Introduce 'edit_comment' meta cap. Fixes #14520

git-svn-id: http://svn.automattic.com/wordpress/trunk@15596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
scribu 2010-09-07 23:35:28 +00:00
parent 4e283a8047
commit 449d62100e
6 changed files with 21 additions and 28 deletions

View File

@ -60,8 +60,8 @@ case 'editcomment' :
if ( !$comment = get_comment( $comment_id ) )
comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') );
if ( !current_user_can('edit_post', $comment->comment_post_ID) )
comment_footer_die( __('You are not allowed to edit comments on this post.') );
if ( !current_user_can( 'edit_comment', $comment_id ) )
comment_footer_die( __('You are not allowed to edit this comment.') );
if ( 'trash' == $comment->comment_approved )
comment_footer_die( __('This comment is in the Trash. Please move it out of the Trash if you want to edit it.') );
@ -84,7 +84,7 @@ case 'spam' :
die();
}
if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
wp_redirect( admin_url('edit-comments.php?error=2') );
die();
}
@ -184,7 +184,6 @@ if ( $comment->comment_approved != '0' ) { // if not unapproved
<?php wp_nonce_field( $nonce_action ); ?>
<input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' />
<input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' />
<input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' />
<input type='hidden' name='noredir' value='1' />
</form>
@ -212,7 +211,7 @@ case 'unapprovecomment' :
if ( !$comment = get_comment($comment_id) )
comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') );
if ( !current_user_can('edit_post', $comment->comment_post_ID ) )
if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
comment_footer_die( __('You are not allowed to edit comments on this post.') );
if ( '' != wp_get_referer() && ! $noredir && false === strpos(wp_get_referer(), 'comment.php') )

View File

@ -34,9 +34,7 @@ if ( isset( $_REQUEST['doaction'] ) || isset( $_REQUEST['doaction2'] ) || isset
$redirect_to = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'spammed', 'unspammed', 'approved', 'unapproved', 'ids' ), wp_get_referer() );
foreach ( $comment_ids as $comment_id ) { // Check the permissions on each
$_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id ) );
if ( !current_user_can( 'edit_post', $_post_id ) )
if ( !current_user_can( 'edit_comment', $comment_id ) )
continue;
switch ( $doaction ) {

View File

@ -586,7 +586,7 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
$comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
$actions_string = '';
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
if ( current_user_can( 'edit_comment', $comment->comment_ID ) ) {
// preorder it: Approve | Reply | Edit | Spam | Trash
$actions = array(
'approve' => '', 'unapprove' => '',

View File

@ -2254,8 +2254,7 @@ class WP_Comments_Table extends WP_List_Table {
$comment = get_comment( $comment_id );
$post = get_post( $comment->comment_post_ID );
$the_comment_status = wp_get_comment_status( $comment->comment_ID );
$post_type_object = get_post_type_object( $post->post_type );
$user_can = current_user_can( $post_type_object->cap->edit_post, $post->ID );
$user_can = current_user_can( 'edit_comment', $comment_id );
$comment_url = esc_url( get_comment_link( $comment->comment_ID ) );
$author_url = get_comment_author_url();
@ -2275,7 +2274,7 @@ class WP_Comments_Table extends WP_List_Table {
$del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
$url = "comment.php?post_ID=$post->ID&c=$comment->comment_ID";
$url = "comment.php?c=$comment->comment_ID";
$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
$unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );

View File

@ -896,6 +896,7 @@ function map_meta_cap( $cap, $user_id ) {
$author_data = get_userdata( $user_id );
//echo "post ID: {$args[0]}<br />";
$post = get_post( $args[0] );
$post_type = get_post_type_object( $post->post_type );
if ( $post_type && 'post' != $post_type->capability_type ) {
$args = array_merge( array( $post_type->cap->edit_post, $user_id ), $args );
@ -988,6 +989,13 @@ function map_meta_cap( $cap, $user_id ) {
else
$caps[] = 'read_private_pages';
break;
case 'edit_comment':
$comment = get_comment( $args[0] );
$post = get_post( $comment->comment_post_ID );
$post_type_object = get_post_type_object( $post->post_type );
$caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
break;
case 'unfiltered_upload':
if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) )
$caps[] = $cap;

View File

@ -875,15 +875,9 @@ function get_delete_post_link( $id = 0, $deprecated = '', $force_delete = false
*/
function get_edit_comment_link( $comment_id = 0 ) {
$comment = &get_comment( $comment_id );
$post = &get_post( $comment->comment_post_ID );
if ( $post->post_type == 'page' ) {
if ( !current_user_can( 'edit_page', $post->ID ) )
return;
} else {
if ( !current_user_can( 'edit_post', $post->ID ) )
return;
}
if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
return;
$location = admin_url('comment.php?action=editcomment&amp;c=') . $comment->comment_ID;
return apply_filters( 'get_edit_comment_link', $location );
@ -900,15 +894,10 @@ function get_edit_comment_link( $comment_id = 0 ) {
* @return string|null HTML content, if $echo is set to false.
*/
function edit_comment_link( $link = null, $before = '', $after = '' ) {
global $comment, $post;
global $comment;
if ( $post->post_type == 'page' ) {
if ( !current_user_can( 'edit_page', $post->ID ) )
return;
} else {
if ( !current_user_can( 'edit_post', $post->ID ) )
return;
}
if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
return;
if ( null === $link )
$link = __('Edit This');