Opened 12 years ago
Closed 11 years ago
#23136 closed enhancement (fixed)
Do not notify the post author about comments if they are no longer a member of the blog
Reported by: | ryan | Owned by: | markjaquith |
---|---|---|---|
Milestone: | 3.6 | Priority: | normal |
Severity: | normal | Version: | 3.5 |
Component: | Comments | Keywords: | dev-feedback has-patch |
Focuses: | Cc: |
Description
wp_notify_postauthor() should not notify the post author of comments if the author is no longer a member of the blog.
Attachments (2)
Change History (20)
#2
@
12 years ago
- Keywords commit added
I like my patches like I like my drinks: simple, aged, respectable.
#4
@
12 years ago
- Owner set to markjaquith
- Resolution set to fixed
- Status changed from new to closed
In 23294:
#5
@
12 years ago
- Component changed from General to Comments
- Keywords dev-feedback added; has-patch commit removed
- Resolution fixed deleted
- Status changed from closed to reopened
I don't think this is so clear-cut. This had an existing ticket, #19395.
If they're still a member of the network, why shouldn't they get the email? They're still the author of the post, they just no longer have permissions on the blog. Perhaps the issue here isn't that they're no longer a member of the blog, but that a particular current_user_can() would fail. Specifically, the Trash/Delete and Spam links should confirm that they can still moderate the comment, so current_user_can( 'edit_comment', $comment_id ).
#7
@
12 years ago
Deleting their membership on that site is effectively like deleting them from the site. Why shouldn't it sever ties?
#8
@
12 years ago
I have to go with Mark here. If the person is no longer on the site, there's likely a reason. If you want to take away their author capabilities and allow them to still receive notifications, you can just demote them to subscriber right? Seems like a bit of an edge case, but one with an easy solution.
#9
@
12 years ago
When someone stops working at my company, they lose access to their blogs - yet, they are still cordial with the staff and sometimes still comment on other posts. Why cut off the notifications? Seems byzantine.
#10
follow-ups:
↓ 11
↓ 12
@
12 years ago
When you remove a user from a site, he remains an author of existing posts. Unless you delete the author entirely, there is no reassignment mechanism. The user still exists on the network and is still a valid user for the blog in terms of post_author and comment user_id. If there was a way to "shut off" a user account across a network (say, closing down a staff account for someone who left staff, but wrote lots of posts), then I could understand a desire to shut off a site.
As it stands, [23294] would break posts by a super admin, which I imagine is not uncommon. While a super admin *should* probably add themselves to individual sites, they might not.
This is for wp_notify_postauthor(), which is only sent on published comments. As long as the author can still read the post — and a cap check exists for that — they should still receive the notification. Why not? They still authored the post, and they can still reply, after all.
The user should only see trash/spam/delete links if they cannot edit_comment, of course. (If demoted to a subscriber, they can still read but won't be able to edit, for example. Not sure whether contributors can touch comments on their own posts.)
If we're going to silence these notifications once the author is removed from the blog, then maybe what we're looking for is a cap check like read or edit_comment?
I'm not saying there should be *no* change here. Clearly, something is needed. [23294] could even stay if that is consensus. But that still does not carve out an exception for super admins, nor does it block moderation links for users who can't moderate said comment.
#12
in reply to:
↑ 10
@
12 years ago
Replying to nacin:
This is for wp_notify_postauthor(), which is only sent on published comments. As long as the author can still read the post — and a cap check exists for that — they should still receive the notification. Why not? They still authored the post, and they can still reply, after all.
I agree to your reasoning. However, I think it's mandatory that the said user can opt out for email notifications (which is going to be complicated since he's no longer a user)
#14
@
11 years ago
- Keywords has-patch added
How about 23136.2.diff:
- Uses 'read', which is the equivalent of subscriber. If they're a member of the site, they still get an email. No functional change from [23294] except that it works with super admins by using the capabilities API.
- Prevents an author from receiving Trash/Spam links if they can't actually edit the comment.
#16
@
11 years ago
I tested a bunch of possible cases on a non-MS site and all worked as expected (notified as editor, author, subscriber; not notified with no role or when deleted). I didn't check the MS super-admin issue.
Props nickmomrik