diff --git src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
index 0320efaae9..376959ad2a 100644
|
|
class WP_REST_Comments_Controller extends WP_REST_Controller { |
1672 | 1672 | return false; |
1673 | 1673 | } |
1674 | 1674 | |
1675 | | if ( ! current_user_can( 'moderate_comments' ) ) { |
1676 | | return false; |
| 1675 | if ( current_user_can( 'moderate_comments' ) ) { |
| 1676 | return true; |
1677 | 1677 | } |
1678 | 1678 | |
1679 | 1679 | return current_user_can( 'edit_comment', $comment->comment_ID ); |
diff --git tests/phpunit/tests/rest-api/rest-comments-controller.php tests/phpunit/tests/rest-api/rest-comments-controller.php
index d1fe7aa34a..aa77f481ab 100644
|
|
class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase |
13 | 13 | protected static $superadmin_id; |
14 | 14 | protected static $admin_id; |
15 | 15 | protected static $editor_id; |
| 16 | protected static $moderator_id; |
16 | 17 | protected static $subscriber_id; |
17 | 18 | protected static $author_id; |
18 | 19 | |
… |
… |
class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase |
27 | 28 | protected $endpoint; |
28 | 29 | |
29 | 30 | public static function wpSetUpBeforeClass( $factory ) { |
| 31 | add_role( |
| 32 | 'comment_moderator', |
| 33 | 'Comment Moderator', |
| 34 | array( |
| 35 | 'read' => true, |
| 36 | 'moderate_comments' => true, |
| 37 | ) |
| 38 | ); |
| 39 | |
30 | 40 | self::$superadmin_id = $factory->user->create( |
31 | 41 | array( |
32 | 42 | 'role' => 'administrator', |
… |
… |
class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase |
43 | 53 | 'role' => 'editor', |
44 | 54 | ) |
45 | 55 | ); |
| 56 | self::$moderator_id = $factory->user->create( |
| 57 | array( |
| 58 | 'role' => 'comment_moderator', |
| 59 | ) |
| 60 | ); |
46 | 61 | self::$subscriber_id = $factory->user->create( |
47 | 62 | array( |
48 | 63 | 'role' => 'subscriber', |
… |
… |
class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase |
98 | 113 | } |
99 | 114 | |
100 | 115 | public static function wpTearDownAfterClass() { |
| 116 | remove_role( 'comment_moderator' ); |
| 117 | |
101 | 118 | self::delete_user( self::$superadmin_id ); |
102 | 119 | self::delete_user( self::$admin_id ); |
103 | 120 | self::delete_user( self::$editor_id ); |
| 121 | self::delete_user( self::$moderator_id ); |
104 | 122 | self::delete_user( self::$subscriber_id ); |
105 | 123 | self::delete_user( self::$author_id ); |
106 | 124 | |
… |
… |
class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase |
2480 | 2498 | $this->assertErrorResponse( 'rest_cannot_edit', $response, 401 ); |
2481 | 2499 | } |
2482 | 2500 | |
| 2501 | /** |
| 2502 | * @ticket 47024 |
| 2503 | */ |
| 2504 | public function test_update_comment_when_can_moderate_comments() { |
| 2505 | wp_set_current_user( self::$moderator_id ); |
| 2506 | |
| 2507 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); |
| 2508 | $params = array( |
| 2509 | 'content' => 'Updated comment.', |
| 2510 | 'date' => '2019-10-07T23:14:25', |
| 2511 | ); |
| 2512 | $request->add_header( 'content-type', 'application/json' ); |
| 2513 | $request->set_body( wp_json_encode( $params ) ); |
| 2514 | |
| 2515 | $response = rest_get_server()->dispatch( $request ); |
| 2516 | $this->assertEquals( 200, $response->get_status() ); |
| 2517 | |
| 2518 | $comment = $response->get_data(); |
| 2519 | $updated = get_comment( self::$approved_id ); |
| 2520 | |
| 2521 | $this->assertEquals( $params['content'], $updated->comment_content ); |
| 2522 | $this->assertEquals( self::$post_id, $comment['post'] ); |
| 2523 | $this->assertEquals( '2019-10-07T23:14:25', $comment['date'] ); |
| 2524 | } |
| 2525 | |
2483 | 2526 | public function test_update_comment_private_post_invalid_permission() { |
2484 | 2527 | $private_comment_id = $this->factory->comment->create( |
2485 | 2528 | array( |