WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 5 years ago

#4802 closed defect (bug) (wontfix)

Author can moderate comments on their own posts

Reported by: alakhnor Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.2.2
Component: Comments Keywords: needs-patch
Focuses: Cc:

Description

Currently, a user with Author standard role can delete/spam any comment made on its posts.

He should be able to do it only if he's received the "Moderate comments" capability.

This is true for the Comment admin panel and the emails.

If the "Moderate Comments" capability was not design this way, then there is no way to prevent authors (or any user with edit post capability) from moderating their post comments which very annoying.

Change History (11)

comment:1 intoxination7 years ago

A big +1 for this (I have brought this up before on wp-hackers). Since Wordpress is being used by numerous larger/community style sites, it would be very beneficial to have moderating comments as a separate capability from edit_posts. This would also allow sites to create a moderator role just for moderating comments if they so please. I actually manage a couple of sites I have done this very thing on. It would be nice not to have to go through and edit files on each upgrade ;)

comment:2 rob1n7 years ago

+1, but I didn't read that closely.

comment:3 intoxination7 years ago

Currently there is a moderate_comments capability, but that looks like it is more used for spam/Akismet than anything else.

My suggestion is to change the edit_posts capability to moderate_comments capability on any section that involves comments (ie: editing, deleting, editing, approve/unapprove, etc).

To not break anything, we could keep it so that the post id is still checked (as it is with edit_posts) so people can only edit comments on their own post. This would allow a simple plugin to over ride the post check on the user_has_cap filter.

Another possibility would be to use the current moderate_comments capability and add a moderate_all_comments capability. Moderate_comments would work on the same post->ID check as edit_posts do now. Moderate_all_comments would just override that check and return true.

(As it is currently, you really can't do a filter on user_has_cap to achieve this, since you have no way of knowing what function that user_has_cap is checking against)

Since the moderate_comments capability is already included in the 160 schema, we could just then do another small upgrade that loops through all roles and if that role has the edit_posts capability, we add the moderate_comments capability.

This would then provide sites with a mechanism to further divide up the work load involved in managing a site. You could have a person that just has the moderate_comments (or moderate_all_comments) capability that would have access to only the comment screen from backstage (as well as edit links when viewing comments). You could also have author's that the capability has been taken away from that don't see the comment screen or edit links.

This is a rather common scenario for larger/community based sites. They may allow certain people to post articles as contributors or authors, but want to have a group of moderators that can police the comments for them. Instead of granting those moderators the almost holy editor access (or full holy administrator access), they would just need a moderator access. Of course they can also deny the moderate_comments capability from authors so that only the moderators can edit comments.

Basically the way I see it is posts != comments and the capabilities for both need to be split off.

comment:4 follow-up: foolswisdom7 years ago

  • Milestone changed from 2.2.3 to 2.3

comment:5 in reply to: ↑ 4 ildar7 years ago

+1

comment:6 alakhnor7 years ago

I couldn't say more intoxination (and I actually said less) nor better. ;)

comment:7 ryan7 years ago

  • Milestone changed from 2.3 to 2.4 (next)

comment:8 jeremyclarke6 years ago

  • Cc jeremyclarke added

I think intoxination is on the right path, however based on the existing roles, I think that the smoothest and least confusing path would be to have the new role be "moderate_others_comments" in the same way that posts have "edit_posts" and "edit_others_posts".

In this scenario, I think it would make sense to have the default roles as follows:

Admin/Editor: moderate_comments AND moderate_others_comments
Author: moderate_comments (only on their posts)
Contributor: [nothing, they wait for editors/admins to approve their comments]

This would follow elegantly with Contributor's inability to publish their own posts while authors can publish theirs but can't do things like edit the posts of other authors.

I think this change is important because on large sites with lots of authors it is a burnout to follow all conversations, and if an author is trusted to publish posts independently they are likely trustworthy to sort comments on their own posts. This would also of course be changeable through the role manager plugin if someone wanted a different setup.

The big problem I think is the number of places that would need to be patched to make this happen, I'm not sure how the comment moderation admin views work but it might take awhile to adapt them for this subtle difference.

If nothing else though, having the link to accept a comment present in emails and allowing authors to accept comments that way would be a big step. I admin a large site and we moderate all comments before they appear, so distributing it thinner would really help.

comment:9 thee175 years ago

  • Component changed from Administration to Comments
  • Owner anonymous deleted

comment:10 Viper007Bond5 years ago

  • Keywords needs-patch added

comment:11 Denis-de-Bernardy5 years ago

  • Milestone 2.9 deleted
  • Resolution set to wontfix
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.