Only apply post based permissions to ‘comment’ type

adamsilverstein · adamsilverstein · commit ee5c6b58e98d · 2025-11-18T13:06:39.000-08:00
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
@@ -1890,11 +1890,7 @@ protected function check_read_post_permission( $post, $request ) {
 	 * @return bool Whether the comment can be read.
 	 */
 	protected function check_read_permission( $comment, $request ) {
-		if ( 0 === get_current_user_id() ) {
-			return false;
-		}
-
-		if ( ! empty( $comment->comment_post_ID ) ) {
+		if ( 'comment' === $comment->comment_type && ! empty( $comment->comment_post_ID ) ) {
 			$post = get_post( $comment->comment_post_ID );
 			if ( $post ) {
 				if ( $this->check_read_post_permission( $post, $request ) && 1 === (int) $comment->comment_approved ) {
@@ -1903,6 +1899,10 @@ protected function check_read_permission( $comment, $request ) {
 			}
 		}
 
+		if ( 0 === get_current_user_id() ) {
+			return false;
+		}
+
 		if ( empty( $comment->comment_post_ID ) && ! current_user_can( 'moderate_comments' ) ) {
 			return false;
 		}
