373 | 373 | } |
374 | 374 | |
375 | 375 | // Limit who can set comment `author`, `karma` or `status` to anything other than the default. |
376 | 376 | if ( isset( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( 'moderate_comments' ) ) { |
377 | 377 | return new WP_Error( 'rest_comment_invalid_author', __( 'Comment author invalid.' ), array( 'status' => rest_authorization_required_code() ) ); |
378 | 378 | } |
379 | 379 | |
380 | 380 | if ( isset( $request['karma'] ) && $request['karma'] > 0 && ! current_user_can( 'moderate_comments' ) ) { |
381 | 381 | return new WP_Error( 'rest_comment_invalid_karma', __( 'Sorry, you are not allowed to set karma for comments.' ), array( 'status' => rest_authorization_required_code() ) ); |
382 | 382 | } |
383 | 383 | |
384 | 384 | if ( isset( $request['status'] ) && ! current_user_can( 'moderate_comments' ) ) { |
385 | 385 | return new WP_Error( 'rest_comment_invalid_status', __( 'Sorry, you are not allowed to set status for comments.' ), array( 'status' => rest_authorization_required_code() ) ); |
386 | 386 | } |
387 | 387 | |
393 | 399 | if ( 'draft' === $post->post_status ) { |
394 | 400 | return new WP_Error( 'rest_comment_draft_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); |
395 | 401 | } |
396 | 402 | |
397 | 403 | if ( 'trash' === $post->post_status ) { |
398 | 404 | return new WP_Error( 'rest_comment_trash_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); |
399 | 405 | } |
400 | 406 | |
401 | 407 | if ( ! $this->check_read_post_permission( $post ) ) { |
402 | 408 | return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); |
403 | 409 | } |
404 | 410 | |
405 | 411 | if ( ! comments_open( $post->ID ) ) { |
406 | 412 | return new WP_Error( 'rest_comment_closed', __( 'Sorry, comments are closed on this post.' ), array( 'status' => 403 ) ); |
407 | 413 | } |