Checks if a given request has access to create a comment.
Parameters
$request
WP_REST_Requestrequired- Full details about the request.
Source
public function create_item_permissions_check( $request ) {
if ( ! is_user_logged_in() ) {
if ( get_option( 'comment_registration' ) ) {
return new WP_Error(
'rest_comment_login_required',
__( 'Sorry, you must be logged in to comment.' ),
array( 'status' => 401 )
);
}
/**
* Filters whether comments can be created via the REST API without authentication.
*
* Enables creating comments for anonymous users.
*
* @since 4.7.0
*
* @param bool $allow_anonymous Whether to allow anonymous comments to
* be created. Default `false`.
* @param WP_REST_Request $request Request used to generate the
* response.
*/
$allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request );
if ( ! $allow_anonymous ) {
return new WP_Error(
'rest_comment_login_required',
__( 'Sorry, you must be logged in to comment.' ),
array( 'status' => 401 )
);
}
}
// Limit who can set comment `author`, `author_ip` or `status` to anything other than the default.
if ( isset( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( 'moderate_comments' ) ) {
return new WP_Error(
'rest_comment_invalid_author',
/* translators: %s: Request parameter. */
sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'author' ),
array( 'status' => rest_authorization_required_code() )
);
}
if ( isset( $request['author_ip'] ) && ! current_user_can( 'moderate_comments' ) ) {
if ( empty( $_SERVER['REMOTE_ADDR'] ) || $request['author_ip'] !== $_SERVER['REMOTE_ADDR'] ) {
return new WP_Error(
'rest_comment_invalid_author_ip',
/* translators: %s: Request parameter. */
sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'author_ip' ),
array( 'status' => rest_authorization_required_code() )
);
}
}
if ( isset( $request['status'] ) && ! current_user_can( 'moderate_comments' ) ) {
return new WP_Error(
'rest_comment_invalid_status',
/* translators: %s: Request parameter. */
sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'status' ),
array( 'status' => rest_authorization_required_code() )
);
}
if ( empty( $request['post'] ) ) {
return new WP_Error(
'rest_comment_invalid_post_id',
__( 'Sorry, you are not allowed to create this comment without a post.' ),
array( 'status' => 403 )
);
}
$post = get_post( (int) $request['post'] );
if ( ! $post ) {
return new WP_Error(
'rest_comment_invalid_post_id',
__( 'Sorry, you are not allowed to create this comment without a post.' ),
array( 'status' => 403 )
);
}
if ( 'draft' === $post->post_status ) {
return new WP_Error(
'rest_comment_draft_post',
__( 'Sorry, you are not allowed to create a comment on this post.' ),
array( 'status' => 403 )
);
}
if ( 'trash' === $post->post_status ) {
return new WP_Error(
'rest_comment_trash_post',
__( 'Sorry, you are not allowed to create a comment on this post.' ),
array( 'status' => 403 )
);
}
if ( ! $this->check_read_post_permission( $post, $request ) ) {
return new WP_Error(
'rest_cannot_read_post',
__( 'Sorry, you are not allowed to read the post for this comment.' ),
array( 'status' => rest_authorization_required_code() )
);
}
if ( ! comments_open( $post->ID ) ) {
return new WP_Error(
'rest_comment_closed',
__( 'Sorry, comments are closed for this item.' ),
array( 'status' => 403 )
);
}
return true;
}
Hooks
- apply_filters( ‘rest_allow_anonymous_comments’,
bool $allow_anonymous ,WP_REST_Request $request ) Filters whether comments can be created via the REST API without authentication.
Changelog
Version | Description |
---|---|
4.7.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.