User Roles & Permissions

User Roles & Permissions

The Private Comments plugin modifies the standard WordPress comment visibility logic to ensure discussions remain confidential between relevant parties. Access is determined by the user's relationship to the comment and the post.

Permission Matrix

The following table outlines the visibility permissions for different user roles and types:

| User Role / Type | View Own Comments | View Others' Comments (Own Post) | View All Comments (Site-wide) | | :--- | :---: | :---: | :---: | | Administrator | Yes | Yes | Yes | | Post Author | Yes | Yes | No | | Comment Author | Yes | No | No | | Other Registered Users | No | No | No | | Unauthenticated Guests | No* | No | No |

* Guests can only view comments they have submitted during their current session (based on WordPress's default cookie-based tracking for authors).

Role Definitions

Site Administrator

Administrators retain full oversight of all site activity. They can view, moderate, and reply to every comment across the entire website, regardless of who authored the post or the comment.

Post Author

A user who has authored a specific post (e.g., an Editor or Contributor) acts as the moderator for that specific thread.

• Permissions: They can see all comments left on their own posts by any user.
• Limitations: They cannot see private comments on posts authored by other users unless they are also the author of a specific comment on that post.

Comment Author

The individual who submitted the comment (whether logged in or a guest).

• Permissions: They can always see the content of their own submitted comments.
• Limitations: They are restricted from seeing comments made by other users on the same post, effectively creating a 1-to-1 communication channel with the Post Author and Administrators.

General Public / Other Users

Any user who is neither the Administrator, the Post Author, nor the author of a specific comment.

• Limitations: The comment section will appear empty or will only display the user's own contributions. Comments from third parties are filtered out of the loop entirely.

Usage Example: Frontend Filtering

The plugin automatically hooks into the WordPress comment query. No manual configuration is required. When a user views a post, the system performs a permission check similar to the following logic:

// Internal logic representation (simplified)
if ( $current_user_is_admin || $current_user_is_post_author || $current_user_is_comment_author ) {
    // Display the comment
} else {
    // Hide the comment from the UI
}

This ensures that even if a direct URL to a comment is known, the content remains hidden from unauthorized users.