XML-RPC wp.getComments should work for non-admins

[koke]

Right now, if the caller doesn't have the moderate_comments permission, the XML-RPC call returns a 401 error.

A more graceful alternative would be to return the approved comments. The user may not be able to moderate, but still should be able to read/reply

Added patch for wp.getComments and wp.getComment. If user can't moderate comments, in only returns approved comments for wp.getComments, and returns an error if comment isn't approved for wp.getComment

Second patch closer to dashboard behavior

I should have done a trac search before writing a second patch but I feel it's better ;)

Dashboard also shows unapproved comments to authors, so we check for (edit_posts OR moderate_comments) instead of just moderate_comments. The current checks for edit_comment should take care of the rest.

Also, added better error descriptions.

Nothing.

Related #19916

Have you compared this with #19916 yet?

Fixes cap checks

The patch fixes the issues in cap checks. Also added validation for post_id

Added a new patch (sorry about the wrong one). Tested with an Author user:

• wp.getComments shows every comment (as dashboard does)
• Added a new field 'can_edit' to show if the user has permission to edit/delete that specific comment. That'll allow to customize the UI for it
• Can edit/delete comments in own posts
• Can't edit/delete comments in others posts

I think this also solves #19916. Some questions about it:

• Should wp.deleteComment error be "You are not allowed to delete..." instead of moderate?
• I was going to change the error in wp.getComments to match wp.getComment, but it's a different error code (401 and 403) and could break something