Plugin Architecture

Plugin Architecture

The Private Comments plugin is designed as a lightweight, filter-based extension for the WordPress Comment API. It operates by intercepting comment queries at the database level, ensuring that privacy restrictions are applied globally across the WordPress site without requiring modifications to theme templates.

Core Hook Integration

The plugin integrates with WordPress by hooking into the comments_clauses filter. This allows the plugin to modify the SQL query segments before they are executed by WP_Comment_Query.

Filter: comments_clauses

This is the primary architectural component that enforces data isolation.

• Role: Internal logic modifies the WHERE clause of the comment query.
• Input: (array) $clauses – An associative array of query segments (JOIN, WHERE, GROUPBY, etc.).
• Output: (array) The modified clauses containing the privacy logic.
• Effect: It injects a conditional check that validates the current user's ID against the user_id of the comment, the post_author of the parent post, or checks for administrative capabilities (manage_options).

Access Control Logic

The architecture follows a "Least Privilege" model for comment visibility. Visibility is granted based on the following hierarchy:

| Entity | Access Level | | :--- | :--- | | Administrator | Global visibility of all comments. | | Post Author | Visibility of all comments submitted to their specific posts. | | Comment Author | Visibility of their own comments only. | | Unauthenticated/Subscriber | No visibility of comments unless they are the author of a specific comment. |

Component Structure

The plugin follows a standard, flat directory structure for ease of integration and minimal overhead:

wp-private-comments/
├── wp-private-comments.php   # Main entry point and hook registrations.
├── README.md                 # Technical documentation and usage guides.
└── LICENSE.txt               # GPLv2 legal definitions.

Developer Usage & Compatibility

Because the plugin modifies the WP_Comment_Query globally, it is compatible with most standard WordPress functions. Developers do not need to implement custom logic to fetch private comments.

Example: Standard Comment Retrieval The following code, when used in a theme or another plugin, will automatically respect the privacy filters defined by this plugin:

// Standard query - results will be filtered based on the current logged-in user
$comments = get_comments( array(
    'post_id' => get_the_ID(),
    'status'  => 'approve',
) );

foreach ( $comments as $comment ) {
    echo $comment->comment_content;
}

Limitations & Internal Scope

While the plugin handles the data layer via comments_clauses, it does not modify the wp_count_comments() output by default. This ensures that the underlying database statistics remain accurate for administrative auditing, while the actual comment content remains hidden from unauthorized users in the front-end loop.