WordPress MU

I am using wpmu 2.8.4a and the Menus plugin to hide the dashboard menus from our site users (no blog ownership).

I have no options checked in Menus with the intent of leaving just the profile area viewable for users. However, in every role other than Admin, new users can still see the "Comments" tab. When I go in as a user given Admin rights, you can't see anything but the profile. Finally, if I go in as the original site admin user, I see all of the backend (as desired).

My question is why I am seeing the comments tab when it's not checked in the Menus plugin settings, and/or why only those with the admin role see nothing but the profile page (desired).

Thx

Good description of the problem, really good. And yes I'll update the Menus plugin ASAP to fix/workaround the typo. But there is also a problem with the core behaviour of the Favorites menu, but only affecting such a case as you describe. I'll continue.

The code in the Menus plugin hides the comments menu if user can "moderate_comments" - which must have made sense to me after looking at the codex lists of roles and caps while writing the plugin way back. However, the code that adds the menu in the first place, /wp-admin/menu.php, uses "edit_posts" as the capability to draw the menu. The effect, or defect, is that Menus plugin is only hiding the menu from Admins and Editors while Authors and Contribs still see it. Not right as Authors and Contribs can do nothing but read the comments they see there anyway.

So that's the why.

Here's the fix in the Menus plugin:
Change the two occurrences of
current_user_can('moderate_comments')) {
to
current_user_can('edit_posts')) {

Digging deeper into the core, I think we've stumbled onto a "ticket" item for WP. The menu for Comments is also added to the little dropdown Favorites in the admin header, but that Comments menu is only added if user can "moderate_comments" - Admins and Editors. See /wp-admin/includes/template.php. Perhaps I was looking there when making the plugin last year. At any rate, that cap makes sense, because if user can only "edit_posts" they can't edit, approve, or delete comments anyway - so hide the menu.

So by default, the Favorites menu won't show Comments to Authors and Contribs while the sidebar Admin menu will - this is how it works without any plugins at all. Maybe that's a defect in the core, or there is reason to have two different caps to in essence display a link to the same page. I'll go search WP trac for a ticket and post there.

The argument for "edit_posts" rather than "moderate_posts" for the usual Admin menu is debated on the following ticket(and many others) and decidedly should be "edit_posts". Yet there are a slew of other tickets debating that anything related to comments needs the "moderate_comments" cap. There are further suggestions to add more caps specific for mangaging/viewing comments or redraw the whole caps/roles system. I think I'll stay out of the debate and wait for the "angry mob". Funny.

http://core.trac.wordpress.org/ticket/6907

Menu plugin updated
http://wpmudevorg.wordpress.com/project/Menus

dsader

Not sure what to make of this, but after a bit of experimenting, I've found that the scenario I described above only happens on one of my secondary blogs but works fine on the primary blog created with the wpmu install.

Here's my situation...I am using a small plugin of yours I believe that has all new users added to the primary blog as Subscribers, and a secondary blog as Authors when they sign up. This secondary blog uses the P2 theme, which requires the Author role to post from the front-end as you know. When I had users visiting their profile on this secondary blog using the P2 theme, I had the visible Comments tab for anyone but the original Admin user as described above.

However, I decided to try pointing users to their profile on the primary blog where they are Subscribers and the issue disappears. The Menus plugin works as it should as only the Admin can see the backend and the Subscribers only see their profile with no sign of the Comment tab.

Not sure how this affects your work to upgrade the plugin but thought I should pass it along just the same.

Great plugin by the way...

Thx