=4.2.7.4-beta= ~ add check_can_get_materials

assets/src/apps/js/frontend/material.js

@@ -16,18 +16,16 @@ export default function lpMaterialsLoad() {
 	};
 	const getResponse = async ( ele, page = 1 ) => {
 		// let itemID = 0;
-		const itemID = parseInt( ele.dataset.courseId),
+		const courseID = parseInt( ele.dataset.courseId),
 			  lessonID = parseInt( ele.dataset.itemId ),
-		      isLesson = lessonID == 0 ? 0 : 1;
+		      itemID   = lessonID == 0 ? courseID : lessonID;
 		const elementMaterial = ele.querySelector( '.course-material-table' );
 		const loadMoreBtn = document.querySelector( '.lp-loadmore-material' );
 		const elListItems = document.querySelector( '.lp-list-material' );
 		try {
 			const response = await apiFetch( {
 				path: addQueryArgs( `lp/v1/material/item-materials/${ itemID }`, {
 					page:page,
-					isLesson:isLesson,
-					lessonID:lessonID
 				} ),
 				method: 'GET',
 			} );

inc/rest-api/v1/frontend/class-lp-rest-material-controller.php

@@ -275,32 +275,8 @@ public function get_materials_by_item( WP_REST_Request $request ): LP_REST_Respo
 			if ( ! $item_id ) {
 				throw new Exception( esc_html__( 'Invalid course identifier', 'learnpress' ) );
 			}
-			$current_user    = learn_press_get_current_user();
-			$current_user_id = $current_user->get_id();
-			if ( ! $is_admin ) {
-				$is_lesson = $params['isLesson'] ?? 0;
-				$lesson_id = $params['lessonID'] ?? 0;
-				if ( $is_lesson && empty( $lesson_id ) ) {
-					throw new Exception( esc_html__( 'Invalid lesson identifier', 'learnpress' ) );
-				}
-
-				$course_id               = (int) $item_id;
-				$can_view_content_course = $current_user->can_view_content_course( $course_id );
-				$can_view                = $can_view_content_course;
-				// $can_view = false;
-				if ( $is_lesson ) {
-					$can_view = $current_user->can_view_item( absint( $lesson_id ), $can_view_content_course );
-					$item_id  = (int) $lesson_id;
-				}
-				if ( ! $can_view->flag ) {
-					$error_message = $can_view->message ?? __( 'You do not have permission to view those materials', 'learnpress' );
-					throw new Exception( $error_message );
-				}
-			} else {
-				if ( ! current_user_can( 'edit_post', $item_id ) ) {
-					throw new Exception( __( 'You do not have permission to view those materials', 'learnpress' ) );
-				}
-			}
+
+			$this->check_can_get_materials( $item_id, $is_admin );
 
 			$material_init  = LP_Material_Files_DB::getInstance();
 			$page           = absint( $params['page'] ?? 1 );
@@ -462,6 +438,41 @@ public function delete_material( $request ) {
 
 		return rest_ensure_response( $response );
 	}
+	/**
+	 * Check permission to get material by course/lesson
+	 * @param  int     $item_id  course/lesson id
+	 * @param  boolean $is_admin is wp-admin
+	 */
+	public function check_can_get_materials( int $item_id, $is_admin = false ) {
+		$current_user    = learn_press_get_current_user();
+		$current_user_id = $current_user->get_id();
+		if ( ! $is_admin ) {
+			$item_type = get_post_field( 'post_type', $item_id );
+			if ( $item_type === LP_LESSON_CPT ) {
+				$section_id = LP_Lesson_DB::getInstance()->get_section_by_lesson_id( $item_id );
+				if ( empty( $section_id ) ) {
+					throw new Exception( __( 'Cannot get section.', 'learnpress' ) );
+				}
+				$course_id = LP_Section_DB::getInstance()->get_course_id_by_section( $section_id );
+				if ( empty( $course_id ) ) {
+					throw new Exception( __( 'Cannot get course', 'learnpress' ) );
+				}
+				$can_view_content_course = $current_user->can_view_content_course( $course_id );
+				$can_view                = $current_user->can_view_item( absint( $item_id ), $can_view_content_course );
+			} else {
+				// Course
+				$can_view = $current_user->can_view_content_course( $item_id );
+			}
+			if ( ! $can_view->flag ) {
+				$error_message = $can_view->message ?? __( 'You do not have permission to view those materials', 'learnpress' );
+				throw new Exception( $error_message );
+			}
+		} else {
+			if ( ! current_user_can( 'edit_post', $item_id ) ) {
+				throw new Exception( __( 'You do not have permission to view those materials', 'learnpress' ) );
+			}
+		}
+	}
 
 	/**
 	 * Check user permission