sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Introduce 'edit_comment' meta cap. Fixes #14520

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@15596 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
scribu 2010-09-07 23:35:28 +00:00
parent 7845df0f09
commit b1def7dad8
6 changed files with 21 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
wp-admin/comment.php
View File

@ -60,8 +60,8 @@ case 'editcomment' :
if ( !$comment = get_comment( $comment_id ) ) if ( !$comment = get_comment( $comment_id ) )
comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') ); comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') );
if ( !current_user_can('edit_post', $comment->comment_post_ID) ) if ( !current_user_can( 'edit_comment', $comment_id ) )
comment_footer_die( __('You are not allowed to edit comments on this post.') ); comment_footer_die( __('You are not allowed to edit this comment.') );
if ( 'trash' == $comment->comment_approved ) if ( 'trash' == $comment->comment_approved )
comment_footer_die( __('This comment is in the Trash. Please move it out of the Trash if you want to edit it.') ); comment_footer_die( __('This comment is in the Trash. Please move it out of the Trash if you want to edit it.') );
@ -84,7 +84,7 @@ case 'spam' :
die(); die();
} }
if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) { if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
wp_redirect( admin_url('edit-comments.php?error=2') ); wp_redirect( admin_url('edit-comments.php?error=2') );
die(); die();
} }
@ -184,7 +184,6 @@ if ( $comment->comment_approved != '0' ) { // if not unapproved
<?php wp_nonce_field( $nonce_action ); ?> <?php wp_nonce_field( $nonce_action ); ?>
<input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' /> <input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' />
<input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' />
<input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' /> <input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' />
<input type='hidden' name='noredir' value='1' /> <input type='hidden' name='noredir' value='1' />
</form> </form>
@ -212,7 +211,7 @@ case 'unapprovecomment' :
if ( !$comment = get_comment($comment_id) ) if ( !$comment = get_comment($comment_id) )
comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') ); comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') );
if ( !current_user_can('edit_post', $comment->comment_post_ID ) ) if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
comment_footer_die( __('You are not allowed to edit comments on this post.') ); comment_footer_die( __('You are not allowed to edit comments on this post.') );
if ( '' != wp_get_referer() && ! $noredir && false === strpos(wp_get_referer(), 'comment.php') ) if ( '' != wp_get_referer() && ! $noredir && false === strpos(wp_get_referer(), 'comment.php') )

4
wp-admin/edit-comments.php
View File

@ -34,9 +34,7 @@ if ( isset( $_REQUEST['doaction'] ) || isset( $_REQUEST['doaction2'] ) || isset
$redirect_to = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'spammed', 'unspammed', 'approved', 'unapproved', 'ids' ), wp_get_referer() ); $redirect_to = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'spammed', 'unspammed', 'approved', 'unapproved', 'ids' ), wp_get_referer() );
foreach ( $comment_ids as $comment_id ) { // Check the permissions on each foreach ( $comment_ids as $comment_id ) { // Check the permissions on each
$_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id ) ); if ( !current_user_can( 'edit_comment', $comment_id ) )
if ( !current_user_can( 'edit_post', $_post_id ) )
continue; continue;
switch ( $doaction ) { switch ( $doaction ) {

2
wp-admin/includes/dashboard.php
View File

@ -586,7 +586,7 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
$comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>'; $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
$actions_string = ''; $actions_string = '';
if ( current_user_can('edit_post', $comment->comment_post_ID) ) { if ( current_user_can( 'edit_comment', $comment->comment_ID ) ) {
// preorder it: Approve | Reply | Edit | Spam | Trash // preorder it: Approve | Reply | Edit | Spam | Trash
$actions = array( $actions = array(
'approve' => '', 'unapprove' => '', 'approve' => '', 'unapprove' => '',

5
wp-admin/includes/default-list-tables.php
View File

@ -2254,8 +2254,7 @@ class WP_Comments_Table extends WP_List_Table {
$comment = get_comment( $comment_id ); $comment = get_comment( $comment_id );
$post = get_post( $comment->comment_post_ID ); $post = get_post( $comment->comment_post_ID );
$the_comment_status = wp_get_comment_status( $comment->comment_ID ); $the_comment_status = wp_get_comment_status( $comment->comment_ID );
$post_type_object = get_post_type_object( $post->post_type ); $user_can = current_user_can( 'edit_comment', $comment_id );
$user_can = current_user_can( $post_type_object->cap->edit_post, $post->ID );
$comment_url = esc_url( get_comment_link( $comment->comment_ID ) ); $comment_url = esc_url( get_comment_link( $comment->comment_ID ) );
$author_url = get_comment_author_url(); $author_url = get_comment_author_url();
@ -2275,7 +2274,7 @@ class WP_Comments_Table extends WP_List_Table {
$del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) ); $del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) ); $approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
$url = "comment.php?post_ID=$post->ID&c=$comment->comment_ID"; $url = "comment.php?c=$comment->comment_ID";
$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" ); $approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
$unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" ); $unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );

8
wp-includes/capabilities.php
View File

@ -896,6 +896,7 @@ function map_meta_cap( $cap, $user_id ) {
$author_data = get_userdata( $user_id ); $author_data = get_userdata( $user_id );
//echo "post ID: {$args[0]}<br />"; //echo "post ID: {$args[0]}<br />";
$post = get_post( $args[0] ); $post = get_post( $args[0] );
$post_type = get_post_type_object( $post->post_type ); $post_type = get_post_type_object( $post->post_type );
if ( $post_type && 'post' != $post_type->capability_type ) { if ( $post_type && 'post' != $post_type->capability_type ) {
$args = array_merge( array( $post_type->cap->edit_post, $user_id ), $args ); $args = array_merge( array( $post_type->cap->edit_post, $user_id ), $args );
@ -988,6 +989,13 @@ function map_meta_cap( $cap, $user_id ) {
else else
$caps[] = 'read_private_pages'; $caps[] = 'read_private_pages';
break; break;
case 'edit_comment':
$comment = get_comment( $args[0] );
$post = get_post( $comment->comment_post_ID );
$post_type_object = get_post_type_object( $post->post_type );
$caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
break;
case 'unfiltered_upload': case 'unfiltered_upload':
if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) ) if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) )
$caps[] = $cap; $caps[] = $cap;

17
wp-includes/link-template.php
View File

@ -875,15 +875,9 @@ function get_delete_post_link( $id = 0, $deprecated = '', $force_delete = false
*/ */
function get_edit_comment_link( $comment_id = 0 ) { function get_edit_comment_link( $comment_id = 0 ) {
$comment = &get_comment( $comment_id ); $comment = &get_comment( $comment_id );
$post = &get_post( $comment->comment_post_ID );
if ( $post->post_type == 'page' ) { if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
if ( !current_user_can( 'edit_page', $post->ID ) )
return; return;
} else {
if ( !current_user_can( 'edit_post', $post->ID ) )
return;
}
$location = admin_url('comment.php?action=editcomment&amp;c=') . $comment->comment_ID; $location = admin_url('comment.php?action=editcomment&amp;c=') . $comment->comment_ID;
return apply_filters( 'get_edit_comment_link', $location ); return apply_filters( 'get_edit_comment_link', $location );
@ -900,15 +894,10 @@ function get_edit_comment_link( $comment_id = 0 ) {
* @return string|null HTML content, if $echo is set to false. * @return string|null HTML content, if $echo is set to false.
*/ */
function edit_comment_link( $link = null, $before = '', $after = '' ) { function edit_comment_link( $link = null, $before = '', $after = '' ) {
global $comment, $post; global $comment;
if ( $post->post_type == 'page' ) { if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
if ( !current_user_can( 'edit_page', $post->ID ) )
return; return;
} else {
if ( !current_user_can( 'edit_post', $post->ID ) )
return;
}
if ( null === $link ) if ( null === $link )
$link = __('Edit This'); $link = __('Edit This');