109 | 109 | $post = get_post( $post_id ); |
110 | 110 | |
111 | 111 | if ( ! empty( $post_id ) && $post && ! $this->check_read_post_permission( $post ) ) { |
112 | 112 | return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); |
113 | 113 | } elseif ( 0 === $post_id && ! current_user_can( 'moderate_comments' ) ) { |
114 | 114 | return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to read comments without a post.' ), array( 'status' => rest_authorization_required_code() ) ); |
115 | 115 | } |
116 | 116 | } |
117 | 117 | } |
118 | 118 | |
119 | 119 | if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) { |
120 | 120 | return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to view comments with edit context.' ), array( 'status' => rest_authorization_required_code() ) ); |
121 | 121 | } |
122 | 122 | |
123 | 123 | if ( ! current_user_can( 'edit_posts' ) ) { |
125 | 125 | $forbidden_params = array(); |
126 | 126 | |
127 | 127 | foreach ( $protected_params as $param ) { |
128 | 128 | if ( 'status' === $param ) { |
129 | 129 | if ( 'approve' !== $request[ $param ] ) { |
130 | 130 | $forbidden_params[] = $param; |
131 | 131 | } |
132 | 132 | } elseif ( 'type' === $param ) { |
133 | 133 | if ( 'comment' !== $request[ $param ] ) { |
134 | 134 | $forbidden_params[] = $param; |
135 | 135 | } |
136 | 136 | } elseif ( ! empty( $request[ $param ] ) ) { |
137 | 137 | $forbidden_params[] = $param; |
138 | 138 | } |
139 | 139 | } |
160 | 160 | // Retrieve the list of registered collection query parameters. |
161 | 161 | $registered = $this->get_collection_params(); |
162 | 162 | |
163 | 163 | /* |
164 | 164 | * This array defines mappings between public API query parameters whose |
165 | 165 | * values are accepted as-passed, and their internal WP_Query parameter |
166 | 166 | * name equivalents (some are the same). Only values which are also |
167 | 167 | * present in $registered will be set. |
168 | 168 | */ |
169 | 169 | $parameter_mappings = array( |
170 | 170 | 'author' => 'author__in', |
171 | 171 | 'author_email' => 'author_email', |
172 | 172 | 'author_exclude' => 'author__not_in', |
173 | 173 | 'exclude' => 'comment__not_in', |
174 | 174 | 'include' => 'comment__in', |
176 | 175 | 'offset' => 'offset', |
177 | 176 | 'order' => 'order', |
178 | 177 | 'parent' => 'parent__in', |
179 | 178 | 'parent_exclude' => 'parent__not_in', |
180 | 179 | 'per_page' => 'number', |
181 | 180 | 'post' => 'post__in', |
182 | 181 | 'search' => 'search', |
183 | 182 | 'status' => 'status', |
184 | 183 | 'type' => 'type', |
185 | 184 | ); |
186 | 185 | |
187 | 186 | $prepared_args = array(); |
188 | 187 | |
189 | 188 | /* |
190 | 189 | * For each known parameter which is both registered and present in the request, |
191 | 190 | * set the parameter's value on the query $prepared_args. |
192 | 191 | */ |
193 | 192 | foreach ( $parameter_mappings as $api_param => $wp_param ) { |
194 | 193 | if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) { |
195 | 194 | $prepared_args[ $wp_param ] = $request[ $api_param ]; |
196 | 195 | } |
197 | 196 | } |
198 | 197 | |
199 | 198 | // Ensure certain parameter values default to empty strings. |
201 | 200 | if ( ! isset( $prepared_args[ $param ] ) ) { |
202 | 201 | $prepared_args[ $param ] = ''; |
203 | 202 | } |
204 | 203 | } |
205 | 204 | |
206 | 205 | if ( isset( $registered['orderby'] ) ) { |
207 | 206 | $prepared_args['orderby'] = $this->normalize_query_param( $request['orderby'] ); |
208 | 207 | } |
209 | 208 | |
210 | 209 | $prepared_args['no_found_rows'] = false; |
211 | 210 | |
212 | 211 | $prepared_args['date_query'] = array(); |
213 | 212 | |
214 | 213 | // Set before into date query. Date query must be specified as an array of an array. |
215 | 214 | if ( isset( $registered['before'], $request['before'] ) ) { |
360 | 359 | /** |
361 | 360 | * Checks if a given request has access to create a comment. |
362 | 361 | * |
363 | 362 | * @since 4.7.0 |
364 | 363 | * @access public |
365 | 364 | * |
366 | 365 | * @param WP_REST_Request $request Full details about the request. |
367 | 366 | * @return WP_Error|bool True if the request has access to create items, error object otherwise. |
368 | 367 | */ |
369 | 368 | public function create_item_permissions_check( $request ) { |
370 | 369 | |
371 | 370 | if ( ! is_user_logged_in() && get_option( 'comment_registration' ) ) { |
372 | 371 | return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) ); |
373 | 372 | } |
374 | 373 | |
384 | 379 | if ( isset( $request['status'] ) && ! current_user_can( 'moderate_comments' ) ) { |
385 | 380 | return new WP_Error( 'rest_comment_invalid_status', __( 'Sorry, you are not allowed to set status for comments.' ), array( 'status' => rest_authorization_required_code() ) ); |
386 | 381 | } |
387 | 382 | |
388 | 383 | if ( empty( $request['post'] ) && ! current_user_can( 'moderate_comments' ) ) { |
389 | 384 | return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => rest_authorization_required_code() ) ); |
390 | 385 | } |
391 | 386 | |
392 | 387 | if ( ! empty( $request['post'] ) && $post = get_post( (int) $request['post'] ) ) { |
393 | 388 | if ( 'draft' === $post->post_status ) { |
394 | 389 | return new WP_Error( 'rest_comment_draft_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); |
395 | 390 | } |
396 | 391 | |
397 | 392 | if ( 'trash' === $post->post_status ) { |
398 | 393 | return new WP_Error( 'rest_comment_trash_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); |
797 | 792 | 'post' => (int) $comment->comment_post_ID, |
798 | 793 | 'parent' => (int) $comment->comment_parent, |
799 | 794 | 'author' => (int) $comment->user_id, |
800 | 795 | 'author_name' => $comment->comment_author, |
801 | 796 | 'author_email' => $comment->comment_author_email, |
802 | 797 | 'author_url' => $comment->comment_author_url, |
803 | 798 | 'author_ip' => $comment->comment_author_IP, |
804 | 799 | 'author_user_agent' => $comment->comment_agent, |
805 | 800 | 'date' => mysql_to_rfc3339( $comment->comment_date ), |
806 | 801 | 'date_gmt' => mysql_to_rfc3339( $comment->comment_date_gmt ), |
807 | 802 | 'content' => array( |
808 | 803 | /** This filter is documented in wp-includes/comment-template.php */ |
809 | 804 | 'rendered' => apply_filters( 'comment_text', $comment->comment_content, $comment ), |
810 | 805 | 'raw' => $comment->comment_content, |
811 | 806 | ), |
813 | 807 | 'link' => get_comment_link( $comment ), |
814 | 808 | 'status' => $this->prepare_status_response( $comment->comment_approved ), |
815 | 809 | 'type' => get_comment_type( $comment->comment_ID ), |
816 | 810 | ); |
817 | 811 | |
818 | 812 | $schema = $this->get_item_schema(); |
819 | 813 | |
820 | 814 | if ( ! empty( $schema['properties']['author_avatar_urls'] ) ) { |
821 | 815 | $data['author_avatar_urls'] = rest_get_avatar_urls( $comment->comment_author_email ); |
822 | 816 | } |
823 | 817 | |
824 | 818 | if ( ! empty( $schema['properties']['meta'] ) ) { |
825 | 819 | $data['meta'] = $this->meta->get_value( $comment->comment_ID, $request ); |
826 | 820 | } |
827 | 821 | |
1057 | 1047 | if ( ! empty( $request['date'] ) ) { |
1058 | 1048 | $date_data = rest_get_date_with_gmt( $request['date'] ); |
1059 | 1049 | |
1060 | 1050 | if ( ! empty( $date_data ) ) { |
1061 | 1051 | list( $prepared_comment['comment_date'], $prepared_comment['comment_date_gmt'] ) = $date_data; |
1062 | 1052 | } |
1063 | 1053 | } elseif ( ! empty( $request['date_gmt'] ) ) { |
1064 | 1054 | $date_data = rest_get_date_with_gmt( $request['date_gmt'], true ); |
1065 | 1055 | |
1066 | 1056 | if ( ! empty( $date_data ) ) { |
1067 | 1057 | list( $prepared_comment['comment_date'], $prepared_comment['comment_date_gmt'] ) = $date_data; |
1068 | 1058 | } |
1069 | 1059 | } |
1070 | 1060 | |
1071 | 1061 | /** |
1182 | 1167 | 'link' => array( |
1183 | 1168 | 'description' => __( 'URL to the object.' ), |
1184 | 1169 | 'type' => 'string', |
1185 | 1170 | 'format' => 'uri', |
1186 | 1171 | 'context' => array( 'view', 'edit', 'embed' ), |
1187 | 1172 | 'readonly' => true, |
1188 | 1173 | ), |
1189 | 1174 | 'parent' => array( |
1190 | 1175 | 'description' => __( 'The id for the parent of the object.' ), |
1191 | 1176 | 'type' => 'integer', |
1192 | 1177 | 'context' => array( 'view', 'edit', 'embed' ), |
1193 | 1178 | 'default' => 0, |
1194 | 1179 | ), |
1195 | 1180 | 'post' => array( |
1196 | 1181 | 'description' => __( 'The id of the associated post object.' ), |