sakura/app/lib/class-wp-rest-comments-controller.php
2021-07-09 18:28:29 +08:00

142 lines
4.4 KiB
PHP

<?php
namespace Sakura\Lib;
use WP_REST_Comments_Controller;
use WP_Error;
use WP_REST_Request;
class ClassWpRestCommentsController extends WP_REST_Comments_Controller
{
/**
* Checks if a given request has access to create a comment.
*
* wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
*
* Source: https://git.io/JcSan
* Modify based on commit 278843f
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to create items, error object otherwise.
*/
public function create_item_permissions_check($request)
{
if (!is_user_logged_in()) {
if (get_option('comment_registration')) {
return new WP_Error(
'rest_comment_login_required',
__('Sorry, you must be logged in to comment.'),
array('status' => 401)
);
}
/**
* Filters whether comments can be created via the REST API without authentication.
*
* Enables creating comments for anonymous users.
*
* @since 4.7.0
*
* @param bool $allow_anonymous Whether to allow anonymous comments to
* be created. Default `false`.
* @param WP_REST_Request $request Request used to generate the
* response.
*/
// $allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request );
$allow_anonymous = true;
if (!$allow_anonymous) {
return new WP_Error(
'rest_comment_login_required',
__('Sorry, you must be logged in to comment.'),
array('status' => 401)
);
}
}
// Limit who can set comment `author`, `author_ip` or `status` to anything other than the default.
if (isset($request['author']) && get_current_user_id() !== $request['author'] && !current_user_can('moderate_comments')) {
return new WP_Error(
'rest_comment_invalid_author',
/* translators: %s: Request parameter. */
sprintf(__("Sorry, you are not allowed to edit '%s' for comments."), 'author'),
array('status' => rest_authorization_required_code())
);
}
if (isset($request['author_ip']) && !current_user_can('moderate_comments')) {
if (empty($_SERVER['REMOTE_ADDR']) || $request['author_ip'] !== $_SERVER['REMOTE_ADDR']) {
return new WP_Error(
'rest_comment_invalid_author_ip',
/* translators: %s: Request parameter. */
sprintf(__("Sorry, you are not allowed to edit '%s' for comments."), 'author_ip'),
array('status' => rest_authorization_required_code())
);
}
}
if (isset($request['status']) && !current_user_can('moderate_comments')) {
return new WP_Error(
'rest_comment_invalid_status',
/* translators: %s: Request parameter. */
sprintf(__("Sorry, you are not allowed to edit '%s' for comments."), 'status'),
array('status' => rest_authorization_required_code())
);
}
if (empty($request['post'])) {
return new WP_Error(
'rest_comment_invalid_post_id',
__('Sorry, you are not allowed to create this comment without a post.'),
array('status' => 403)
);
}
$post = get_post((int) $request['post']);
if (!$post) {
return new WP_Error(
'rest_comment_invalid_post_id',
__('Sorry, you are not allowed to create this comment without a post.'),
array('status' => 403)
);
}
if ('draft' === $post->post_status) {
return new WP_Error(
'rest_comment_draft_post',
__('Sorry, you are not allowed to create a comment on this post.'),
array('status' => 403)
);
}
if ('trash' === $post->post_status) {
return new WP_Error(
'rest_comment_trash_post',
__('Sorry, you are not allowed to create a comment on this post.'),
array('status' => 403)
);
}
if (!$this->check_read_post_permission($post, $request)) {
return new WP_Error(
'rest_cannot_read_post',
__('Sorry, you are not allowed to read the post for this comment.'),
array('status' => rest_authorization_required_code())
);
}
if (!comments_open($post->ID)) {
return new WP_Error(
'rest_comment_closed',
__('Sorry, comments are closed for this item.'),
array('status' => 403)
);
}
return true;
}
}