PublishPress-Planner icon indicating copy to clipboard operation
PublishPress-Planner copied to clipboard

Published 20 hours ago verified publisher icon publishpress

Editorial comments delete capability issue

Open rizaardiyanto1412 opened this issue 1 year ago • 2 comments

There is an issue with "pp_delete_editorial_comment" capability

On my contributor role, I have this setting: image

I don't have delete on my comment image

It only works when I set like this: image

But it also give delete on other people comment image

Expected behavior:

"pp_delete_editorial_comment" give delete capability to user comment

"pp_delete_other_editorial_comment" give delete capability to other user comment

Original report: https://secure.helpscout.net/conversation/2287165605/200359?folderId=6932143

rizaardiyanto1412 avatar Jun 30 '23 10:06 rizaardiyanto1412

The issue seems persists in latest version

rizaardiyanto1412 avatar Feb 08 '24 10:02 rizaardiyanto1412

In /modules/editorial-comments/editorial-comments.php there are two if-statements that can never be true.

On line 625:

if ( ( $user->user_nicename == $theComment->comment_author && current_user_can('pp_edit_editorial_comment') || current_user_can('pp_edit_others_editorial_comment') ) )

On line 638:

if ( ( $user->ID === $theComment->comment_author && current_user_can('pp_delete_editorial_comment') || current_user_can('pp_delete_others_editorial_comment') ) )

$user->user_nicename returns a slug while $theComment->comment_author returns i.e. full name or display name.

Also, in both statements a ) is placed wrong.

I changed both to this which solves the problem:

if ( ( $user->ID == $theComment->user_id && current_user_can( 'pp_edit_editorial_comment' ) ) || current_user_can('pp_edit_others_editorial_comment') )

if ( ( $user->ID == $theComment->user_id && current_user_can( 'pp_delete_editorial_comment' ) ) || current_user_can('pp_delete_others_editorial_comment') )

I hope this helps you save some time 🙂

Actually, this solved the issue partly. The links are there, but they don’t work since the user doesn’t get the privilege to edit/delete due to three other if-statements with the same structure.

On line 922:

if ( ! ($current_user->user_nicename == $theComment->comment_author && current_user_can( 'pp_edit_editorial_comment' )) && ! current_user_can('pp_edit_others_editorial_comment') )

On line 1052 and 1165:

if ( ! ($current_user->user_nicename == $theComment->comment_author && current_user_can( 'pp_delete_editorial_comment' )) && ! current_user_can('pp_delete_others_editorial_comment') )

Changing those to check on ID too makes it all work correctly 🙂

From: https://wordpress.org/support/topic/missing-links-for-editing-deleting-editorial-comments/

rizaardiyanto1412 avatar Feb 12 '24 11:02 rizaardiyanto1412