WordPress.org

Make WordPress Core

Changeset 15596


Ignore:
Timestamp:
09/07/10 23:35:28 (7 years ago)
Author:
scribu
Message:

Introduce 'edit_comment' meta cap. Fixes #14520

Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/comment.php

    r15132 r15596  
    6161        comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') ); 
    6262 
    63     if ( !current_user_can('edit_post', $comment->comment_post_ID) ) 
    64         comment_footer_die( __('You are not allowed to edit comments on this post.') ); 
     63    if ( !current_user_can( 'edit_comment', $comment_id ) ) 
     64        comment_footer_die( __('You are not allowed to edit this comment.') ); 
    6565 
    6666    if ( 'trash' == $comment->comment_approved ) 
     
    8585    } 
    8686 
    87     if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) { 
     87    if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) { 
    8888        wp_redirect( admin_url('edit-comments.php?error=2') ); 
    8989        die(); 
     
    185185<?php wp_nonce_field( $nonce_action ); ?> 
    186186<input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' /> 
    187 <input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' /> 
    188187<input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' /> 
    189188<input type='hidden' name='noredir' value='1' /> 
     
    213212    if ( !$comment = get_comment($comment_id) ) 
    214213        comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') ); 
    215     if ( !current_user_can('edit_post', $comment->comment_post_ID ) ) 
     214    if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) 
    216215        comment_footer_die( __('You are not allowed to edit comments on this post.') ); 
    217216 
  • trunk/wp-admin/edit-comments.php

    r15578 r15596  
    3535 
    3636    foreach ( $comment_ids as $comment_id ) { // Check the permissions on each 
    37         $_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id ) ); 
    38  
    39         if ( !current_user_can( 'edit_post', $_post_id ) ) 
     37        if ( !current_user_can( 'edit_comment', $comment_id ) ) 
    4038            continue; 
    4139 
  • trunk/wp-admin/includes/dashboard.php

    r15564 r15596  
    587587 
    588588    $actions_string = ''; 
    589     if ( current_user_can('edit_post', $comment->comment_post_ID) ) { 
     589    if ( current_user_can( 'edit_comment', $comment->comment_ID ) ) { 
    590590        // preorder it: Approve | Reply | Edit | Spam | Trash 
    591591        $actions = array( 
  • trunk/wp-admin/includes/default-list-tables.php

    r15578 r15596  
    22552255        $post = get_post( $comment->comment_post_ID ); 
    22562256        $the_comment_status = wp_get_comment_status( $comment->comment_ID ); 
    2257         $post_type_object = get_post_type_object( $post->post_type ); 
    2258         $user_can = current_user_can( $post_type_object->cap->edit_post, $post->ID ); 
     2257        $user_can = current_user_can( 'edit_comment', $comment_id ); 
    22592258 
    22602259        $comment_url = esc_url( get_comment_link( $comment->comment_ID ) ); 
     
    22762275            $approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) ); 
    22772276 
    2278             $url = "comment.php?post_ID=$post->ID&c=$comment->comment_ID"; 
     2277            $url = "comment.php?c=$comment->comment_ID"; 
    22792278 
    22802279            $approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" ); 
  • trunk/wp-includes/capabilities.php

    r15566 r15596  
    897897        //echo "post ID: {$args[0]}<br />"; 
    898898        $post = get_post( $args[0] ); 
     899 
    899900        $post_type = get_post_type_object( $post->post_type ); 
    900901        if ( $post_type && 'post' != $post_type->capability_type ) { 
     
    989990            $caps[] = 'read_private_pages'; 
    990991        break; 
     992    case 'edit_comment': 
     993        $comment = get_comment( $args[0] ); 
     994        $post = get_post( $comment->comment_post_ID ); 
     995        $post_type_object = get_post_type_object( $post->post_type ); 
     996 
     997        $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID ); 
     998        break; 
    991999    case 'unfiltered_upload': 
    9921000        if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  ) 
  • trunk/wp-includes/link-template.php

    r15590 r15596  
    876876function get_edit_comment_link( $comment_id = 0 ) { 
    877877    $comment = &get_comment( $comment_id ); 
    878     $post = &get_post( $comment->comment_post_ID ); 
    879  
    880     if ( $post->post_type == 'page' ) { 
    881         if ( !current_user_can( 'edit_page', $post->ID ) ) 
    882             return; 
    883     } else { 
    884         if ( !current_user_can( 'edit_post', $post->ID ) ) 
    885             return; 
    886     } 
     878 
     879    if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) 
     880        return; 
    887881 
    888882    $location = admin_url('comment.php?action=editcomment&amp;c=') . $comment->comment_ID; 
     
    901895 */ 
    902896function edit_comment_link( $link = null, $before = '', $after = '' ) { 
    903     global $comment, $post; 
    904  
    905     if ( $post->post_type == 'page' ) { 
    906         if ( !current_user_can( 'edit_page', $post->ID ) ) 
    907             return; 
    908     } else { 
    909         if ( !current_user_can( 'edit_post', $post->ID ) ) 
    910             return; 
    911     } 
     897    global $comment; 
     898 
     899    if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) 
     900        return; 
    912901 
    913902    if ( null === $link ) 
Note: See TracChangeset for help on using the changeset viewer.