Index: wp-includes/class-wp-xmlrpc-server.php
===================================================================
--- wp-includes/class-wp-xmlrpc-server.php	(revision 18397)
+++ wp-includes/class-wp-xmlrpc-server.php	(working copy)
@@ -989,14 +989,14 @@
 		if ( !$user = $this->login($username, $password) )
 			return $this->error;
 
-		if ( !current_user_can( 'moderate_comments' ) )
-			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
-
 		do_action('xmlrpc_call', 'wp.getComment');
 
 		if ( ! $comment = get_comment($comment_id) )
 			return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
 
+		if ( !current_user_can( 'moderate_comments' ) && '1' != $comment->comment_approved )
+			return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this site.' ) );
+
 		// Format page date.
 		$comment_date = mysql2date('Ymd\TH:i:s', $comment->comment_date, false);
 		$comment_date_gmt = mysql2date('Ymd\TH:i:s', $comment->comment_date_gmt, false);
@@ -1040,6 +1040,8 @@
 	 *
 	 * Accepted 'filter' keys are 'status', 'post_id', 'offset', and 'number'.
 	 *
+	 * If the user doesn't have permission to moderate comments, it returns only approved comments.
+	 *
 	 * The defaults are as follows:
 	 * - 'status' - Default is ''. Filter by status (e.g., 'approve', 'hold')
 	 * - 'post_id' - Default is ''. The post where the comment is posted. Empty string shows all comments.
@@ -1063,9 +1065,6 @@
 		if ( !$user = $this->login($username, $password) )
 			return $this->error;
 
-		if ( !current_user_can( 'moderate_comments' ) )
-			return new IXR_Error( 401, __( 'Sorry, you cannot edit comments.' ) );
-
 		do_action('xmlrpc_call', 'wp.getComments');
 
 		if ( isset($struct['status']) )
@@ -1073,6 +1072,9 @@
 		else
 			$status = '';
 
+		if ( !current_user_can( 'moderate_comments' ) )
+			$status = 'approve';
+
 		$post_id = '';
 		if ( isset($struct['post_id']) )
 			$post_id = absint($struct['post_id']);