WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 23 months ago

#23136 closed enhancement (fixed)

Do not notify the post author about comments if they are no longer a member of the blog

Reported by: ryan Owned by: markjaquith
Milestone: 3.6 Priority: normal
Severity: normal Version: 3.5
Component: Comments Keywords: dev-feedback has-patch
Focuses: Cc:

Description

wp_notify_postauthor() should not notify the post author of comments if the author is no longer a member of the blog.

Attachments (2)

23136.diff (553 bytes) - added by ryan 2 years ago.
Props nickmomrik
23136.2.diff (2.1 KB) - added by nacin 23 months ago.

Download all attachments as: .zip

Change History (20)

@ryan2 years ago

Props nickmomrik

comment:1 @ryan2 years ago

This has been running on wordpress.com for 13 months.

comment:2 @markjaquith2 years ago

  • Keywords commit added

I like my patches like I like my drinks: simple, aged, respectable.

comment:3 @aaroncampbell2 years ago

  • Milestone changed from Awaiting Review to 3.6

comment:4 @markjaquith2 years ago

  • Owner set to markjaquith
  • Resolution set to fixed
  • Status changed from new to closed

In 23294:

Do not notify the post author about comments if they are no longer a member of the blog. props nickmomrick. fixes #23136

comment:5 @nacin2 years ago

  • Component changed from General to Comments
  • Keywords dev-feedback added; has-patch commit removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

I don't think this is so clear-cut. This had an existing ticket, #19395.

If they're still a member of the network, why shouldn't they get the email? They're still the author of the post, they just no longer have permissions on the blog. Perhaps the issue here isn't that they're no longer a member of the blog, but that a particular current_user_can() would fail. Specifically, the Trash/Delete and Spam links should confirm that they can still moderate the comment, so current_user_can( 'edit_comment', $comment_id ).

comment:6 @nacin2 years ago

#19395 was marked as a duplicate.

comment:7 @markjaquith2 years ago

Deleting their membership on that site is effectively like deleting them from the site. Why shouldn't it sever ties?

comment:8 @aaroncampbell2 years ago

I have to go with Mark here. If the person is no longer on the site, there's likely a reason. If you want to take away their author capabilities and allow them to still receive notifications, you can just demote them to subscriber right? Seems like a bit of an edge case, but one with an easy solution.

comment:9 @wonderboymusic2 years ago

When someone stops working at my company, they lose access to their blogs - yet, they are still cordial with the staff and sometimes still comment on other posts. Why cut off the notifications? Seems byzantine.

comment:10 follow-ups: @nacin2 years ago

When you remove a user from a site, he remains an author of existing posts. Unless you delete the author entirely, there is no reassignment mechanism. The user still exists on the network and is still a valid user for the blog in terms of post_author and comment user_id. If there was a way to "shut off" a user account across a network (say, closing down a staff account for someone who left staff, but wrote lots of posts), then I could understand a desire to shut off a site.

As it stands, [23294] would break posts by a super admin, which I imagine is not uncommon. While a super admin *should* probably add themselves to individual sites, they might not.

This is for wp_notify_postauthor(), which is only sent on published comments. As long as the author can still read the post — and a cap check exists for that — they should still receive the notification. Why not? They still authored the post, and they can still reply, after all.

The user should only see trash/spam/delete links if they cannot edit_comment, of course. (If demoted to a subscriber, they can still read but won't be able to edit, for example. Not sure whether contributors can touch comments on their own posts.)

If we're going to silence these notifications once the author is removed from the blog, then maybe what we're looking for is a cap check like read or edit_comment?

I'm not saying there should be *no* change here. Clearly, something is needed. [23294] could even stay if that is consensus. But that still does not carve out an exception for super admins, nor does it block moderation links for users who can't moderate said comment.

comment:11 in reply to: ↑ 10 @SergeyBiryukov2 years ago

Replying to nacin:

When you remove a user from a site, he remains an author of existing posts. Unless you delete the author entirely, there is no reassignment mechanism.

Related: #15855

comment:12 in reply to: ↑ 10 @omarabid2 years ago

Replying to nacin:

This is for wp_notify_postauthor(), which is only sent on published comments. As long as the author can still read the post — and a cap check exists for that — they should still receive the notification. Why not? They still authored the post, and they can still reply, after all.

I agree to your reasoning. However, I think it's mandatory that the said user can opt out for email notifications (which is going to be complicated since he's no longer a user)

comment:13 @markjaquith23 months ago

Couldn't they just be dropped to a subscriber, on that site, then?

@nacin23 months ago

comment:14 @nacin23 months ago

  • Keywords has-patch added

How about 23136.2.diff:

  • Uses 'read', which is the equivalent of subscriber. If they're a member of the site, they still get an email. No functional change from [23294] except that it works with super admins by using the capabilities API.
  • Prevents an author from receiving Trash/Spam links if they can't actually edit the comment.

comment:15 @markjaquith23 months ago

I like that approach.

comment:16 @aaroncampbell23 months ago

I tested a bunch of possible cases on a non-MS site and all worked as expected (notified as editor, author, subscriber; not notified with no role or when deleted). I didn't check the MS super-admin issue.

comment:17 @aaroncampbell23 months ago

Also, as subscriber the notification E-Mail didn't have the Trash and Spam links (again, as expected).

comment:18 @nacin23 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 24649:

Do not notify the post author about comments if they are no longer a member of the blog.

This updates [23294] to use capability checks to determine if the user can still edit a post, which works for super admins. Additionally, it hides Trash/Spam action links when the user is still a member of the blog but cannot (or can no longer) moderate the comment.

fixes #23136.

Note: See TracTickets for help on using tickets.