I’m trying to output a “delete comment” link on the front-end. Here’s my attempt so far:
printf(
'<a href="https://wordpress.stackexchange.com/questions/269898/%s">%s</a>',
wp_nonce_url(
admin_url( "comment.php?c=$comment_id&action=deletecomment" ),
'delete-comment_' . $comment_id
),
__( 'Delete comment', 'text-domain' )
);
I’ve added edit_comment cap to the author role. However, when I log in as an author and click on Delete comment, I get the following message on a white screen of death:
Sorry, you are not allowed to edit comments on this post.
Thank you for creating with WordPress.
Version 4.7.4
How can I output a permanently delete comment link which works?
After briefly testing, the code snippet from OP seems to work:
printf(
'<a href="https://wordpress.stackexchange.com/questions/269898/%s">%s</a>',
wp_nonce_url(
admin_url( "comment.php?c=$comment_id&action=deletecomment" ),
'delete-comment_' . $comment_id
),
esc_html__( 'Delete comment', 'text-domain' )
);
But it looks like we have to make sure that the author is only deleting comments on hir own post, otherwise it will look for the edit_others_posts and edit_published_posts primitive capabilities.
The edit_comment is not a primitive capability, so instead we have to look at the map_meta_cap() function to see what primitive capabilities it relies on. There we can see that edit_comment is a meta capability that uses:
$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
for non-orphaned comments. Then we have to look at the part where the edit_post meta capability maps to other primitive capabilities. There are few possible mappings there, e.g. to edit_others_posts and edit_published_posts primitive capabilities.
Jean Galea has written a great article on roles and capabilities, where it says:
- Primitive capabilities are assigned to user roles.
- Meta capabilities never should be assigned to a role.
