Hooks and Filters

Hooks and Filters

The Private Comments plugin integrates with WordPress core hooks to intercept comment queries at the database level. This ensures that privacy is maintained consistently across the frontend, the WordPress Admin dashboard, and the REST API.

WordPress Core Hooks Utilized

comments_clauses

This is the primary hook used to modify the comment query logic.

• Type: Filter
• Purpose: It modifies the WHERE clause of the SQL query used by WP_Comment_Query.
• Description: The plugin injects conditional logic into the SQL query to check the current user's identity. It ensures that only comments matching the comment_author_email, the user_id of the commenter, or the post_author ID are returned. Users with the manage_options capability (Administrators) bypass these restrictions.

wp_count_comments

• Type: Filter
• Purpose: Adjusts the visible comment count.
• Description: This filter ensures that the comment counts (e.g., "All (5)", "Mine (2)") displayed in the admin bar or post metadata accurately reflect the number of comments the current user is authorized to see, rather than the total number of comments in the database.

Implementation Details

Query Modification

The plugin applies its privacy logic globally. This means any standard WordPress function that retrieves comments (such as get_comments() or wp_list_comments()) will automatically inherit the privacy restrictions.

Permission Levels

The plugin checks for the following roles and relationships when determining visibility via core hooks:

1. Administrators: Granted access to all comments via the manage_options capability check.
2. Post Authors: Granted access to all comments left on posts they authored.
3. Comment Authors: Granted access only to their own comments based on their logged-in User ID or their email address (for non-registered users).

Usage in Custom Queries

If you are a developer writing custom WP_Comment_Query instances, the privacy filters are active by default. No additional parameters are required to maintain privacy.

However, if you need to bypass this plugin's privacy logic in a custom script (e.g., for an export tool), you can temporarily remove the filter before running your query:

// Disable the privacy filter for a custom query
remove_filter('comments_clauses', 'prefix_apply_private_comments_logic');

$all_comments = get_comments(['post_id' => 123]);

// Re-enable the privacy filter
add_filter('comments_clauses', 'prefix_apply_private_comments_logic');

Note: Replace prefix_apply_private_comments_logic with the specific function name used in the plugin's source code.