WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#19916 closed defect (bug) (duplicate)

wp.deleteComment, wp.editComment shoud work for authors

Reported by: nprasath002 Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3.1
Component: XML-RPC Keywords: has-patch
Focuses: Cc:

Description

wp.editComment, wp.deleteComment checks for 'moderate_comments' which authors dont have

Attachments (1)

wp.editComment.patch (1.2 KB) - added by nprasath002 2 years ago.

Download all attachments as: .zip

Change History (6)

nprasath0022 years ago

comment:1 follow-up: maxcutler2 years ago

I think removing the cap check is the wrong approach. Instead of checking 'moderate_comments', it should really just check the 'edit_comment' meta-cap (which takes the comment ID as a parameter).

comment:2 in reply to: ↑ 1 ; follow-up: nprasath0022 years ago

Replying to maxcutler:

I think removing the cap check is the wrong approach. Instead of checking 'moderate_comments', it should really just check the 'edit_comment' meta-cap (which takes the comment ID as a parameter).

Thats what the patch does.

comment:3 in reply to: ↑ 2 maxcutler2 years ago

  • Cc max@… added

Replying to nprasath002:

Thats what the patch does.

Ah yes, you are correct. Trac's patch context didn't show that there's a call to current_user_can( 'edit_comment', $comment_ID ) later in the method.

The error message for that later check should probably be revised to be more accurate, but otherwise I'm +1.

comment:4 nprasath0022 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

A combined patch is submitted in #17981

comment:5 ocean902 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.