
-    if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
+    if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
         wp_redirect( admin_url('edit-comments.php?error=2') );
         die();
@@ -185 +185 @@
 <?php wp_nonce_field( $nonce_action ); ?>
 <input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' />
-<input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' />
 <input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' />
 <input type='hidden' name='noredir' value='1' />
@@ -213 +212 @@
     if ( !$comment = get_comment($comment_id) )
         comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') );
-    if ( !current_user_can('edit_post', $comment->comment_post_ID ) )
+    if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
         comment_footer_die( __('You are not allowed to edit comments on this post.') );
 

trunk/wp-admin/edit-comments.php

@@ -35 +35 @@
 
     foreach ( $comment_ids as $comment_id ) { // Check the permissions on each
-        $_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id ) );
-
-        if ( !current_user_can( 'edit_post', $_post_id ) )
+        if ( !current_user_can( 'edit_comment', $comment_id ) )
             continue;
 

trunk/wp-admin/includes/dashboard.php

@@ -587 +587 @@
 
     $actions_string = '';
-    if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
+    if ( current_user_can( 'edit_comment', $comment->comment_ID ) ) {
         // preorder it: Approve | Reply | Edit | Spam | Trash
         $actions = array(

trunk/wp-admin/includes/default-list-tables.php

@@ -2255 +2255 @@
         $post = get_post( $comment->comment_post_ID );
         $the_comment_status = wp_get_comment_status( $comment->comment_ID );
-        $post_type_object = get_post_type_object( $post->post_type );
-        $user_can = current_user_can( $post_type_object->cap->edit_post, $post->ID );
+        $user_can = current_user_can( 'edit_comment', $comment_id );
 
         $comment_url = esc_url( get_comment_link( $comment->comment_ID ) );
@@ -2276 +2275 @@
             $approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
 
-            $url = "comment.php?post_ID=$post->ID&c=$comment->comment_ID";
+            $url = "comment.php?c=$comment->comment_ID";
 
             $approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );

trunk/wp-includes/capabilities.php

@@ -897 +897 @@
         //echo "post ID: {$args[0]}<br />";
         $post = get_post( $args[0] );
+
         $post_type = get_post_type_object( $post->post_type );
         if ( $post_type && 'post' != $post_type->capability_type ) {
@@ -989 +990 @@
             $caps[] = 'read_private_pages';
         break;
+    case 'edit_comment':
+        $comment = get_comment( $args[0] );
+        $post = get_post( $comment->comment_post_ID );
+        $post_type_object = get_post_type_object( $post->post_type );
+
+        $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
+        break;
     case 'unfiltered_upload':
         if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )

trunk/wp-includes/link-template.php

@@ -876 +876 @@
 function get_edit_comment_link( $comment_id = 0 ) {
     $comment = &get_comment( $comment_id );
-    $post = &get_post( $comment->comment_post_ID );
-
-    if ( $post->post_type == 'page' ) {
-        if ( !current_user_can( 'edit_page', $post->ID ) )
-            return;
-    } else {
-        if ( !current_user_can( 'edit_post', $post->ID ) )
-            return;
-    }
+
+    if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
+        return;
 
     $location = admin_url('comment.php?action=editcomment&c=') . $comment->comment_ID;
@@ -901 +895 @@
  */
 function edit_comment_link( $link = null, $before = '', $after = '' ) {
-    global $comment, $post;
-
-    if ( $post->post_type == 'page' ) {
-        if ( !current_user_can( 'edit_page', $post->ID ) )
-            return;
-    } else {
-        if ( !current_user_can( 'edit_post', $post->ID ) )
-            return;
-    }
+    global $comment;
+
+    if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
+        return;
 
     if ( null === $link )