Allow post authors to moderate post comments

2023-09-18 00:23:55 +02:00 · 2023-09-18 00:23:55 +02:00 · d782ae6305
commit d782ae6305
parent 081747a6ca
6 changed files with 67 additions and 50 deletions
--- a/css/application.css
+++ b/css/application.css
--- a/css/complete.css
+++ b/css/complete.css
--- a/includes/functions/comments/_comments_moderation.php
+++ b/includes/functions/comments/_comments_moderation.php
@ -1,5 +1,46 @@
 <?php

+// =============================================================================
+// CHECK USER COMMENT MODERATION PERMISSION
+// =============================================================================
+
+/**
+ * Checks whether an user can moderate a comment
+ *
+ * @since Fictioneer 5.7.3
+ *
+ * @param WP_Comment $comment  Comment object.
+ * @param int|null   $user_id  The user ID to check permission for. Defaults to
+ *                             the current user ID.
+ *
+ * @return boolean True if the user can moderate the comment, false otherwise.
+ */
+
+function fictioneer_user_can_moderate( $comment, $user_id = null ) {
+  // Capability?
+  $user_id = $user_id ? $user_id : get_current_user_id();
+
+  if ( user_can( $user_id, 'moderate_comments' ) ) {
+    return true;
+  }
+
+  // Restricted?
+  if ( get_the_author_meta( 'fictioneer_admin_disable_post_moderation', get_current_user_id() ) ) {
+    return false;
+  }
+
+  // Post author?
+  $post = get_post( $comment->comment_post_ID );
+  $post_author_id = absint( $post->post_author );
+
+  if ( $post_author_id === get_current_user_id() ) {
+    return true;
+  }
+
+  // Nope!
+  return false;
+}
+
 // =============================================================================
 // ADD PRIVATE TYPE TO FILTER
 // =============================================================================
@ -376,42 +417,6 @@ if ( ! function_exists( 'fictioneer_get_comment_action_link' ) ) {
  }
 }

-// =============================================================================
-// CHECK USER COMMENT MODERATION PERMISSION
-// =============================================================================
-
-/**
- * Checks whether an user can moderate a comment
- *
- * @since Fictioneer 5.7.3
- *
- * @param WP_Comment $comment  Comment object.
- * @param int|null   $user_id  The user ID to check permission for. Defaults to
- *                             the current user ID.
- *
- * @return boolean True if the user can moderate the comment, false otherwise.
- */
-
-function fictioneer_user_can_moderate( $comment, $user_id = null ) {
-  // Capability?
-  $user_id = $user_id ? $user_id : get_current_user_id();
-
-  if ( user_can( $user_id, 'moderate_comments' ) ) {
-    return true;
-  }
-
-  // Post author?
-  $post = get_post( $comment->comment_post_ID );
-  $post_author_id = absint( $post->post_author );
-
-  if ( $post_author_id === get_current_user_id() ) {
-    return true;
-  }
-
-  // Nope!
-  return false;
-}
-
 // =============================================================================
 // RENDER COMMENT MODERATION MENU
 // =============================================================================
@ -428,11 +433,12 @@ if ( ! function_exists( 'fictioneer_comment_mod_menu' ) ) {
  function fictioneer_comment_mod_menu( $comment ) {
    // Setup
    $comment_id = $comment->comment_ID;
+    $user_can_moderate = fictioneer_user_can_moderate( $comment );

    // Abort conditions...
    if (
      ! current_user_can( 'moderate_comments' ) &&
-      // TODO: ! fictioneer_user_can_moderate( $comment ) &&
+      ! $user_can_moderate &&
      ! get_option( 'fictioneer_enable_public_cache_compatibility' )
    ) {
      return;
@ -529,10 +535,6 @@ function fictioneer_ajax_moderate_comment() {
    wp_send_json_error( array( 'error' => __( 'Request did not pass validation.', 'fictioneer' ) ) );
  }

-  if ( ! current_user_can( 'moderate_comments' ) ) {
-    wp_send_json_error( array( 'error' => __( 'Permission denied!', 'fictioneer' ) ) );
-  }
-
  $comment_id = isset( $_POST['id'] ) ? fictioneer_validate_id( $_POST['id'] ) : false;

  if ( empty( $_POST['operation'] ) || ! $comment_id ) {
@ -551,6 +553,15 @@ function fictioneer_ajax_moderate_comment() {
    wp_send_json_error( array( 'error' => __( 'Comment not found in database.', 'fictioneer' ) ) );
  }

+  // Capabilities?
+  if ( ! fictioneer_user_can_moderate( $comment ) ) {
+    wp_send_json_error( array( 'error' => __( 'Permission denied!', 'fictioneer' ) ) );
+  }
+
+  if ( $operation === 'trash' &&  ! current_user_can( 'moderate_comments' ) ) {
+    wp_send_json_error( array( 'error' => __( 'Permission denied!', 'fictioneer' ) ) );
+  }
+
  // Process and update
  $result = false;

--- a/js/comments.min.js
+++ b/js/comments.min.js
--- a/src/js/comments.js
+++ b/src/js/comments.js
@ -1,12 +1,12 @@
 // =============================================================================
-// CHECK IF USER IS POST AUTHOR (TODO)
+// CHECK IF USER IS POST AUTHOR
 // =============================================================================

-// document.addEventListener('fcnUserDataReady', () => {
-//   if (fcn_getUserData().fingerprint == fcn_theRoot.dataset.authorFingerprint) {
-//     fcn_theBody.classList.add('is-post-author');
-//   }
-// });
+document.addEventListener('fcnUserDataReady', () => {
+  if (fcn_getUserData().fingerprint == fcn_theRoot.dataset.authorFingerprint) {
+    fcn_theBody.classList.add('is-post-author');
+  }
+});

 // =============================================================================
 // THEME COMMENTS JS TRAP
--- a/src/scss/common/_utility.scss
+++ b/src/scss/common/_utility.scss
@ -35,6 +35,12 @@ body:not(.is-moderator):not(.is-admin):not(.is-post-author) {
  }
 }

+body:not(.is-moderator):not(.is-admin) {
+  :is(.comment-edit-link, .button-ajax-moderate-comment[data-action="trash"]) {
+    display: none;
+  }
+}
+
 body:not(.is-author):not(.is-admin) {
  .only-authors {
    display: none;