Merge pull request #2676 from themeum/validation_fixes

Added backend validation for student activities in course

Author: shewa12

assets/src/js/front/course/_wishlist.js

@@ -30,7 +30,9 @@ window.jQuery(document).ready(($) => {
 						$that.blur();
 					}
 				} else {
-					tutor_toast(__('Error', 'tutor-pro'), data?.data?.message ?? 'Something went wrong!!', 'error');
+					if ( data?.data?.message ) {
+						tutor_toast(__('Error', 'tutor-pro'), data?.data?.message, 'error');
+					}
 					$('.tutor-login-modal').addClass('tutor-is-active');
 					$that.blur();
 				}

assets/src/js/front/pages/course-landing.js

@@ -30,12 +30,13 @@ window.jQuery(document).ready(($) => {
                                 button.prop('disabled', true).addClass('is-loading');
                             },
                             success: function (response) {
-                                if (response.success) {
+                                if (response.status_code === 200 ) {
                                     window.location.assign(response.data.redirect_to);
-                                } else {
-                                    alert((response.data || {}).message || __('Something went wrong', 'tutor'));
                                 }
                             },
+                            error: function(response) {
+                                tutor_toast(__( 'Error', 'tutor' ),(response.responseJSON || {}).message ||__('Something went wrong', 'tutor'));
+                            },
                             complete: function () {
                                 button.prop('disabled', false).removeClass('is-loading');
                             }

assets/src/js/frontend/learning-area/common.ts

@@ -3,6 +3,7 @@ import { wpAjaxInstance } from '@TutorShared/utils/api';
 import endpoints from '@TutorShared/utils/endpoints';
 import { convertToErrorMessage } from '@TutorShared/utils/util';
 import { __ } from '@wordpress/i18n';
+import { type AxiosError } from 'axios';
 
 interface CourseCompletePayload {
   course_id: number;
@@ -32,8 +33,11 @@ export const courseCompleteHandler = () => {
           modal.closeModal('tutor-course-complete-modal');
           window.location.reload();
         },
-        onError: (error: Error) => {
+        onError: (error: AxiosError) => {
           toast.error(convertToErrorMessage(error));
+          if (!error || !error.response || !error.response.data) {
+            window.location.reload();
+          }
         },
       });
 

assets/src/js/frontend/learning-area/sidebar.ts

@@ -8,6 +8,7 @@ import { type MutationState } from '@Core/ts/services/Query';
 import { wpAjaxInstance } from '@TutorShared/utils/api';
 import endpoints from '@TutorShared/utils/endpoints';
 import { convertToErrorMessage } from '@TutorShared/utils/util';
+import { type AxiosError } from 'axios';
 
 interface ResetProgressPayload {
   course_id: number;
@@ -57,8 +58,11 @@ export const sidebarComponent = ({
               window.location.href = response.data.redirect_to;
             }
           },
-          onError: (error) => {
+          onError: (error: AxiosError) => {
             toast.error(convertToErrorMessage(error));
+            if (!error || !error.response || !error.response.data) {
+              window.location.reload();
+            }
           },
         },
       );

classes/Course.php

@@ -23,6 +23,7 @@
 use Tutor\Helpers\HttpHelper;
 use Tutor\Models\CourseModel;
 use Tutor\Ecommerce\Ecommerce;
+use Tutor\Helpers\DateTimeHelper;
 use Tutor\Traits\JsonResponse;
 use Tutor\Helpers\ValidationHelper;
 use Tutor\Models\EnrollmentModel;
@@ -3079,15 +3080,22 @@ public function delete_associated_enrollment( $post_id ) {
 	 */
 	public function tutor_reset_course_progress() {
 		tutor_utils()->checking_nonce();
-		$course_id = Input::post( 'course_id', 0, Input::TYPE_INT );
+		$course_id             = Input::post( 'course_id', 0, Input::TYPE_INT );
+		$course_reset_progress = tutor_utils()->get_option( 'course_reset_progress', false );
+		$course_retake_feature = tutor_utils()->get_option( 'course_retake_feature', false );
+
+		if ( ! $course_reset_progress || ! $course_retake_feature ) {
+			$this->response_bad_request( __( 'You are not allowed to reset course progress.', 'tutor' ) );
+			return;
+		}
 
 		if ( ! $course_id || ! is_numeric( $course_id ) || ! EnrollmentModel::is_enrolled( $course_id ) ) {
-			wp_send_json_error( array( 'message' => __( 'Invalid Course ID or Access Denied.', 'tutor' ) ) );
+			$this->response_bad_request( __( 'Invalid Course ID or Access Denied.', 'tutor' ) );
 			return;
 		}
 
 		tutor_utils()->delete_course_progress( $course_id );
-		wp_send_json_success( array( 'redirect_to' => tutor_utils()->get_course_first_lesson( $course_id ) ) );
+		$this->json_response( '', array( 'redirect_to' => tutor_utils()->get_course_first_lesson( $course_id ) ) );
 	}
 
 	/**

ecommerce/CartController.php

@@ -231,6 +231,15 @@ public function add_course_to_cart() {
 			);
 		}
 
+		$can_buy = apply_filters( 'tutor_allow_course_enrollment', true, $course_id );
+		if ( ! $can_buy ) {
+			$this->json_response(
+				__( 'Failed to add to cart.', 'tutor' ),
+				null,
+				HttpHelper::STATUS_BAD_REQUEST
+			);
+		}
+
 		// Check if the course already exists in the cart or not.
 		$is_course_in_user_cart = $this->model->is_course_in_user_cart( $user_id, $course_id );
 		if ( $is_course_in_user_cart ) {

ecommerce/CheckoutController.php

@@ -624,6 +624,26 @@ public function pay_now() {
 			}
 		}
 
+		if ( isset( $request['object_ids'] ) ) {
+			$course_ids = explode( ',', $request['object_ids'] );
+
+			if ( tutor_utils()->count( $course_ids ) ) {
+				foreach ( $course_ids as $course_id ) {
+					$can_buy = apply_filters( 'tutor_allow_course_enrollment', true, $course_id );
+					if ( ! $can_buy ) {
+						array_push(
+							$errors,
+							sprintf(
+							// Translators: %s course name.
+								__( ' Course %s cannot be enrolled right now.', 'tutor' )
+							),
+							get_the_title( $course_id ) ?? ''
+						);
+					}
+				}
+			}
+		}
+
 		$validate_consent = LegalConsent::validate_consent( LegalConsent::DISPLAY_ON_CHECKOUT, $_POST );
 		if ( is_wp_error( $validate_consent ) ) {
 			array_push( $errors, $validate_consent->get_error_message() );
@@ -1040,6 +1060,17 @@ public function restrict_checkout_page() {
 			return;
 		}
 
+		$course_id = Input::get( 'course_id', 0, Input::TYPE_INT );
+
+		if ( $course_id ) {
+			$can_buy    = apply_filters( 'tutor_allow_course_enrollment', true, $course_id );
+			$course_url = get_post_permalink( $course_id );
+			if ( ! $can_buy ) {
+				wp_safe_redirect( tutor_utils()->get_nocache_url( $course_url ) );
+				exit;
+			}
+		}
+
 		$cart_page_url = CartController::get_page_url();
 
 		if ( ! is_user_logged_in() && ! apply_filters( 'tutor_is_guest_checkout_enabled', false ) ) {

models/EnrollmentModel.php

@@ -72,6 +72,11 @@ public static function do_enroll( $course_id = 0, $order_id = 0, $user_id = 0, $
 			return $enrolled_id;
 		}
 
+		$can_enroll = apply_filters( 'tutor_allow_course_enrollment', true, $course_id );
+		if ( ! $can_enroll ) {
+			return $enrolled_id;
+		}
+
 		$fire_hook ? do_action( 'tutor_before_enroll', $course_id ) : null;
 		$user_id = tutor_utils()->get_user_id( $user_id );
 		$title   = __( 'Course Enrolled', 'tutor' ) . ' – ' . gmdate( get_option( 'date_format' ) ) . ' @ ' . gmdate( get_option( 'time_format' ) );