WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 4 years ago

Last modified 3 years ago

#14520 closed enhancement (fixed)

Introduce edit_comment meta cap

Reported by: scribu Owned by:
Milestone: 3.1 Priority: normal
Severity: normal Version:
Component: Comments Keywords: has-patch commit
Focuses: Cc:

Description

Currently, the edit_post meta cap is used to determine wether a user is allowed to edit a comment or not.

This makes it difficult to restrict editing on a per comment level.

Having a dedicated meta capability would allow more flexibility.

Attachments (4)

edit_comment.diff (2.8 KB) - added by scribu 5 years ago.
edit_comment.2.diff (7.0 KB) - added by scribu 5 years ago.
use edit_comment in more places
edit_comment.3.diff (6.1 KB) - added by scribu 5 years ago.
preserve current policy
edit_comment.4.diff (6.7 KB) - added by scribu 5 years ago.
also update edit-comment.php

Download all attachments as: .zip

Change History (18)

@scribu5 years ago

comment:1 @scribu5 years ago

edit_comment.diff allows non-moderators to only edit their own comments.

If someone wants the old behaviour, where an author can edit any comment on one of his posts, they can plug into map_meta_cap, which is the entire point: make it easier to change the comment editing policy.

comment:2 @nacin5 years ago

I don't believe we should change the behavior; I think that's a danger zone. Making this a meta cap probably is a good amount of sense, however.

That said -- duplicate of #12104.

@scribu5 years ago

use edit_comment in more places

comment:3 @scribu5 years ago

That said -- duplicate of #12104.

I would say #12104 is a subset of this ticket.

comment:4 @ryan5 years ago

Can we preserve current policy for now and address changing that in a separate ticket?

comment:5 follow-up: @scribu5 years ago

  • Keywords needs-patch added; has-patch removed

Ok, we'll leave the policy change for #12104

@scribu5 years ago

preserve current policy

comment:6 @scribu5 years ago

  • Keywords has-patch added; needs-patch removed

comment:7 in reply to: ↑ 5 @nacin5 years ago

Replying to scribu:

Ok, we'll leave the policy change for #12104

One thing though, I don't think that ticket is advocating for a change in the current policy, only in how the capabilities are used. Thus edit_comment (or should it be moderate_comment?) would still call edit_post but that could be changed to enable someone to not have edit_posts capabilities but do have the abilities to moderate comments. That's how I see it, anyway.

comment:8 @scribu5 years ago

Alright, I'll open a new ticket. No more policy talk in this ticket, please. :)

comment:9 @ryan5 years ago

Does the current_user_can check in edit-comments.php need to change?

@scribu5 years ago

also update edit-comment.php

comment:10 @scribu5 years ago

Indeed it does. Updated patch.

comment:11 @ryan5 years ago

  • Keywords commit added

comment:12 @scribu4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [15596]) Introduce 'edit_comment' meta cap. Fixes #14520

comment:13 follow-up: @nestor_at_mash3 years ago

Hi all,
The edit_comment capability has not been defined on wp-admin\includes\schema.php
I think, something like the following should be added to schema.php:
populate_roles_310(){

$roles = array('administrator', 'editor', 'author', 'contributor');
foreach ($roles as $role) {

$role =& get_role($role);
if ( empty($role) )

continue;

$role->add_cap( 'edit_comment' );

}

}

and add the line:

populate_roles_310();

to the populate_roles() function

Note: I couldn't decide to reopen this ticket or start a new one ... so I am just adding this comment here in hopes that the author of this fix can implement this.

Version 0, edited 3 years ago by nestor_at_mash (next)

comment:14 in reply to: ↑ 13 @dd323 years ago

Replying to nestor_at_mash:

Hi all,
The edit_comment capability has not been defined on wp-admin\includes\schema.php

The edit_comment cap is a meta capability that is, a capability which maps to other real capabilities, it's really just an conditional alias: the magic happens here where it's mapped to the Post Type's Edit capability.

So; you should never see a user with the 'edit_comment' cap specifically, but you will have users who it passes as true for since behind the scenes it maps to another real capability which they do have.

Note: See TracTickets for help on using tickets.