[wp-trac] [WordPress Trac] #12104: edit-comments.php not available to roles with proper capabilities

WordPress Trac wp-trac at lists.automattic.com
Sun Jan 31 22:25:24 UTC 2010 

#12104: edit-comments.php not available to roles with proper capabilities
--------------------------+-------------------------------------------------
 Reporter:  sillybean     |       Owner:            
     Type:  defect (bug)  |      Status:  new       
 Priority:  normal        |   Milestone:  Unassigned
Component:  General       |     Version:  3.0       
 Severity:  normal        |    Keywords:            
--------------------------+-------------------------------------------------
 I tried to create a Comment Moderator role today and realized it wouldn't
 work. My intention was to create a role for people who can't write or edit
 posts, but can keep an eye on the comment threads. I created the role like
 so:

 {{{
 #!php
 add_role('moderator', 'Moderator', array(
             'read' => 1,
             'moderate_comments' => 1,
         ));
 }}}

 ... then created a new user with that role. When I logged in as my test
 user, I realized that it was for all intents and purposes a Subscriber. I
 couldn't see any admin panels but the Dashboard, my profile, and the
 Tools. I went poking around in edit-comments.php and discovered that it's
 checking for another capability altogether:

 {{{
 #!php
 if ( !current_user_can('edit_posts') )
         wp_die(__('Cheatin’ uh?'));
 }}}

 I double-checked wp-admin/includes/menu.php and it agreed that
 'edit_posts' was the minimum capability to see this page, so I tried
 adding 'edit_posts' to my new role, and I still couldn't get there.

 Later on in edit-comments.php, when actually trashing a comment, there is
 a check for 'moderate_comments', but it's a moot point: this screen
 doesn't even show up in the admin menu, and if you navigate directly to
 it, you'll get the "You do not have sufficient permissions to access this
 page" message.

 I thought it was entirely possible I'd missed some finer point of creating
 roles, so I redid it with Justin Tadlock's excellent Members plugin, and
 that didn't work either.

 This behavior might be intentional, but if so, I'm not following the
 logic. I know roles are due for an overhaul in the next version or two.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/12104>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list