<?php

namespace Sakura\Lib;

use WP_REST_Comments_Controller;
use WP_Error;
use WP_REST_Request;

class ClassWpRestCommentsController extends WP_REST_Comments_Controller
{
  /**
   * Checks if a given request has access to create a comment.
   *
   * wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
   *
   * Source: https://git.io/JcSan
   * Modify based on commit 278843f
   *
   * @since 4.7.0
   *
   * @param WP_REST_Request $request Full details about the request.
   * @return true|WP_Error True if the request has access to create items, error object otherwise.
   */
  public function create_item_permissions_check($request)
  {
    if (!is_user_logged_in()) {
      if (get_option('comment_registration')) {
        return new WP_Error(
          'rest_comment_login_required',
          __('Sorry, you must be logged in to comment.'),
          array('status' => 401)
        );
      }

      /**
       * Filters whether comments can be created via the REST API without authentication.
       *
       * Enables creating comments for anonymous users.
       *
       * @since 4.7.0
       *
       * @param bool $allow_anonymous Whether to allow anonymous comments to
       *                              be created. Default `false`.
       * @param WP_REST_Request $request Request used to generate the
       *                                 response.
       */
      // $allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request );
      $allow_anonymous = true;

      if (!$allow_anonymous) {
        return new WP_Error(
          'rest_comment_login_required',
          __('Sorry, you must be logged in to comment.'),
          array('status' => 401)
        );
      }
    }

    // Limit who can set comment `author`, `author_ip` or `status` to anything other than the default.
    if (isset($request['author']) && get_current_user_id() !== $request['author'] && !current_user_can('moderate_comments')) {
      return new WP_Error(
        'rest_comment_invalid_author',
        /* translators: %s: Request parameter. */
        sprintf(__("Sorry, you are not allowed to edit '%s' for comments."), 'author'),
        array('status' => rest_authorization_required_code())
      );
    }

    if (isset($request['author_ip']) && !current_user_can('moderate_comments')) {
      if (empty($_SERVER['REMOTE_ADDR']) || $request['author_ip'] !== $_SERVER['REMOTE_ADDR']) {
        return new WP_Error(
          'rest_comment_invalid_author_ip',
          /* translators: %s: Request parameter. */
          sprintf(__("Sorry, you are not allowed to edit '%s' for comments."), 'author_ip'),
          array('status' => rest_authorization_required_code())
        );
      }
    }

    if (isset($request['status']) && !current_user_can('moderate_comments')) {
      return new WP_Error(
        'rest_comment_invalid_status',
        /* translators: %s: Request parameter. */
        sprintf(__("Sorry, you are not allowed to edit '%s' for comments."), 'status'),
        array('status' => rest_authorization_required_code())
      );
    }

    if (empty($request['post'])) {
      return new WP_Error(
        'rest_comment_invalid_post_id',
        __('Sorry, you are not allowed to create this comment without a post.'),
        array('status' => 403)
      );
    }

    $post = get_post((int) $request['post']);

    if (!$post) {
      return new WP_Error(
        'rest_comment_invalid_post_id',
        __('Sorry, you are not allowed to create this comment without a post.'),
        array('status' => 403)
      );
    }

    if ('draft' === $post->post_status) {
      return new WP_Error(
        'rest_comment_draft_post',
        __('Sorry, you are not allowed to create a comment on this post.'),
        array('status' => 403)
      );
    }

    if ('trash' === $post->post_status) {
      return new WP_Error(
        'rest_comment_trash_post',
        __('Sorry, you are not allowed to create a comment on this post.'),
        array('status' => 403)
      );
    }

    if (!$this->check_read_post_permission($post, $request)) {
      return new WP_Error(
        'rest_cannot_read_post',
        __('Sorry, you are not allowed to read the post for this comment.'),
        array('status' => rest_authorization_required_code())
      );
    }

    if (!comments_open($post->ID)) {
      return new WP_Error(
        'rest_comment_closed',
        __('Sorry, comments are closed for this item.'),
        array('status' => 403)
      );
    }

    return true;
  }
}