mirror of
https://github.com/mashirozx/sakura.git
synced 2025-01-06 09:53:49 +08:00
142 lines
4.4 KiB
PHP
142 lines
4.4 KiB
PHP
|
<?php
|
||
|
|
||
|
namespace Sakura\Lib;
|
||
|
|
||
|
use WP_REST_Comments_Controller;
|
||
|
use WP_Error;
|
||
|
use WP_REST_Request;
|
||
|
|
||
|
class ClassWpRestCommentsController extends WP_REST_Comments_Controller
|
||
|
{
|
||
|
/**
|
||
|
* Checks if a given request has access to create a comment.
|
||
|
*
|
||
|
* wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
|
||
|
*
|
||
|
* Source: https://git.io/JcSan
|
||
|
* Modify based on commit 278843f
|
||
|
*
|
||
|
* @since 4.7.0
|
||
|
*
|
||
|
* @param WP_REST_Request $request Full details about the request.
|
||
|
* @return true|WP_Error True if the request has access to create items, error object otherwise.
|
||
|
*/
|
||
|
public function create_item_permissions_check($request)
|
||
|
{
|
||
|
if (!is_user_logged_in()) {
|
||
|
if (get_option('comment_registration')) {
|
||
|
return new WP_Error(
|
||
|
'rest_comment_login_required',
|
||
|
__('Sorry, you must be logged in to comment.'),
|
||
|
array('status' => 401)
|
||
|
);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Filters whether comments can be created via the REST API without authentication.
|
||
|
*
|
||
|
* Enables creating comments for anonymous users.
|
||
|
*
|
||
|
* @since 4.7.0
|
||
|
*
|
||
|
* @param bool $allow_anonymous Whether to allow anonymous comments to
|
||
|
* be created. Default `false`.
|
||
|
* @param WP_REST_Request $request Request used to generate the
|
||
|
* response.
|
||
|
*/
|
||
|
// $allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request );
|
||
|
$allow_anonymous = true;
|
||
|
|
||
|
if (!$allow_anonymous) {
|
||
|
return new WP_Error(
|
||
|
'rest_comment_login_required',
|
||
|
__('Sorry, you must be logged in to comment.'),
|
||
|
array('status' => 401)
|
||
|
);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Limit who can set comment `author`, `author_ip` or `status` to anything other than the default.
|
||
|
if (isset($request['author']) && get_current_user_id() !== $request['author'] && !current_user_can('moderate_comments')) {
|
||
|
return new WP_Error(
|
||
|
'rest_comment_invalid_author',
|
||
|
/* translators: %s: Request parameter. */
|
||
|
sprintf(__("Sorry, you are not allowed to edit '%s' for comments."), 'author'),
|
||
|
array('status' => rest_authorization_required_code())
|
||
|
);
|
||
|
}
|
||
|
|
||
|
if (isset($request['author_ip']) && !current_user_can('moderate_comments')) {
|
||
|
if (empty($_SERVER['REMOTE_ADDR']) || $request['author_ip'] !== $_SERVER['REMOTE_ADDR']) {
|
||
|
return new WP_Error(
|
||
|
'rest_comment_invalid_author_ip',
|
||
|
/* translators: %s: Request parameter. */
|
||
|
sprintf(__("Sorry, you are not allowed to edit '%s' for comments."), 'author_ip'),
|
||
|
array('status' => rest_authorization_required_code())
|
||
|
);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if (isset($request['status']) && !current_user_can('moderate_comments')) {
|
||
|
return new WP_Error(
|
||
|
'rest_comment_invalid_status',
|
||
|
/* translators: %s: Request parameter. */
|
||
|
sprintf(__("Sorry, you are not allowed to edit '%s' for comments."), 'status'),
|
||
|
array('status' => rest_authorization_required_code())
|
||
|
);
|
||
|
}
|
||
|
|
||
|
if (empty($request['post'])) {
|
||
|
return new WP_Error(
|
||
|
'rest_comment_invalid_post_id',
|
||
|
__('Sorry, you are not allowed to create this comment without a post.'),
|
||
|
array('status' => 403)
|
||
|
);
|
||
|
}
|
||
|
|
||
|
$post = get_post((int) $request['post']);
|
||
|
|
||
|
if (!$post) {
|
||
|
return new WP_Error(
|
||
|
'rest_comment_invalid_post_id',
|
||
|
__('Sorry, you are not allowed to create this comment without a post.'),
|
||
|
array('status' => 403)
|
||
|
);
|
||
|
}
|
||
|
|
||
|
if ('draft' === $post->post_status) {
|
||
|
return new WP_Error(
|
||
|
'rest_comment_draft_post',
|
||
|
__('Sorry, you are not allowed to create a comment on this post.'),
|
||
|
array('status' => 403)
|
||
|
);
|
||
|
}
|
||
|
|
||
|
if ('trash' === $post->post_status) {
|
||
|
return new WP_Error(
|
||
|
'rest_comment_trash_post',
|
||
|
__('Sorry, you are not allowed to create a comment on this post.'),
|
||
|
array('status' => 403)
|
||
|
);
|
||
|
}
|
||
|
|
||
|
if (!$this->check_read_post_permission($post, $request)) {
|
||
|
return new WP_Error(
|
||
|
'rest_cannot_read_post',
|
||
|
__('Sorry, you are not allowed to read the post for this comment.'),
|
||
|
array('status' => rest_authorization_required_code())
|
||
|
);
|
||
|
}
|
||
|
|
||
|
if (!comments_open($post->ID)) {
|
||
|
return new WP_Error(
|
||
|
'rest_comment_closed',
|
||
|
__('Sorry, comments are closed for this item.'),
|
||
|
array('status' => 403)
|
||
|
);
|
||
|
}
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
}
|