WordPress.org

Ready to get started?Download WordPress

Forums

P2 theme: Restrict author from editing another authors comment (20 posts)

  1. sennad
    Member
    Posted 4 years ago #

    Hello,

    I think this is bug or at least a feature that can't be positive for P2 (twitter like) theme.

    WordPress role "Author" has a capability to edit all comments on that author's post (inline). This function can be useful for a "standard" blog where there are a small number of authors and blog is a publishing platform.

    But, on P2 where we are building a community of "equal" authors, this capability is a problem, because every registrated user is an author (twitter like), and it is not OK for all users to be able to edit comments for all on their posts...

    If I add Facebook Connect Plugin (and it is a great feature for P2), than I have a problem because all my authors write with their real names (from Facebook), and there is possibility that users can edit words by somebody who is exposed by real name.

    It can lead to harrasment and users won't feel secure to post comments if they know that someone else can edit it (but not admin, for he is someone you trust based on his status)...

    To make this clear, Facebook Wall, Twitter would't be so popular if I could edit every comment written on my Wall...

    So, is there possibility to edit a P2 theme so that authors can only edit their own comments and not all comments...

    ! - UPDATE - Weird, author can't edit own comment on thread he didn't started...

    For my understanding, this would be best for P2

    - admin and contributor can edit all comments
    - author can edit only his comments on every post

  2. dlopeman
    Member
    Posted 4 years ago #

    wellk you must have something borked up! i set all my users as authors. I just verified that my user cannot edit another user's post.

    However, if I log in as an admin, I can edit ANYONES post. Now I kinda like that, just in case anyone decides to be freaky and I need to edit on the fly...

    You may have introduced some anomoly with the facebook thing, too.

    You can check out my site if you want to see it working "correctly" somewhere else. Just keep in mind I'm still in BETA and making a lot of changes. Various things are in flux... and broken! LOL -errr - i mean, Development... yeah --- that's what I mean....

    http://www.womendrinkingbeer.com

  3. sennad
    Member
    Posted 4 years ago #

    Thank you for feedback. I have not done anything on core wordpress files related to capabilities and roles, so it must have been Facebook Conect plugin that is responsible for this.

    I will then delete "edit" link on comments, al least to hide this option, and then find a way for users to delete own comments or at least flag them for deleting because that is better option rather than allow anyone to edit comments.

  4. hal9000
    Member
    Posted 4 years ago #

    This in ability to edit their own comments on somebody elses thread is a bug that seems to be ignored at the moment.
    I have tried all kinds of role managment and it just doesnt work for me.
    I don't know if this is going to be fixed, i mentioned it months ago (prior to the current p2 release) and was told it would be looking into by the author, but so far nothiung.
    This is fundamental to my p2 based theme and WP site.

    Authors must be able to comment on any post and must be able to edit their own posts where ever they are and if needed delete their own posts.
    Currently this isn't possible... unless i am doing something very wrong!

  5. Danstinebaugh
    Member
    Posted 4 years ago #

    I seem to be having the same issues that sennad is having, however I've just created a plain fresh install of wordpress and the latest awesome P2 theme and I too am able to edit anyone's posts when logged in as an author. It's actually what brought me to these posts. Granted I'm still logging in from the same IP, however when accessing the backend it's obvious that I'm only logged in as an author however from the main page, every post has an edit link that will allow me to edit anyone's posts.

    Being I too was planning on opening registration to the public I see this as not only a security issue but privacy as well.

    Is there a plugin that will give me finer control or is this indeed a function of the theme?

    Also as per the actually Wanting to be able to edit author's posts as referenced by Hal9000 there's a plugin for that here
    http://wordpress.org/extend/plugins/edit-comments/

  6. hal9000
    Member
    Posted 4 years ago #

    Thanks Dan, I have now looked at this but it also doesn't quite do the job - it works in the same way as wp-ajax-edit-comments
    sometime sit does and sometimes it doesnt.
    And it's also a paint to modify the p2 comments.php file

  7. Danstinebaugh
    Member
    Posted 4 years ago #

    Sorry I tried :)

    And as far as being able to edit, I just logged in using an OpenID login and it seems that because it shows as a different IP when logging in, I can no longer edit every post so it must be an IP based issue. So as far as my problem, it seems like it's alright and just something from creating 2 users locally, and editing isn't an issue.

    Great Theme! Thanks Automattic!

  8. texet
    Member
    Posted 4 years ago #

    I have the same problem (Authors are able to edit each other's COMMENTS, seemingly at random sometimes).

    I do not think this is a problem related to creating 2 users locally. I just set up a proxy user, obviously using a new IP, and he/she is able to edit comments on his own posts.

  9. dlopeman
    Member
    Posted 4 years ago #

    IP based interrogation will not be a very good way to make this stuff secured!! I'm sure it's base on your exiting IP address... Well, if you are in a network of 5000 people (my company, for instance) then everyone in that company can create a user on your system and then edit each other's posts!

    Yuk. This should be investigated further. So far, I have not been able to replicate the issue. I create ALL my users as authors... Hmmm, but haven't created ANOTHER author behind my firewall...

    I'll BRB...

  10. dlopeman
    Member
    Posted 4 years ago #

    NOPE. I'm not having the problem.

    Here's an idea. Maybe there's some correlation with the plugins you guys are using?!? How about you list your plugins and see if any of them match? Maybe one of them flips some kind of permissions switch...

    Is the users incoming IP address recorded when they sign up?? If so, Why?

  11. texet
    Member
    Posted 4 years ago #

    Doh!! Is it maybe a default behavior of WordPress that Authors are allowed to edit any comments that appear on their posts??

    (dlopeman, I think you might have been confused in post #2, where the OP was asking about an Author's ability to edit COMMENTS, not POSTS...)

    If it's a default WP behavior that Authors can edit comments on their own posts, then getting back to the OP's comment, WordPress is simply not set up, out of the box, to accommodate a "democratic" twitter-like community of equal authors (presumably what many P2 users are trying to do).

    I could not find any WordPress documentation saying what Authors are allowed to do with comments on their own posts, but in the backend of my WPMU installation, my authors have the ability to edit and delete comments that appear on their own posts.

    I will try a fresh WP install and see what Authors are allowed to do.

  12. texet
    Member
    Posted 4 years ago #

    OK, fresh install of WP, default theme:

    Authors:

    CAN edit COMMENTS on their own posts. of subscribers, anonymous commenters, or even admins.

    ---
    So to achieve this democratic ideal of twitter-like equal authors, you'd have to override the default behavior of WordPress in the prologue_comment function, somehow, such as:

    "If the logged in user is the comment author, THEN display the edit_comment_link"

    This is still a problem if you ever decide to allow access to the Dashboard, because there, Authors will still be able to edit comments on their posts.

    It's this whole Comment/Post dichotomy that is sooo Web 1.0...

  13. dlopeman
    Member
    Posted 4 years ago #

    OH - COMMENTS... Duh! let my brain core dump and reboot! Then I'll learn to READ...

    BRB - Lemme check THAT.

  14. dlopeman
    Member
    Posted 4 years ago #

    oh oh... oops! I actually REMOVED users' abilities to edit their comments!! haha. Maybe I subconsciously "fixed" it... I've bee heavily modifying P2, to include IMAGE upload!! ;)

    so brb again...

  15. texet
    Member
    Posted 4 years ago #

    here's some code that you can use in your prologue_comment function to restrict comment editing:

    <?php if ( $comment->comment_author == $current_user->user_nicename || $comment->comment_author == $current_user->user_login ) edit_comment_link( __( 'Edit' , 'p2'), ' | ',''); ?>

    again, this doesn't take care of the admin panel - users who find that will be able to edit comments. you could either insert similar code somewhere in the admin area, or use the "adminimize" plugin to hide the comments admin area from Authors.

  16. dlopeman
    Member
    Posted 4 years ago #

    I guess I won't BRB!!! I still haven't had a chance to test this...

    I'll add it to my list

  17. houseofstrauss
    Member
    Posted 4 years ago #

    The root of the problem is that P2 requires too high a level of permissions to write a post. Somehwre I installed an earlier version of this theme and hacked it to allow subscribers to post (first level of registration)

    This prevented all the hastle of admin section exposure and associated intrusions by registrered members. I am a bit surprised that this option was not incorportated into the theme options page:

    Select registration level to allow posting: (checkbox for user levels)

    Ideally we need to theme the backened also for a full integration.

    I'll see if I can find the hack and post it here, it was pretty simple, with the earlier releases.

  18. houseofstrauss
    Member
    Posted 4 years ago #

    In fact I did not hack my permissions. I used http://www.sugarrae.com/wordpress/cyc/ to customise the backend.

  19. Bartheemskerk
    Member
    Posted 4 years ago #

    Hello,

    Sorry to hack in this conversation.

    I think the P2 theme is great for my purposes. I want a blog where everyone can leave a short message. Othe users can either respond or rate this post.
    To prevent spam, I would realy like to moderate the posts before they are posted.

    Is P2 the right theme for this? Or is there another theme that suits my needs better?

  20. cotorrea
    Member
    Posted 3 years ago #

    Hi! out there; I just install p2, but I can't seem to post from my home page, [like Automatic shows on their video tutorial].

    It's there any tutorial,step by step on how to set it up [p2]!.

    My site is http://www.cotorrea.com

    Can some one help Me !.

    Oscar medina

Topic Closed

This topic has been closed to new replies.

About this Topic