1 files changed, 12 insertions, 5 deletions

diff --git a/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-comment-endpoint.php b/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-comment-endpoint.php
index 7cef4302..d60d541f 100644
--- a/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-comment-endpoint.php
+++ b/plugins/jetpack/json-endpoints/class.wpcom-json-api-update-comment-endpoint.php
@@ -191,7 +191,7 @@ class WPCOM_JSON_API_Update_Comment_Endpoint extends WPCOM_JSON_API_Comment_Endp
 			return new WP_Error( 'unauthorized', 'User cannot create comments', 403 );
 		}
 
-		if ( ! ( comments_open( $post->ID ) || current_user_can( 'moderate_comments' ) ) ) {
+		if ( ! comments_open( $post->ID ) && ! current_user_can( 'edit_post', $post->ID ) ) {
 			return new WP_Error( 'unauthorized', 'Comments on this post are closed', 403 );
 		}
 
@@ -226,6 +226,17 @@ class WPCOM_JSON_API_Update_Comment_Endpoint extends WPCOM_JSON_API_Comment_Endp
 				if ( !isset( $user->ID ) ) {
 					$user->ID = 0;
 				}
+
+				// If we have a user with an external ID saved, we can use it.
+				if (
+					! $auth_required
+					&& $user->ID
+					&& (
+						$author = get_user_by( 'id', intval( $user->ID ) )
+					)
+				) {
+					$user = $author;
+				}
 			} else {
 				$auth_required = true;
 			}
@@ -292,10 +303,6 @@ class WPCOM_JSON_API_Update_Comment_Endpoint extends WPCOM_JSON_API_Comment_Endp
 		}
 
 		$comment_status = wp_get_comment_status( $comment->comment_ID );
-		if ( $comment_status !== $update['comment_status'] && !current_user_can( 'moderate_comments' ) ) {
-			return new WP_Error( 'unauthorized', 'User cannot moderate comments', 403 );
-		}
-
 		if ( isset( $update['comment_status'] ) ) {
 			switch ( $update['comment_status'] ) {
 				case 'approved' :