[wp-trac] Re: [WordPress Trac] #4353: Users with edit_posts capability can see everyone's comments, IPs, and email addresses

WordPress Trac wp-trac at lists.automattic.com
Mon Aug 18 21:28:12 GMT 2008


#4353: Users with edit_posts capability can see everyone's comments, IPs, and
email addresses
-------------------------------------------------------------------------------------------+
 Reporter:  idahofallzcom                                                                  |        Owner:  markjaquith
     Type:  enhancement                                                                    |       Status:  reopened   
 Priority:  high                                                                           |    Milestone:  2.7        
Component:  Administration                                                                 |      Version:  2.7        
 Severity:  major                                                                          |   Resolution:             
 Keywords:  has-patch comments edit_posts IP email privacy subscriber author role_manager  |  
-------------------------------------------------------------------------------------------+
Comment (by mrmist):

 Personal story aside, I'd agree about the wrong-ness of a contributor or
 author being able to see any comments that aren't related to anything
 other than their own entries. Once you get into editor-level then
 everything is fair game, but at levels below that there should be
 restrictions.

 If nothing else, it makes the "view comments" screen a bit broken - if I
 log in as a contributor to my test blog just now, and "manage comments", I
 can see  -

 Four buttons at the top of the screen "Approve" "Mark as spam" "unapprove"
 "delete" that shouldn't appear at all (because I can never use them).

 5 Approved comments on entries that are nothing to do with the user.
 5 Unapproved comments on entries that are nothing to do with the user.

 As a contributor it's highly debatable whether I should have access to the
 manage comments screen at all, because it's a functionally useless screen.
 As an author, visibilty should surely be restricted to  comments on posts
 "authored by me".

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4353#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list