[wp-trac] Re: [WordPress Trac] #4353: Users with edit_posts
capability can see everyone's comments, IPs, and email addresses
WordPress Trac
wp-trac at lists.automattic.com
Mon Aug 18 21:28:12 GMT 2008
#4353: Users with edit_posts capability can see everyone's comments, IPs, and
email addresses
-------------------------------------------------------------------------------------------+
Reporter: idahofallzcom | Owner: markjaquith
Type: enhancement | Status: reopened
Priority: high | Milestone: 2.7
Component: Administration | Version: 2.7
Severity: major | Resolution:
Keywords: has-patch comments edit_posts IP email privacy subscriber author role_manager |
-------------------------------------------------------------------------------------------+
Comment (by mrmist):
Personal story aside, I'd agree about the wrong-ness of a contributor or
author being able to see any comments that aren't related to anything
other than their own entries. Once you get into editor-level then
everything is fair game, but at levels below that there should be
restrictions.
If nothing else, it makes the "view comments" screen a bit broken - if I
log in as a contributor to my test blog just now, and "manage comments", I
can see -
Four buttons at the top of the screen "Approve" "Mark as spam" "unapprove"
"delete" that shouldn't appear at all (because I can never use them).
5 Approved comments on entries that are nothing to do with the user.
5 Unapproved comments on entries that are nothing to do with the user.
As a contributor it's highly debatable whether I should have access to the
manage comments screen at all, because it's a functionally useless screen.
As an author, visibilty should surely be restricted to comments on posts
"authored by me".
--
Ticket URL: <http://trac.wordpress.org/ticket/4353#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list