WPCOM_JSON_API_Update_Comment_Endpoint

The Jetpack by WordPress.com WPCOM JSON API Update Comment Endpoint class.

Defined (1)

The class is defined in the following location(s).

/json-endpoints/class.wpcom-json-api-update-comment-endpoint.php  
  1. class WPCOM_JSON_API_Update_Comment_Endpoint extends WPCOM_JSON_API_Comment_Endpoint { 
  2. function __construct( $args ) { 
  3. parent::__construct( $args ); 
  4. if ( $this->api->ends_with( $this->path, '/delete' ) ) { 
  5. $this->comment_object_format['status']['deleted'] = 'The comment has been deleted permanently.'; 
  6.  
  7. // /sites/%s/posts/%d/replies/new -> $blog_id, $post_id 
  8. // /sites/%s/comments/%d/replies/new -> $blog_id, $comment_id 
  9. // /sites/%s/comments/%d -> $blog_id, $comment_id 
  10. // /sites/%s/comments/%d/delete -> $blog_id, $comment_id 
  11. function callback( $path = '', $blog_id = 0, $object_id = 0 ) { 
  12. if ( $this->api->ends_with( $path, '/new' ) ) 
  13. $blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $blog_id ), false ); 
  14. else 
  15. $blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $blog_id ) ); 
  16. if ( is_wp_error( $blog_id ) ) { 
  17. return $blog_id; 
  18.  
  19. if ( $this->api->ends_with( $path, '/delete' ) ) { 
  20. return $this->delete_comment( $path, $blog_id, $object_id ); 
  21. } elseif ( $this->api->ends_with( $path, '/new' ) ) { 
  22. if ( false !== strpos( $path, '/posts/' ) ) { 
  23. return $this->new_comment( $path, $blog_id, $object_id, 0 ); 
  24. } else { 
  25. return $this->new_comment( $path, $blog_id, 0, $object_id ); 
  26.  
  27. return $this->update_comment( $path, $blog_id, $object_id ); 
  28.  
  29. // /sites/%s/posts/%d/replies/new -> $blog_id, $post_id 
  30. // /sites/%s/comments/%d/replies/new -> $blog_id, $comment_id 
  31. function new_comment( $path, $blog_id, $post_id, $comment_parent_id ) { 
  32. if ( !$post_id ) { 
  33. $comment_parent = get_comment( $comment_parent_id ); 
  34. if ( !$comment_parent_id || !$comment_parent || is_wp_error( $comment_parent ) ) { 
  35. return new WP_Error( 'unknown_comment', 'Unknown comment', 404 ); 
  36.  
  37. $post_id = $comment_parent->comment_post_ID; 
  38.  
  39. $post = get_post( $post_id ); 
  40. if ( !$post || is_wp_error( $post ) ) { 
  41. return new WP_Error( 'unknown_post', 'Unknown post', 404 ); 
  42.  
  43. if ( 
  44. -1 == get_option( 'blog_public' ) && 
  45. /** 
  46. * Filter allowing non-registered users on the site to comment. 
  47. * @module json-api 
  48. * @since 3.4.0 
  49. * @param bool is_user_member_of_blog() Is the user member of the site. 
  50. */ 
  51. ! apply_filters( 'wpcom_json_api_user_is_member_of_blog', is_user_member_of_blog() ) && 
  52. ! is_super_admin() 
  53. ) { 
  54. return new WP_Error( 'unauthorized', 'User cannot create comments', 403 ); 
  55.  
  56. if ( !comments_open( $post->ID ) ) { 
  57. return new WP_Error( 'unauthorized', 'Comments on this post are closed', 403 ); 
  58.  
  59. $can_view = $this->user_can_view_post( $post->ID ); 
  60. if ( !$can_view || is_wp_error( $can_view ) ) { 
  61. return $can_view; 
  62.  
  63. $post_status = get_post_status_object( get_post_status( $post ) ); 
  64. if ( !$post_status->public && !$post_status->private ) { 
  65. return new WP_Error( 'unauthorized', 'Comments on drafts are not allowed', 403 ); 
  66.  
  67. $args = $this->query_args(); 
  68. $input = $this->input(); 
  69. if ( !is_array( $input ) || !$input || !strlen( $input['content'] ) ) { 
  70. return new WP_Error( 'invalid_input', 'Invalid request input', 400 ); 
  71.  
  72. $user = wp_get_current_user(); 
  73. if ( !$user || is_wp_error( $user ) || !$user->ID ) { 
  74. $auth_required = false; 
  75. if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) { 
  76. $auth_required = true; 
  77. } elseif ( isset( $this->api->token_details['user'] ) ) { 
  78. $user = (object) $this->api->token_details['user']; 
  79. foreach ( array( 'display_name', 'user_email', 'user_url' ) as $user_datum ) { 
  80. if ( !isset( $user->$user_datum ) ) { 
  81. $auth_required = true; 
  82. if ( !isset( $user->ID ) ) { 
  83. $user->ID = 0; 
  84. } else { 
  85. $auth_required = true; 
  86.  
  87. if ( $auth_required ) { 
  88. return new WP_Error( 'authorization_required', 'An active access token must be used to comment.', 403 ); 
  89.  
  90. $insert = array( 
  91. 'comment_post_ID' => $post->ID,  
  92. 'user_ID' => $user->ID,  
  93. 'comment_author' => $user->display_name,  
  94. 'comment_author_email' => $user->user_email,  
  95. 'comment_author_url' => $user->user_url,  
  96. 'comment_content' => $input['content'],  
  97. 'comment_parent' => $comment_parent_id,  
  98. 'comment_type' => '',  
  99. ); 
  100.  
  101. if ( $comment_parent_id ) { 
  102. if ( $comment_parent->comment_approved === '0' && current_user_can( 'edit_comment', $comment_parent->comment_ID ) ) { 
  103. wp_set_comment_status( $comment_parent->comment_ID, 'approve' ); 
  104.  
  105. $this->api->trap_wp_die( 'comment_failure' ); 
  106. $comment_id = wp_new_comment( add_magic_quotes( $insert ) ); 
  107. $this->api->trap_wp_die( null ); 
  108.  
  109. $return = $this->get_comment( $comment_id, $args['context'] ); 
  110. if ( !$return ) { 
  111. return new WP_Error( 400, __( 'Comment cache problem?', 'jetpack' ) ); 
  112. if ( is_wp_error( $return ) ) { 
  113. return $return; 
  114.  
  115. /** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */ 
  116. do_action( 'wpcom_json_api_objects', 'comments' ); 
  117. return $return; 
  118.  
  119. // /sites/%s/comments/%d -> $blog_id, $comment_id 
  120. function update_comment( $path, $blog_id, $comment_id ) { 
  121. $comment = get_comment( $comment_id ); 
  122. if ( !$comment || is_wp_error( $comment ) ) { 
  123. return new WP_Error( 'unknown_comment', 'Unknown comment', 404 ); 
  124.  
  125. if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) { 
  126. return new WP_Error( 'unauthorized', 'User cannot edit comment', 403 ); 
  127.  
  128. $args = $this->query_args(); 
  129. $input = $this->input( false ); 
  130. if ( !is_array( $input ) || !$input ) { 
  131. return new WP_Error( 'invalid_input', 'Invalid request input', 400 ); 
  132.  
  133. $update = array(); 
  134. foreach ( $input as $key => $value ) { 
  135. $update["comment_$key"] = $value; 
  136.  
  137. $comment_status = wp_get_comment_status( $comment->comment_ID ); 
  138. if ( $comment_status !== $update['status'] && !current_user_can( 'moderate_comments' ) ) { 
  139. return new WP_Error( 'unauthorized', 'User cannot moderate comments', 403 ); 
  140.  
  141. if ( isset( $update['comment_status'] ) ) { 
  142. if ( count( $update ) === 1 ) { 
  143. // We are only here to update the comment status so let's respond ASAP 
  144. add_action( 'wp_set_comment_status', array( $this, 'output_comment' ), 0, 1 ); 
  145. switch ( $update['comment_status'] ) { 
  146. case 'approved' : 
  147. if ( 'approve' !== $comment_status ) { 
  148. wp_set_comment_status( $comment->comment_ID, 'approve' ); 
  149. break; 
  150. case 'unapproved' : 
  151. if ( 'hold' !== $comment_status ) { 
  152. wp_set_comment_status( $comment->comment_ID, 'hold' ); 
  153. break; 
  154. case 'spam' : 
  155. if ( 'spam' !== $comment_status ) { 
  156. wp_spam_comment( $comment->comment_ID ); 
  157. break; 
  158. case 'unspam' : 
  159. if ( 'spam' === $comment_status ) { 
  160. wp_unspam_comment( $comment->comment_ID ); 
  161. break; 
  162. case 'trash' : 
  163. if ( ! EMPTY_TRASH_DAYS ) { 
  164. return new WP_Error( 'trash_disabled', 'Cannot trash comment', 403 ); 
  165.  
  166. if ( 'trash' !== $comment_status ) { 
  167. wp_trash_comment( $comment_id ); 
  168. break; 
  169. case 'untrash' : 
  170. if ( 'trash' === $comment_status ) { 
  171. wp_untrash_comment( $comment->comment_ID ); 
  172. break; 
  173. default: 
  174. $update['comment_approved'] = 1; 
  175. break; 
  176. unset( $update['comment_status'] ); 
  177.  
  178. if ( ! empty( $update ) ) { 
  179. $update['comment_ID'] = $comment->comment_ID; 
  180. wp_update_comment( add_magic_quotes( $update ) ); 
  181.  
  182. $return = $this->get_comment( $comment->comment_ID, $args['context'] ); 
  183. if ( !$return || is_wp_error( $return ) ) { 
  184. return $return; 
  185.  
  186. /** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */ 
  187. do_action( 'wpcom_json_api_objects', 'comments' ); 
  188. return $return; 
  189.  
  190. // /sites/%s/comments/%d/delete -> $blog_id, $comment_id 
  191. function delete_comment( $path, $blog_id, $comment_id ) { 
  192. $comment = get_comment( $comment_id ); 
  193. if ( !$comment || is_wp_error( $comment ) ) { 
  194. return new WP_Error( 'unknown_comment', 'Unknown comment', 404 ); 
  195.  
  196. if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) { // [sic] There is no delete_comment cap 
  197. return new WP_Error( 'unauthorized', 'User cannot delete comment', 403 ); 
  198.  
  199. $args = $this->query_args(); 
  200. $return = $this->get_comment( $comment->comment_ID, $args['context'] ); 
  201. if ( !$return || is_wp_error( $return ) ) { 
  202. return $return; 
  203.  
  204. /** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */ 
  205. do_action( 'wpcom_json_api_objects', 'comments' ); 
  206.  
  207. wp_delete_comment( $comment->comment_ID ); 
  208. $status = wp_get_comment_status( $comment->comment_ID ); 
  209. if ( false === $status ) { 
  210. $return['status'] = 'deleted'; 
  211. return $return; 
  212.  
  213. return $this->get_comment( $comment->comment_ID, $args['context'] ); 
  214.  
  215. function output_comment( $comment_id ) { 
  216. $args = $this->query_args(); 
  217. $output = $this->get_comment( $comment_id, $args['context'] ); 
  218. $this->api->output_early( 200, $output );