373 | 373 | } |
374 | 374 | |
375 | 375 | // Limit who can set comment `author`, `karma` or `status` to anything other than the default. |
376 | 376 | if ( isset( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( 'moderate_comments' ) ) { |
377 | 377 | return new WP_Error( 'rest_comment_invalid_author', __( 'Comment author invalid.' ), array( 'status' => rest_authorization_required_code() ) ); |
378 | 378 | } |
379 | 379 | |
380 | 380 | if ( isset( $request['karma'] ) && $request['karma'] > 0 && ! current_user_can( 'moderate_comments' ) ) { |
381 | 381 | return new WP_Error( 'rest_comment_invalid_karma', __( 'Sorry, you are not allowed to set karma for comments.' ), array( 'status' => rest_authorization_required_code() ) ); |
382 | 382 | } |
383 | 383 | |
384 | 384 | if ( isset( $request['status'] ) && ! current_user_can( 'moderate_comments' ) ) { |
385 | 385 | return new WP_Error( 'rest_comment_invalid_status', __( 'Sorry, you are not allowed to set status for comments.' ), array( 'status' => rest_authorization_required_code() ) ); |
386 | 386 | } |
387 | 387 | |
389 | 389 | return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => rest_authorization_required_code() ) ); |
390 | 390 | } |
391 | 391 | |
392 | 392 | if ( ! empty( $request['post'] ) && $post = get_post( (int) $request['post'] ) ) { |
393 | 393 | if ( 'draft' === $post->post_status ) { |
394 | 394 | return new WP_Error( 'rest_comment_draft_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); |
395 | 395 | } |
396 | 396 | |
397 | 397 | if ( 'trash' === $post->post_status ) { |
398 | 398 | return new WP_Error( 'rest_comment_trash_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); |
399 | 399 | } |
400 | 400 | |
401 | 401 | if ( ! $this->check_read_post_permission( $post ) ) { |
402 | 402 | return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); |
403 | 403 | } |