Introduce 'edit_comment' meta cap. Fixes #14520
git-svn-id: https://develop.svn.wordpress.org/trunk@15596 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
7845df0f09
commit
b1def7dad8
@ -60,8 +60,8 @@ case 'editcomment' :
|
||||
if ( !$comment = get_comment( $comment_id ) )
|
||||
comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') );
|
||||
|
||||
if ( !current_user_can('edit_post', $comment->comment_post_ID) )
|
||||
comment_footer_die( __('You are not allowed to edit comments on this post.') );
|
||||
if ( !current_user_can( 'edit_comment', $comment_id ) )
|
||||
comment_footer_die( __('You are not allowed to edit this comment.') );
|
||||
|
||||
if ( 'trash' == $comment->comment_approved )
|
||||
comment_footer_die( __('This comment is in the Trash. Please move it out of the Trash if you want to edit it.') );
|
||||
@ -84,7 +84,7 @@ case 'spam' :
|
||||
die();
|
||||
}
|
||||
|
||||
if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
|
||||
if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
|
||||
wp_redirect( admin_url('edit-comments.php?error=2') );
|
||||
die();
|
||||
}
|
||||
@ -184,7 +184,6 @@ if ( $comment->comment_approved != '0' ) { // if not unapproved
|
||||
|
||||
<?php wp_nonce_field( $nonce_action ); ?>
|
||||
<input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' />
|
||||
<input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' />
|
||||
<input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' />
|
||||
<input type='hidden' name='noredir' value='1' />
|
||||
</form>
|
||||
@ -212,7 +211,7 @@ case 'unapprovecomment' :
|
||||
|
||||
if ( !$comment = get_comment($comment_id) )
|
||||
comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') );
|
||||
if ( !current_user_can('edit_post', $comment->comment_post_ID ) )
|
||||
if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
|
||||
comment_footer_die( __('You are not allowed to edit comments on this post.') );
|
||||
|
||||
if ( '' != wp_get_referer() && ! $noredir && false === strpos(wp_get_referer(), 'comment.php') )
|
||||
|
@ -34,9 +34,7 @@ if ( isset( $_REQUEST['doaction'] ) || isset( $_REQUEST['doaction2'] ) || isset
|
||||
$redirect_to = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'spammed', 'unspammed', 'approved', 'unapproved', 'ids' ), wp_get_referer() );
|
||||
|
||||
foreach ( $comment_ids as $comment_id ) { // Check the permissions on each
|
||||
$_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id ) );
|
||||
|
||||
if ( !current_user_can( 'edit_post', $_post_id ) )
|
||||
if ( !current_user_can( 'edit_comment', $comment_id ) )
|
||||
continue;
|
||||
|
||||
switch ( $doaction ) {
|
||||
|
@ -586,7 +586,7 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
|
||||
$comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
|
||||
|
||||
$actions_string = '';
|
||||
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
||||
if ( current_user_can( 'edit_comment', $comment->comment_ID ) ) {
|
||||
// preorder it: Approve | Reply | Edit | Spam | Trash
|
||||
$actions = array(
|
||||
'approve' => '', 'unapprove' => '',
|
||||
|
@ -2254,8 +2254,7 @@ class WP_Comments_Table extends WP_List_Table {
|
||||
$comment = get_comment( $comment_id );
|
||||
$post = get_post( $comment->comment_post_ID );
|
||||
$the_comment_status = wp_get_comment_status( $comment->comment_ID );
|
||||
$post_type_object = get_post_type_object( $post->post_type );
|
||||
$user_can = current_user_can( $post_type_object->cap->edit_post, $post->ID );
|
||||
$user_can = current_user_can( 'edit_comment', $comment_id );
|
||||
|
||||
$comment_url = esc_url( get_comment_link( $comment->comment_ID ) );
|
||||
$author_url = get_comment_author_url();
|
||||
@ -2275,7 +2274,7 @@ class WP_Comments_Table extends WP_List_Table {
|
||||
$del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
|
||||
$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
|
||||
|
||||
$url = "comment.php?post_ID=$post->ID&c=$comment->comment_ID";
|
||||
$url = "comment.php?c=$comment->comment_ID";
|
||||
|
||||
$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
|
||||
$unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
|
||||
|
@ -896,6 +896,7 @@ function map_meta_cap( $cap, $user_id ) {
|
||||
$author_data = get_userdata( $user_id );
|
||||
//echo "post ID: {$args[0]}<br />";
|
||||
$post = get_post( $args[0] );
|
||||
|
||||
$post_type = get_post_type_object( $post->post_type );
|
||||
if ( $post_type && 'post' != $post_type->capability_type ) {
|
||||
$args = array_merge( array( $post_type->cap->edit_post, $user_id ), $args );
|
||||
@ -988,6 +989,13 @@ function map_meta_cap( $cap, $user_id ) {
|
||||
else
|
||||
$caps[] = 'read_private_pages';
|
||||
break;
|
||||
case 'edit_comment':
|
||||
$comment = get_comment( $args[0] );
|
||||
$post = get_post( $comment->comment_post_ID );
|
||||
$post_type_object = get_post_type_object( $post->post_type );
|
||||
|
||||
$caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
|
||||
break;
|
||||
case 'unfiltered_upload':
|
||||
if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) )
|
||||
$caps[] = $cap;
|
||||
|
@ -875,15 +875,9 @@ function get_delete_post_link( $id = 0, $deprecated = '', $force_delete = false
|
||||
*/
|
||||
function get_edit_comment_link( $comment_id = 0 ) {
|
||||
$comment = &get_comment( $comment_id );
|
||||
$post = &get_post( $comment->comment_post_ID );
|
||||
|
||||
if ( $post->post_type == 'page' ) {
|
||||
if ( !current_user_can( 'edit_page', $post->ID ) )
|
||||
return;
|
||||
} else {
|
||||
if ( !current_user_can( 'edit_post', $post->ID ) )
|
||||
return;
|
||||
}
|
||||
if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
|
||||
return;
|
||||
|
||||
$location = admin_url('comment.php?action=editcomment&c=') . $comment->comment_ID;
|
||||
return apply_filters( 'get_edit_comment_link', $location );
|
||||
@ -900,15 +894,10 @@ function get_edit_comment_link( $comment_id = 0 ) {
|
||||
* @return string|null HTML content, if $echo is set to false.
|
||||
*/
|
||||
function edit_comment_link( $link = null, $before = '', $after = '' ) {
|
||||
global $comment, $post;
|
||||
global $comment;
|
||||
|
||||
if ( $post->post_type == 'page' ) {
|
||||
if ( !current_user_can( 'edit_page', $post->ID ) )
|
||||
return;
|
||||
} else {
|
||||
if ( !current_user_can( 'edit_post', $post->ID ) )
|
||||
return;
|
||||
}
|
||||
if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
|
||||
return;
|
||||
|
||||
if ( null === $link )
|
||||
$link = __('Edit This');
|
||||
|
Loading…
Reference in New Issue
Block a user