Most of my WordPress installs have been limited in the scope of user permissions – primarily an administrator and (as a good security measure) an editor-level account for the actual posting/management of content. So as I was working on a multi-author site this week, I had to brush up on the capabilities allowed to the different user roles in WordPress.
The Roles and Capabilities page on the WordPress Codex provides the definitive breakdown. Or at least that’s what I thought.
The problem that I ran into is that although the Codex indicates that the Author role does not have the “moderate_comments” capability, my authors were still getting moderation e-mails when comments were made to their posts. We only wanted higher-level users to handle comment moderation – the documentation indicated that what we expected is what we should have gotten.
After digging around a little, I found that the documentation is indeed correct – well, it correctly identifies the intended functionality. I’d experienced my first WordPress bug.
Ticket #16705 indicates that this is a bug and is intended to be correct in the upcoming WordPress version 3.3. Note that the original author of the ticket is pointing out the confusing wording about the comment moderation options, but what the ticket was boiled down to was the problem allowing authors to moderate comments.
The problem appears to have been around since WordPress version 3.1.
For those of you who don’t want to (or can’t) wait, like myself, the ticket provides a patch – one line of code to add to the [wordpress_root]/wp-includes/capabilities.php file. For me, the line numbers did not correspond to correct lines of code, so search for the line of code above the patch line.
I can verify that this has worked in a test standalone WordPress instance and a WPMU instance (both versions 3.2.1).