fix: downloadable product grunt and revoke access issue is fixed getd…

…okan#719
saimonh3 · Dec 24, 2019 · 4e6fe96 · 4e6fe96
1 parent d2e1414
commit 4e6fe96
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 33 deletions.
diff --git a/assets/src/js/orders.js b/assets/src/js/orders.js
@@ -132,6 +132,7 @@ jQuery(function($) {
                     product_id: product,
                     download_id: file,
                     order_id: self.data('order-id'),
+                    permission_id: self.data('permission-id'),
                     security: self.data('nonce')
                 };
 

diff --git a/classes/ajax.php b/classes/ajax.php
@@ -49,7 +49,6 @@ function init_ajax() {
         add_action( 'wp_ajax_dokan_add_shipping_tracking_info', array( $this, 'add_shipping_tracking_info' ) );
 
         add_action( 'wp_ajax_dokan_revoke_access_to_download', array( $this, 'revoke_access_to_download' ) );
-        add_action( 'wp_ajax_nopriv_dokan_revoke_access_to_download', array( $this, 'revoke_access_to_download' ) );
 
         add_action( 'wp_ajax_shop_url', array( $this, 'shop_url_check' ) );
         add_action( 'wp_ajax_nopriv_shop_url', array( $this, 'shop_url_check' ) );
@@ -232,40 +231,41 @@ function process_order() {
      * @return void
      */
     function grant_access_to_download() {
-        global $wpdb;
-
         check_ajax_referer( 'grant-access', 'security' );
 
-        $order_id       = isset( $_POST['order_id'] ) ? intval( $_POST['order_id'] ) : 0;
-        $product_ids    = isset( $_POST['product_ids'] ) ? intval( $_POST['product_ids'] ) : 0;
-        $loop           = isset( $_POST['loop'] ) ? intval( $_POST['loop'] ) : 0;
-        $file_counter   = 0;
-        $order          = wc_get_order( $order_id );
-
-        if ( ! is_array( $product_ids ) ) {
-            $product_ids = array( $product_ids );
+        if (  ! current_user_can( 'dokandar' ) || ! isset( $_POST['loop'], $_POST['order_id'], $_POST['product_ids']) ) {
+            wp_die( -1 );
         }
 
+        global $wpdb;
+
+        $wpdb->hide_errors();
+
+        $order_id     = intval( $_POST['order_id'] );
+        $product_ids  = array_filter( array_map( 'absint', (array) wp_unslash( $_POST['product_ids'] ) ) );
+        $loop         = intval( $_POST['loop'] );
+        $file_counter = 0;
+        $order        = wc_get_order( $order_id );
+
         foreach ( $product_ids as $product_id ) {
             $product = wc_get_product( $product_id );
-            $files   = $product->get_files();
+            $files   = $product->get_downloads();
 
-            if ( ! $order->billing_email ) {
-                die();
+            if ( ! $order->get_billing_email() ) {
+                wp_die();
             }
 
             if ( $files ) {
                 foreach ( $files as $download_id => $file ) {
-                    if ( $inserted_id = wc_downloadable_file_permission( $download_id, $product_id, $order ) ) {
-
-                        // insert complete - get inserted data
-                        $download = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}woocommerce_downloadable_product_permissions WHERE permission_id = %d", $inserted_id ) );
+                    $inserted_id = wc_downloadable_file_permission( $download_id, $product_id, $order );
 
+                    if ( $inserted_id ) {
+                        $download = new WC_Customer_Download( $inserted_id );
                         $loop ++;
                         $file_counter ++;
 
-                        if ( isset( $file['name'] ) ) {
-                            $file_count = $file['name'];
+                        if ( $file->get_name() ) {
+                            $file_count = $file->get_name();
                         } else {
                             $file_count = sprintf( __( 'File %d', 'dokan-lite' ), $file_counter );
                         }
@@ -276,7 +276,7 @@ function grant_access_to_download() {
             }
         }
 
-        die();
+        wp_die();
     }
 
     /**
@@ -347,24 +347,28 @@ function contact_seller() {
         wp_send_json_success( $success );
     }
 
+    /**
+     * Rovoke file download access for customer
+     *
+     * @return void
+     */
     function revoke_access_to_download() {
         check_ajax_referer( 'revoke-access', 'security' );
 
-        if ( ! current_user_can( 'dokandar' ) ) {
-            die( -1 );
+        if ( ! current_user_can( 'dokandar' ) || ! isset( $_POST['download_id'], $_POST['product_id'], $_POST['order_id'], $_POST['permission_id'] ) ) {
+            wp_die( -1 );
         }
 
-        global $wpdb;
-
-        $download_id = isset( $_POST['download_id'] ) ? intval( $_POST['download_id'] ) : 0;
-        $product_id  = isset( $_POST['product_id'] ) ? intval( $_POST['product_id'] ) : 0;
-        $order_id    = isset( $_POST['order_id'] ) ? intval( $_POST['order_id'] ) : 0;
+        $download_id   = intval( wp_unslash( $_POST['download_id'] ) );
+        $product_id    = intval( $_POST['product_id'] );
+        $order_id      = intval( $_POST['order_id'] );
+        $permission_id = absint( $_POST['permission_id'] );
 
-        $wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->prefix}woocommerce_downloadable_product_permissions WHERE order_id = %d AND product_id = %d AND download_id = %s;", $order_id, $product_id, $download_id ) );
+        $data_store = WC_Data_Store::load( 'customer-download' );
+        $data_store->delete_by_id( $permission_id );
 
-        do_action( 'woocommerce_ajax_revoke_access_to_product_download', $download_id, $product_id, $order_id );
-
-        die();
+        do_action( 'woocommerce_ajax_revoke_access_to_product_download', $download_id, $product_id, $order_id, $permission_id );
+        wp_die();
     }
 
     /**

diff --git a/templates/orders/order-download-permission-html.php b/templates/orders/order-download-permission-html.php
@@ -7,7 +7,15 @@
 			<?php echo wp_kses_post( '#' . esc_attr( absint( dokan_get_prop( $product, 'id' ) ) ) . ' &mdash; ' . apply_filters( 'woocommerce_admin_download_permissions_title', $product->get_title(), $download->product_id, $download->order_id, $download->order_key, $download->download_id ) . ' &mdash; ' . sprintf( __( 'File %d: %s', 'dokan-lite' ), $file_count, wc_get_filename_from_url( $product->get_file_download_path( $download->download_id ) ) ) ); ?>
 		</a>
 
-		<button rel="<?php echo esc_attr( absint( $download->product_id ) ) . ',' . esc_attr( $download->download_id ); ?>" class="revoke_access btn btn-danger btn-sm pull-right" data-order-id="<?php echo esc_attr( $download->order_id ); ?>" data-nonce="<?php echo esc_attr( wp_create_nonce( 'revoke-access' ) ); ?>"><?php esc_html_e( 'Revoke Access', 'dokan-lite' ); ?></button>
+		<button
+			rel="<?php echo esc_attr( absint( $download->product_id ) ) . ',' . esc_attr( $download->download_id ); ?>"
+			class="revoke_access btn btn-danger btn-sm pull-right"
+			data-order-id="<?php echo esc_attr( $download->order_id ); ?>"
+			data-permission-id="<?php echo esc_attr( $download->permission_id ); ?>"
+			data-nonce="<?php echo esc_attr( wp_create_nonce( 'revoke-access' ) ); ?>"
+		>
+			<?php esc_html_e( 'Revoke Access', 'dokan-lite' ); ?>
+		</button>
 	</div>
 
 	<div id="collapse-<?php echo esc_attr( $download->download_id ); ?>" class="panel-collapse collapse">