moderate_comments
WordPress user capability “allows users to moderate comments from the Comments SubPanel (although a user needs the edit_posts Capability in order to access this)”, – oficial WordPress Codex page says.
What I can say? Do not trust your own eyes. It is not the full true. Only last part of this declaration (about “edit_posts” capability) works as described in relation to the Comments subpanel. Are you not sure? Check it yourself. Take “User Role Editor” WordPress plugin, select the “Editor” role and uncheck “moderate_comments” capability. Then login to WordPress under the user with “Editor” role and go to the “Comments” panel. Do you still see links “unapprove, edit, spam, trash” under the comments there? Thus, you still may moderate comments inspite of you have not “moderate_comments” capability.
So, the next question – what is the real power of “moderate_comments” WordPress user capability?
There are alternative ways of comments moderation and some other benefits, where “moderate_comments” capability is really required or useful. Let’s make short excursion inside WordPress and look on the base of WordPress source code, how WordPress uses “moderate_comments” user capability.
1st, if user has “moderate_comments” capability his new added comment become published at once, without moderation. As commented at WordPress code “The author and the admins get respect”. Click here to look inside the source code.
2nd, “moderate_comments” capability will help you, if you wish to moderate comments remotely using WordPress’ XML-RPC support, with which you can post to your WordPress blog using many popular Weblog Clients. But it’s not the only capability you need for that. WordPress checks if user have “moderate_comments” capability before show him comments, delete or edit comments. If user has it, WordPress checks, if user has the meta “edit_comment” capability for delete and edit operations too. Meta capability is mapped to the set of primitive capabilities. It this case “edit_comment” capability is mapped to the “edit_post” or “edit_custom_post_type” capability, where “custom_post_type” is self-defined.
3rd, Dashboard Recent Comments Widget is shown to the users with “moderate_comments” capability only.
4th, Comments aprovement via WordPress AJAX interface is available if user has “moderate_comments” capability.
5th, “Empty Spam” and “Empty Trash” buttons at “Spam” and “Trash” tabs correspondingly of Comments submenu are available if user has “moderate_comments” capability. Real comments moderation here is available with capabilities to edit posts only.
6th, Two standard WordPress roles “Administrator” and “Editor” have “moderate_comments” capability included by default.
Thus, “moderate_comments” capability is in some transitive state. It’s checked in some places, in some places isn’t, and permission to edit posts is still the key capability, which user must have in order moderate comments in WordPress without any troubles.
I got a lot of questions from “User Role Editor” WordPress plugin users:
– How to give user capability to moderate comments but do not allow him edit posts?
Answer is negative, it’s impossible with just add/turn on, remove/turn off users capabilities. It’s the current WordPress core behaviour – in order moderate comment you should have permission to edit the post to which this comment was sent.
I agree with you, dear readers, I don’t understand why WordPress requires both capabilities “edit_posts” and “moderate_comments” at once. I’m sure it’s enough to have at least one of them in order to be comments moderator. That is if you an author of this post, editor of this blog, admin or you just have “moderate_comments” capability – please moderate comments.
What do you think? Could it be a feature request for the one of next WordPress versions? Did someone send such feature request to wordpress.org?
Curious readers can look on the quotes from the WordPress source code below, where “moderate_comments” user capability is used. I found 6 files:
- /wp-includes/comments.php;
- /wp-includes/class-wp-xml-rpc-server.php;
- /wp-admin/includes/dashboard.php;
- /wp-admin/includes/admin-ajax.php
- /wp-admin/includes/class-wp-comments-list-table.php
- /wp-admin/includes/schema.php
File /wp-includes/comment.php:
function wp_allow_comment():
641 642 643 644 645 | if ( isset($userdata) && ( $user_id == $post_author || $user->has_cap('moderate_comments') ) ) { // The author and the admins get respect. $approved = 1; } else { // Everyone else's comments will be checked. |
File /wp-includes/class-wp-xml-rpc-server.php:
function wp_getComment():
992 993 | if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); |
function wp_getComments():
1066 1067 | if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) ); |
function wp_deleteComment():
1134 1135 | if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); |
1140 1141 | if ( !current_user_can( 'edit_comment', $comment_ID ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); |
function wp_editComment():
1184 1185 | if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); |
1190 1191 | if ( !current_user_can( 'edit_comment', $comment_ID ) ) return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) ); |
function wp_getCommentStatusList():
1337 1338 | if ( !current_user_can( 'moderate_comments' ) ) return new IXR_Error( 403, __( 'You are not allowed access to details about this site.' ) ); |
File wp-admin/includes/dashboard.php::
45 46 47 48 49 50 51 52 53 54 55 | // Recent Comments Widget if ( is_blog_admin() && current_user_can('moderate_comments') ) { if ( !isset( $widget_options['dashboard_recent_comments'] ) || !isset( $widget_options['dashboard_recent_comments']['items'] ) ) { $update = true; $widget_options['dashboard_recent_comments'] = array( 'items' => 5, ); } $recent_comments_title = __( 'Recent Comments' ); wp_add_dashboard_widget( 'dashboard_recent_comments', $recent_comments_title, 'wp_dashboard_recent_comments', 'wp_dashboard_recent_comments_control' ); } |
File wp-admin/includes/admin-ajax.php:
457 458 459 460 461 462 463 464 465 466 467 468 | if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) ) die('-1'); $current = wp_get_comment_status( $comment->comment_ID ); if ( $_POST['new'] == $current ) die( (string) time() ); check_ajax_referer( "approve-comment_$id" ); if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) $result = wp_set_comment_status( $comment->comment_ID, 'approve', true ); else $result = wp_set_comment_status( $comment->comment_ID, 'hold', true ); |
File /wp-admin/includes/class-wp-comments-list-table.php:
230 231 232 233 234 | if ( ( 'spam' == $comment_status || 'trash' == $comment_status ) && current_user_can( 'moderate_comments' ) ) { wp_nonce_field( 'bulk-destroy', '_destroy_nonce' ); $title = ( 'spam' == $comment_status ) ? esc_attr__( 'Empty Spam' ) : esc_attr__( 'Empty Trash' ); submit_button( $title, 'button-secondary apply', 'delete_all', false ); } |
File /wp-admin/includes/schema.php:
// Add caps for Administrator role
585 | $role->add_cap('moderate_comments'); |
// Add caps for Editor role
610 | $role->add_cap('moderate_comments'); |
File /wp-includes/capabilities.php:
function map_meta_cap( $cap, $user_id ):
1102 1103 1104 1105 1106 1107 | case 'edit_comment': $comment = get_comment( $args[0] ); $post = get_post( $comment->comment_post_ID ); $post_type_object = get_post_type_object( $post->post_type ); $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID ); |
Tags: capability, WordPress