Visibility Logic

Overview

The Private Comments plugin implements a strict filtering layer over the standard WordPress comment system. Instead of comments being public by default, the plugin evaluates the relationship between the current viewer and the comment data before rendering.

The logic ensures that discussions remain confidential between the respondent and the content stakeholders.

Permissions Matrix

Visibility is determined by three primary factors: the user's role, the user's ownership of the post, and the user's ownership of the comment.

| User Role/Relationship | Can View Own Comments | Can View Others' Comments | | :--- | :---: | :---: | | Administrator | Yes | Yes | | Post Author | Yes | Yes (on their own posts) | | Comment Author | Yes | No | | Other Logged-in Users | No | No | | Logged-out Guests | No | No |

Logic Breakdown

1. Administrative Override: Users with administrative privileges (specifically those with the manage_options capability) bypass all filters and can see every comment across the site.
2. Content Ownership: The author of a post is granted visibility into all comments left on that specific post. This allows for a private feedback loop between the reader and the creator.
3. Comment Ownership: Individual users can always see the comments they have submitted, allowing them to track their own contributions and history.
4. Implicit Restriction: If a user does not meet any of the above criteria, the comment is excluded from the query results entirely.

User Experience

The filtering logic is applied server-side before the comments are sent to the browser. This affects different areas of the WordPress interface:

Frontend Post Pages

When a visitor views a post, the comment list will only populate with items they are permitted to see. For a standard logged-in user, this typically means they will see only their own comments and any replies from the post author or admin directed at them.

Comment Count

The plugin automatically adjusts the comment count displayed on the frontend. If a post has 50 total comments but a user only has permission to see 2, the get_comments_number() function will return 2 for that specific user.

Technical Integration

The plugin hooks into the WordPress database query process to ensure privacy at the data retrieval level.

Query Filtering

The logic is primarily applied via the comments_clauses filter. This ensures that even if a third-party theme or plugin calls get_comments(), the private visibility rules are still enforced.

// Example of how the logic influences the SQL query internally:
// It appends a WHERE clause similar to:
// AND (comment_author_id = current_user_id OR post_author_id = current_user_id OR user_is_admin)

Guest Commenting

If guest commenting is enabled in your WordPress settings:

• Guests can still submit comments.
• The plugin uses cookies to track guest authors during their current session so they can view their own pending/published comments.
• Once the session/cookie expires, the guest will no longer be able to see their comment unless they are logged in with a matching email address.

Customization & Hooks

While the plugin is designed to be "plug-and-play," developers can interact with the visibility logic through standard WordPress filters. If you need to bypass visibility for a specific custom post type, you can hook into the WordPress comments_clauses with a higher priority to modify the query.