CVE-2023-2275: class-api-order-controller.php in wcfm-marketplace-rest-api/tags/1.5.3/includes/api – WordPress Plugin Repository

1<?php2class WCFM_REST_Order_Controller extends WCFM_REST_Controller {3/**4 * Endpoint namespace5 *6 * @var string7 */8 protected $namespace = 'wcfmmp/v1’;910 /**11 * Route name12 *13 * @var string14 */15 protected $base = 'orders’;1617 /**18 * Post type19 *20 * @var string21 */22 protected $post_type = 'shop_order’;23 24 /**25 * Post status26 */27 protected $post_status = array();2829 /**30 * Stores the request.31 * @var array32 */33 protected $request = array();3435 /**36 * Load autometically when class initiate37 *38 * @since 1.0.039 *40 * @return array41 */42 public function __construct() {43 $this->post_status = array_keys( wc_get_order_statuses() );4445// add_filter( 'woocommerce_new_order_data’, array( $this, ‘set_order_vendor_id’ ) );46// add_action( 'woocommerce_rest_insert_shop_order_object’, array( $this, ‘after_order_create’ ), 10, 2 );47 }48 49 /**50 * Register the routes for orders.51 */52 public function register_routes() {53 register_rest_route( $this->namespace, ‘/’ . $this->base, array(54 array(55 ‘methods’ => WP_REST_Server::READABLE,56 ‘callback’ => array( $this, ‘get_items’ ),57 ‘permission_callback’ => array( $this, ‘get_orders_permissions_check’ ),58 ‘args’ => $this->get_collection_params(),59 ),60 ‘schema’ => array( $this, ‘get_public_item_schema’ ),61 ) );62 63 register_rest_route( $this->namespace, ‘/’ . $this->base . '/(?P<id>[\d]+)/’, array(64 ‘args’ => array(65 ‘id’ => array(66 ‘description’ => __( 'Unique identifier for the object.’, ‘wcfm-marketplace-rest-api’ ),67 ‘type’ => 'integer’,68 )69 ),70 array(71 ‘methods’ => WP_REST_Server::READABLE,72 ‘callback’ => array( $this, ‘get_item’ ),73 ‘args’ => $this->get_collection_params(),74 ‘permission_callback’ => array( $this, ‘get_single_order_permissions_check’ ),75 ),76 array(77 ‘methods’ => WP_REST_Server::EDITABLE,78 ‘callback’ => array( $this, ‘update_order_status’ ),79 ‘args’ => array(80 ‘status’ => array(81 ‘type’ => 'string’,82 ‘description’ => __( 'Order Status’, ‘wcfm-marketplace-rest-api’ ),83 ‘required’ => true,84 ‘sanitize_callback’ => 'sanitize_text_field’,85 )86 ),87 ‘permission_callback’ => array( $this, ‘update_order_status_permissions_check’ ),88 ),89 ));9091 register_rest_route( $this->namespace, ‘/’ . $this->base . '/note/(?P<id>[\d]+)/’, array(92 ‘args’ => array(93 ‘id’ => array(94 ‘description’ => __( 'Unique identifier for the object.’, ‘wcfm-marketplace-rest-api’ ),95 ‘type’ => 'integer’,96 )97 ),98 array(99 ‘methods’ => WP_REST_Server::READABLE,100 ‘callback’ => array( $this, ‘get_order_notes’ ),101 ‘args’ => $this->get_collection_params(),102 ‘permission_callback’ => array( $this, ‘get_order_note_permissions_check’ ),103 ),104 array(105 ‘methods’ => WP_REST_Server::EDITABLE,106 ‘callback’ => array( $this, ‘add_order_note’ ), 107 ‘args’ => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 108 ‘permission_callback’ => array( $this, ‘add_order_note_permissions_check’ ),109 ),110 ));111112 register_rest_route( $this->namespace, ‘/’ . $this->base . '/shipment_tracking/’, array( 113 array(114 ‘methods’ => WP_REST_Server::EDITABLE,115 ‘callback’ => array( $this, ‘update_shipment_tracking’ ),116 ‘args’ => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),117 ‘permission_callback’ => array( $this, ‘update_shipment_tracking_permissions_check’ ),118 ),119 ));120 }121 122 /**123 * Get object.124 *125 * @since 1.0.0126 * @param int $id Object ID.127 * @return WC_Data128 */129 public function get_object( $id ) {130 if(!wc_get_order($id))131 return new WP_Error( "wcfmapi_rest_invalid_{$this->post_type}_id", sprintf( __( "Invalid ID", ‘wcfm-marketplace-rest-api’ ), __METHOD__ ), array( ‘status’ => 404 ) );132 return wc_get_order( $id );133 }134 135 136 /**137 * Checking if have any permission to view orders138 *139 * @since 1.0.0140 *141 * @return boolean142 */143 public function get_orders_permissions_check() {144 if( !is_user_logged_in() )145 return false;146 if( apply_filters( 'wcfm_is_allow_orders’, true ) )147 return true;148 return false;149 }150 151 public function update_order_status_permissions_check() {152 if( !is_user_logged_in() )153 return false;154 if( apply_filters( 'wcfm_is_allow_order_status_update’, true ) )155 return true;156 return false;157 }158 159 public function get_single_order_permissions_check() {160 if( !is_user_logged_in() )161 return false;162 if( apply_filters( 'wcfm_is_allow_order_details’, true ) )163 return true;164 return false;165 }166167 public function get_order_note_permissions_check() {168 if( !is_user_logged_in() )169 return false;170 if( apply_filters( 'wcfm_is_allow_manage_order’, true ) )171 return true;172 return false;173 }174175 public function add_order_note_permissions_check() {176 if( !is_user_logged_in() )177 return false;178 if( apply_filters( 'wcfm_is_allow_manage_order’, true ) )179 return true;180 return false;181 }182183 public function update_shipment_tracking_permissions_check() {184 if( !is_user_logged_in() )185 return false;186 if( apply_filters( 'wcfm_is_allow_manage_order’, true ) )187 return true;188 return false;189 }190 191 192 public function get_post_type_items( $request ) {193 global $WCFM;194 195 $orders = $this->get_objects_from_database($request);196 $order_return_obj = array();197 foreach ($orders as $each_order ) {198 199 if($each_order->vendor_id) {200 $order_object = $this->get_object( $each_order->order_id );201 $formated_order_data = $this->get_formatted_item_data($order_object, $each_order->vendor_id );202 $formated_order_data[‘vendor_order_details’] = $each_order;203 $order_return_obj[] = $formated_order_data;204 } else {205 $order_object = $this->get_object($each_order->ID);206 207 $order_return_obj[] = $this->get_formatted_item_data($order_object, 0 );208 }209 }210 $response = rest_ensure_response($order_return_obj);211 return apply_filters( "wcfmapi_rest_prepare_{$this->post_type}_objects", $response, $orders, $request );212 }213 214 protected function get_objects_from_database( $request ) {215 global $WCFM;216 $_POST[“controller”] = 'wcfm-orders’;217 $_POST[‘length’] = !empty($request[‘per_page’]) ? intval($request[‘per_page’]) : 10;218 $_POST[‘start’] = !empty($request[‘page’]) ? ( intval($request[‘page’]) - 1 ) * $_POST[‘length’] : 0;219// if(empty($request[‘page’])){220// $_POST[‘start’] = !empty($request[‘offset’]) ? intval($request[‘offset’]) : 0;221// }222 $_POST[‘filter_date_form’] = !empty($request[‘after’]) ? $request[‘after’] : '’;223 $_POST[‘filter_date_to’] = !empty($request[‘before’]) ? $request[‘before’] : '’;224 $_POST[‘search’][‘value’] = !empty($request[‘search’]) ? $request[‘search’] : '’; 225 $_POST[‘orderby’] = !empty($request[‘orderby’]) ? $request[‘orderby’] : '’;226 $_POST[‘order’] = !empty($request[‘order’]) ? $request[‘order’] : '’;227 $_REQUEST[‘wcfm_ajax_nonce’] = wp_create_nonce( ‘wcfm_ajax_nonce’ );228 define('WCFM_REST_API_CALL’, TRUE);229 $WCFM->init();230 $orders = $WCFM->ajax->wcfm_ajax_controller();231 return $orders;232 }233 234 235 public function get_post_type_item( $request , $id ) {236 global $WCFM;237 $order_return_obj = array();238 if( wcfm_is_vendor() ) {239 240 $is_order_for_vendor = $WCFM->wcfm_vendor_support->wcfm_is_order_for_vendor( $id );241 if( $is_order_for_vendor ) {242 $current_vendor = apply_filters( 'wcfm_current_vendor_id’, get_current_user_id() );243 $order_object = $this->get_object( $id );244 $order_return_obj = $this->get_formatted_item_data($order_object, $current_vendor );245 } else {246 return new WP_Error( "wcfmapi_rest_invalid_vendor", sprintf( __( "Invalid Vendor - Order Id do not belong to the loggedin vendor", ‘wcfm-marketplace-rest-api’ ), __METHOD__ ), array( ‘status’ => 404 ) );247 }248 249 } else {250 $order_object = $this->get_object( $id );251 $order_return_obj = $this->get_formatted_item_data($order_object, 0 );252 }253 $response = rest_ensure_response($order_return_obj);254 return apply_filters( "wcfmapi_rest_prepare_{$this->post_type}_object", $response, $order_object, $request );255 }256 257 258 protected function get_formatted_item_data( $object, $each_order_vendor_id ) {259 $data = $object->get_data();260 $order_id = $data[‘id’];261 $order_status = $data[‘status’];262 //print_r($data);die;263 $format_date = array( 'date_created’, 'date_modified’, 'date_completed’, ‘date_paid’ );264 $format_line_items = array( 'line_items’, 'tax_lines’, 'shipping_lines’, 'fee_lines’, ‘coupon_lines’ );265266 // Format date values.267 foreach ( $format_date as $key ) {268 $datetime = $data[ $key ];269 $data[ $key ] = wc_rest_prepare_date_response( $datetime, false );270 $data[ $key . ‘_gmt’ ] = wc_rest_prepare_date_response( $datetime );271 }272273 // Format state and country274 if($data[‘billing’][‘state’]) {275 $data[‘billing’][‘state’] = WC()->countries->get_states( $data[‘billing’][‘country’] )[$data[‘billing’][‘state’]];276 }277 if($data[‘shipping’][‘state’]) {278 $data[‘shipping’][‘state’] = WC()->countries->get_states( $data[‘shipping’][‘country’] )[$data[‘shipping’][‘state’]];279 }280281 // Add Commission Head282 $data[‘commission_head’] = $this->wcfmmp_line_item_commission_head($object, $each_order_vendor_id);283284 // Add Delivery datetime & location285 $data[‘user_delivery_location’] = $object->get_meta('_wcfmmp_user_location’, true);286 $wcfmd_delvery_times = $object->get_meta('_wcfmd_delvery_times’, true);287 if( !empty( $wcfmd_delvery_times ) ) {288 $data[‘user_delivery_time’] = date('Y-m-d H:i:s’, $wcfmd_delvery_times[$each_order_vendor_id]);289 } 290 291 // Format line items.292 293 foreach ( $format_line_items as $key ) {294 if( $each_order_vendor_id ) {295 $line_item_datas = array_values( array_map( array( $this, ‘get_order_item_data’ ), $data[ $key ] ) );296 $line_item_datas_final = array();297 //print_r($line_item_datas);298 if($key == ‘line_items’) {299 //print_r($line_item_datas);300 foreach( $line_item_datas as $item_key => $line_item ) {301 $order_item_product = new WC_Order_Item_Product($line_item[‘id’]);302 $order_product_vendor_id = $order_item_product->get_meta('_vendor_id’, true);303 if( $order_product_vendor_id && $order_product_vendor_id == $each_order_vendor_id ) {304305 // Add Store Name306 if( $this->is_vendor_sold_by( absint($order_product_vendor_id) ) ) {307308 $shop_name = wcfm_get_vendor_store_name( absint($order_product_vendor_id) );309310 $line_item[‘store_name’] = $shop_name;311312 }313 // Add Commission Value314 $line_item[‘commission_value’] = $this->wcfmmp_line_item_commission($order_item_product, $object, $order_product_vendor_id);315316 $line_item_datas_final[] = $line_item;317 }318 // $line_item_datas_final[] = $line_item;319 } 320 } 321 else if( $key == ‘shipping_lines’ ) {322 foreach( $line_item_datas as $item_key => $line_item ) {323 //var_dump($line_item[‘id’]);324 $order_item_shipping = new WC_Order_Item_Shipping($line_item[‘id’]);325 $shipping_vendor_id = $order_item_shipping->get_meta('vendor_id’, true);326 if( $shipping_vendor_id && $shipping_vendor_id == $each_order_vendor_id ) {327328 // Add Store Name329 if( $this->is_vendor_sold_by( absint($shipping_vendor_id) ) ) {330331 $shop_name = wcfm_get_vendor_store_name( absint($shipping_vendor_id) );332333 $line_item[‘store_name’] = $shop_name;334335 }336 $line_item_datas_final[] = $line_item;337 }338 // $line_item_datas_final[] = $line_item;339 }340 } 341 else {342 $line_item_datas_final = $line_item_datas;343 }344 $data[ $key ] = $line_item_datas_final;345 346 } else {347 $data[ $key ] = array_values( array_map( array( $this, ‘get_order_item_data’ ), $data[ $key ] ) );348 }349 }350351 // Add Shipment Tracking352 if( ( ( $object->needs_shipping_address() && $object->get_formatted_shipping_address() ) || apply_filters( 'wcfm_is_force_shipping_address’, false ) ) && ( !function_exists( ‘wcs_order_contains_subscription’ ) || ( !wcs_order_contains_subscription( $order_id, ‘renewal’ ) && !wcs_order_contains_subscription( $order_id, ‘renewal’ ) ) ) && apply_filters( 'wcfm_is_pref_shipment_tracking’, true ) && apply_filters( 'wcfm_is_allow_shipping_tracking’, true ) && !in_array( $order_status, apply_filters( 'wcfm_shipment_disable_order_status’, array( 'failed’, 'cancelled’, 'refunded’, ‘pending’ ) ) ) ) {353354 $data[‘shipment_tracking’] = $this->get_order_shipping_data( $object );355 }356357 $data[‘status’] = apply_filters( 'wcfm_current_order_status’, $data[‘status’], $data[‘id’] );358 359 // Format the order status.360 $data[‘status’] = 'wc-' === substr( $data[‘status’], 0, 3 ) ? substr( $data[‘status’], 3 ) : $data[‘status’];361 return $data;362 }363 364 365 /**366 * Expands an order item to get its data.367 *368 * @param WC_Order_item $item369 *370 * @return array371 */372 protected function get_order_item_data( $item ) { 373374 $data = $item->get_data();375376 // Add Shop Name377 /*$meta_data = $item->get_meta_data();378 foreach ( $meta_data as $meta ) {379380 if( !is_array( $meta->key ) ) {381382 $meta->key = rawurldecode( (string) $meta->key );383384 if( $meta->key == ‘_vendor_id’ ) {385386 $meta->value = rawurldecode( (string) $meta->value );387388 if( $this->is_vendor_sold_by( absint($meta->value) ) ) {389390 $shop_name = wcfm_get_vendor_store_name( absint($meta->value) );391392 $data[‘shop_name’] = $shop_name;393394 } 395396 }397398 }399400 } */ 401402 $format_decimal = array( 'subtotal’, 'subtotal_tax’, 'total’, 'total_tax’, 'tax_total’, ‘shipping_tax_total’ );403404 // Format decimal values.405 foreach ( $format_decimal as $key ) {406 if ( isset( $data[ $key ] ) ) {407 $data[ $key ] = wc_format_decimal( $data[ $key ], ( isset($this->request[‘dp’]) ) ? $this->request[‘dp’] : false );408 }409 }410411 // Add SKU, THUMBNAIL and PRICE to products.412 if ( is_callable( array( $item, ‘get_product’ ) ) ) {413 $_product = $item->get_product();414 $data[‘sku’] = $_product ? $_product->get_sku(): null;415 $data[‘thumbnail’] = $_product ? apply_filters( 'woocommerce_admin_order_item_thumbnail’, $_product->get_image( 'thumbnail’, array( ‘title’ => ‘’ ), false ), $data[‘id’], $item ) : '’;416 $data[‘image_url’] = $_product ? wp_get_attachment_image_url( $_product->get_image_id(), ‘thumbnail’ ) : null;417 $data[‘price’] = (float)( $item->get_total() / max( 1, $item->get_quantity() ) );418 }419420 // Format taxes.421 if ( ! empty( $data[‘taxes’][‘total’] ) ) {422 $taxes = array();423424 foreach ( $data[‘taxes’][‘total’] as $tax_rate_id => $tax ) {425 $taxes[] = array(426 ‘id’ => $tax_rate_id,427 ‘total’ => $tax,428 ‘subtotal’ => isset( $data[‘taxes’][‘subtotal’][ $tax_rate_id ] ) ? $data[‘taxes’][‘subtotal’][ $tax_rate_id ] : '’,429 );430 }431 $data[‘taxes’] = $taxes;432 } elseif ( isset( $data[‘taxes’] ) ) {433 $data[‘taxes’] = array();434 }435436 // Remove names for coupons, taxes and shipping.437 if ( isset( $data[‘code’] ) || isset( $data[‘rate_code’] ) || isset( $data[‘method_title’] ) ) {438 unset( $data[‘name’] );439 }440441 // Remove props we don’t want to expose.442 unset( $data[‘order_id’] );443 unset( $data[‘type’] );444445 return $data;446 }447448 /**449450 * Return is show sold by label451452 * @return boolean453454 */455456 public function is_vendor_sold_by( $vendor_id = ‘’ ) {457458 global $WCFM, $WCFMmp;459460 461462 $wcfmmp_marketplace_options = get_option( 'wcfm_marketplace_options’, array() );463464 $vendor_sold_by = isset( $wcfmmp_marketplace_options[‘vendor_sold_by’] ) ? $wcfmmp_marketplace_options[‘vendor_sold_by’] : 'yes’;465466 if( $vendor_sold_by == ‘yes’ ) {467468 if( !$vendor_id || ( $vendor_id && apply_filters( 'wcfmmp_is_allow_sold_by’, true, $vendor_id ) && $WCFM->wcfm_vendor_support->wcfm_vendor_has_capability( $vendor_id, ‘sold_by’ ) ) ) {469470 return true;471472 } else {473474 return false;475476 }477478 }479480 return false;481482 }483484 // WCFMmp Line Item Commission Head485486 protected function wcfmmp_line_item_commission_head( $order, $vendor_id ) {487488 global $WCFM, $WCFMmp;489 490491 if( wcfm_vendor_has_capability( $vendor_id, ‘view_commission’ ) ) {492493 $admin_fee_mode = apply_filters( 'wcfm_is_admin_fee_mode’, false );494495 if( $admin_fee_mode ) {496497 return __( 'Fees’, ‘wc-frontend-manager’ );498499 } else {500501 return __( 'Earning’, ‘wc-frontend-manager’ );502503 }504505 }506507 }508509 // WCFMmp Line item Commission510511 protected function wcfmmp_line_item_commission( $item, $order, $vendor_id ) {512513 global $WCFM, $wpdb, $WCFMmp;514515 if( !wcfm_vendor_has_capability( $vendor_id, ‘view_commission’ ) ) return; 516517 $order_currency = $order->get_currency();518519 $admin_fee_mode = apply_filters( 'wcfm_is_admin_fee_mode’, false ); 520521 $qty = ( isset( $item[‘qty’] ) ? esc_html( $item[‘qty’] ) : ‘1’ ); 522523 if ( $WCFMmp->wcfmmp_vendor->is_vendor_deduct_discount( $vendor_id, $order->get_id() ) ) {524525 $line_total = $item->get_total();526527 } else {528529 $line_total = $item->get_subtotal();530531 } 532533 if( $item->get_product_id() ) {534535 $product_id = $item->get_product_id();536537 $variation_id = $item->get_variation_id();538539 } else {540541 $product_id = wc_get_order_item_meta( $item->get_id(), '_product_id’, true );542543 $variation_id = wc_get_order_item_meta( $item->get_id(), '_variation_id’, true );544545 } 546547 $sql = "548549 SELECT item_id, is_refunded, commission_amount AS line_total, shipping AS total_shipping, tax, shipping_tax_amount 550551 FROM {$wpdb->prefix}wcfm_marketplace_orders552553 WHERE (product_id = " . $product_id . " OR variation_id = " . $variation_id . ")554555 AND order_id = " . $order->get_id() . "556557 AND item_id = " . $item->get_id() . "558559 AND `vendor_id` = " . $vendor_id;560561 $order_line_due = $wpdb->get_results( $sql );562563 564565 if( !empty( $order_line_due ) && !$order_line_due[0]->is_refunded ) {566567 if ( $get_shipping = $WCFMmp->wcfmmp_vendor->is_vendor_get_shipping( $vendor_id ) ) {568569 //$line_total += $order_line_due[0]->total_shipping;570571 }572573 if ( $WCFMmp->wcfmmp_vendor->is_vendor_get_tax( $vendor_id ) ) {574575 $line_total += $order_line_due[0]->tax; 576577 $order_line_due[0]->line_total += $order_line_due[0]->tax;578579 if( $get_shipping ) {580581 //$line_total += $order_line_due[0]->shipping_tax_amount;582583 }584585 }586587 if( $admin_fee_mode ) {588589 $refunded = $order->get_total_refunded_for_item( $item->get_id() );590591 return $line_total - $refunded - $order_line_due[0]->line_total;592593 } else {594595 return $order_line_due[0]->line_total;596597 }598599 } else {600601 return 0;602603 }604605 }606607 /**608 *609 *610 */611 protected function get_order_shipping_data( $order ) {612613 global $WCFM;614615 $needs_shipping_tracking = false; 616617 $product_ids = array();618619 $order_item_ids = array();620621 $line_items = $order->get_items( ‘line_item’ );622623 $line_items = apply_filters( 'wcfm_valid_line_items’, $line_items, $order->get_id() );624625 $shipment_tracking_data = array();626627 foreach ( $line_items as $item_id => $item ) {628629 $each_data = array();630631 $_product = $item->get_product(); 632633 $needs_shipping = $WCFM->frontend->is_wcfm_needs_shipping( $_product );634635 $shipped = true;636637 $tracking_url = '’;638639 $tracking_code = '’;640641 $delivery_boy = '’;642643 $delivery_boy_name = '’;644645 if( $needs_shipping ) {646647 $shipped = false;648649 foreach ( $item->get_formatted_meta_data() as $meta_id => $meta ) {650651 if( $meta->key == ‘wcfm_tracking_url’ ) {652653 $tracking_url = $meta->value;654655 $shipped = true;656657 } elseif( $meta->key == ‘wcfm_tracking_code’ ) {658659 $tracking_code = $meta->value;660661 } elseif( $meta->key == ‘wcfm_delivery_boy’ ) {662663 $delivery_boy = $meta->value;664665 }666667 }668669 } else {670671 continue;672673 } 674675 $order_item_ids[] = $item->get_id();676677 $product_ids[] = $item->get_product_id();678679 $each_data[‘item_id’] = $item->get_id();680 $each_data[‘product_id’] = $item->get_product_id();681682 //if( $shipped ) continue;683684 $needs_shipping_tracking = true;685 686687 if( ( !empty( $product_ids ) && ( count( $product_ids ) == 1 ) ) || apply_filters( 'wcfm_is_allow_itemwise_notification’, true ) ) {688689 $each_data[‘product_name’] = esc_html( $item->get_name() );690691 if ( $_product && $_product->get_sku() ) {692693 $each_data[‘sku’] = esc_html( $_product->get_sku() );694695 }696697 if ( $tracking_code ) {698 699 $each_data[‘tracking_code’] = $tracking_code;700701 } 702703 if ( $tracking_url ) {704705 $each_data[‘tracking_url’] = $tracking_url;706707 }708709 if ( $delivery_boy ) {710711 $each_data[‘delivery_boy’] = $delivery_boy;712 $wcfm_delivery_boy_user = get_userdata( absint( $delivery_boy ) );713 if ( $wcfm_delivery_boy_user ) {714 $delivery_boy_name = apply_filters( 'wcfm_delivery_boy_display’, $wcfm_delivery_boy_user->first_name . ' ' . $wcfm_delivery_boy_user->last_name, $delivery_boy );715 $each_data[‘delivery_boy_name’] = $delivery_boy_name;716 }717718 }719720 if ( function_exists( ‘wcfm_is_order_delivered’ ) ) {721722 $is_order_delivered = wcfm_is_order_delivered( $order->get_id(), $item_id );723724 if( $is_order_delivered ) {725726 $each_data[‘delivery_status’] = 'completed’;727728 } else {729730 $each_data[‘delivery_status’] = 'pending’;731732 }733 }734 735 if( $_product ) {736737 $each_data[‘mark_shipped’] = true;738739 }740 }741742 $shipment_tracking_data[‘each_data’][] = $each_data;743744 }745746 if( !empty( $product_ids ) && ( count( $product_ids ) > 1 ) ) {747748 $shipment_tracking_data[‘mark_all’] = array(749750 ‘product_ids’ => $product_ids,751 ‘order_item_ids’ => $order_item_ids752753 );754755 }756757 $wcfm_delivery_boys_array = function_exists( ‘wcfm_get_delivery_boys’ ) ? wcfm_get_delivery_boys() : array();758759 if(!empty($wcfm_delivery_boys_array)) {760761 $delivery_users = array();762763 foreach( $wcfm_delivery_boys_array as $wcfm_delivery_boys_single ) {764765 $delivery_users[] = array( ‘id’ => $wcfm_delivery_boys_single->ID,766 ‘name’ => $wcfm_delivery_boys_single->first_name . ' ' . $wcfm_delivery_boys_single->last_name . ' (' . $wcfm_delivery_boys_single->user_email . ')');767768 }769770 $shipment_tracking_data[‘delivery_boys’] = $delivery_users;771 772 } 773774 return $shipment_tracking_data;775776 }777778 public function update_shipment_tracking( $request ) {779 global $WCFM, $WCFMu, $WCFMd;780 781 $_POST[‘orderid’] = !empty($request[‘order_id’]) ? $request[‘order_id’] : '’;782783 $_POST[‘tracking_data’] = "";784785 $_POST[‘tracking_data’] .= "wcfm_tracking_order_id=";786 $_POST[‘tracking_data’] .= !empty($request[‘order_id’]) ? $request[‘order_id’] : "";787 $_POST[‘tracking_data’] .= "&wcfm_tracking_product_id=";788 $_POST[‘tracking_data’] .= !empty($request[‘product_id’]) ? $request[‘product_id’] : "";789 $_POST[‘tracking_data’] .= "&wcfm_tracking_order_item_id=";790 $_POST[‘tracking_data’] .= !empty($request[‘item_id’]) ? $request[‘item_id’] : "";791 $_POST[‘tracking_data’] .= "&wcfm_tracking_url=";792 $_POST[‘tracking_data’] .= !empty($request[‘tracking_url’]) ? $request[‘tracking_url’] : "";793 $_POST[‘tracking_data’] .= "&wcfm_tracking_code=";794 $_POST[‘tracking_data’] .= !empty($request[‘tracking_code’]) ? $request[‘tracking_code’] : "";795 $_POST[‘tracking_data’] .= "&wcfm_delivery_boy=";796 $_POST[‘tracking_data’] .= !empty($request[‘delivery_boy’]) ? $request[‘delivery_boy’] : "";797 $_REQUEST[‘wcfm_ajax_nonce’] = wp_create_nonce( ‘wcfm_ajax_nonce’ ); 798 define('WCFM_REST_API_CALL’, TRUE);799 if(WCFMapi_Dependencies::wcfmapi_ultimate_plugin_active_check()) {800 $WCFMu->init_wcfmu();801 $wcfm_tracking_data = $WCFMu->wcfmu_shipment_tracking->wcfm_wcfmmarketplace_order_mark_shipped();802 $order_id = absint( $wcfm_tracking_data[‘wcfm_tracking_order_id’] );803 $order = wc_get_order( $order_id );804 $response = array(‘order_id’ => $order_id);805 $response[‘order_status’] = apply_filters( 'wcfm_current_order_status’, $order->get_status(), $order->get_id() );806 $response[‘tracking_data’] = $wcfm_tracking_data;807 808 return rest_ensure_response( $response );809 } elseif( !empty($request[‘delivery_boy’]) ) {810 $WCFMd->init_wcfmd();811 $wcfm_tracking_data = $WCFMd->ajax->wcfmd_delivery_boy_assign();812 $order_id = absint( $wcfm_tracking_data[‘wcfm_tracking_order_id’] );813 $order = wc_get_order( $order_id );814 $response = array(‘order_id’ => $order_id);815 $response[‘order_status’] = apply_filters( 'wcfm_current_order_status’, $order->get_status(), $order->get_id() );816 $response[‘tracking_data’] = $wcfm_tracking_data;817 return rest_ensure_response( $response );818 }819820 }821822 public function update_order_status( $request ) {823824 global $WCFM;825826 $id = isset( $request[‘id’] ) ? absint( $request[‘id’] ) : 0;827 $status = isset( $request[‘status’] ) ? $request[‘status’] : '’;828 829 if(substr($status, 0, 2) !== 'wc-'){830 $status = 'wc-' . $status;831 }832 $order_statuses = wc_get_order_statuses();833834 if ( empty( $id ) ) {835 return new WP_Error( "wcfmapi_rest_invalid_{$this->post_type}_id", __( 'Invalid order ID’, ‘wcfm-marketplace-rest-api’ ), array(836 ‘status’ => 404,837 ) );838 }839840 if ( empty( $status ) ) {841 return new WP_Error( "wcfmapi_rest_empty_{$this->post_type}_status", __( ‘Order status must me required’, ‘wcfm-marketplace-rest-api’ ), array(842 ‘status’ => 404,843 ) );844 }845846 if ( ! in_array( $status, array_keys( $order_statuses ) ) ) {847 return new WP_Error( “wcfmapi_rest_invalid_{$this->post_type}_status", __( 'Order status not valid’, ‘wcfm-marketplace-rest-api’ ), array(848 ‘status’ => 404,849 ) );850 }851852 // $order = $this->get_object( $id );853 // $order->set_status( $status );854 // $order = apply_filters( “wcfmapi_rest_pre_insert_{$this->post_type}_object", $order, $request );855 // $order->save();856 $_POST[‘order_id’] = $id;857 $_POST[‘order_status’] = $status;858 $_REQUEST[‘wcfm_ajax_nonce’] = wp_create_nonce( ‘wcfm_ajax_nonce’ );859 define('WCFM_REST_API_CALL’, TRUE);860 $WCFM->init();861 $order_status_change = $WCFM->ajax->wcfm_modify_order_status();862 return $this->get_post_type_item($request, $id);863 }864865 /**866867 * Handle Order Note Add868869 */870871 public function add_order_note( $request ) {872873 global $WCFM, $WCFMu, $woocommerce;874 875876 $user_id = apply_filters( 'wcfm_current_vendor_id’, get_current_user_id() );877878 $user = $user_id;879 $comment_id = '’;880 881882 //parse_str($_POST[‘note_data’], $wcfm_note_data);883884 $order_id = absint( $request[‘id’] );885 //$noteData = $request[‘noteData’];886887 $note = apply_filters( 'wcfm_editor_content_before_save’, wp_kses_post( trim( stripslashes( $request[‘note’] ) ) ) );888889 $note_type = $request[‘note_type’];890891892893 $is_customer_note = $note_type == ‘customer’ ? 1 : 0;894895 $note_class = '’;896897 if($is_customer_note) $note_class = 'customer-note’;898899900901 if ( $order_id > 0 ) {902903 $order = wc_get_order( $order_id ); 904905 if( apply_filters( 'wcfm_is_allow_order_note_attachments’, true ) ) {906907 $attachments = $request[‘attachments’];908909 if( !empty( $attachments ) ) {910911 $attachment_data = '’;912913 foreach( $attachments as $index => $attachment ) {914915 if( isset( $attachment[‘attachmentData’] ) && !empty( $attachment[‘attachmentData’] ) ) {916917 $name = !empty( $attachment[‘attachmentText’] ) ? $attachment[‘attachmentText’] : __ ( 'Attachment’, ‘wc-frontend-manager-ultimate’ ) . ' ' . $index;918919 if( $index != 0 ) $note .= ', ';920921 $attachment_data .= '<a class="wcfm_dashboard_item_title wcfm_linked_attached” target="_blank” href="’ . $attachment[‘attachmentData’][‘source_url’] . ‘">’ . $name . '</a>’;922923 }924925 }926927 if( !empty( $attachment_data ) ) {928929 $note .= “<br />” . __ ( 'Attachments’, ‘wc-frontend-manager-ultimate’ ) . ': ' . $attachment_data;930931 }932933 }934935 }936937 938939 $note = apply_filters( 'wcfm_order_note_before_save’, $note, $request );940941 942943 // Vendor association944945 if( wcfm_is_vendor() ) {946947 if( apply_filters( 'wcfmmp_is_allow_sold_by’, true, $user_id ) && $WCFM->wcfm_vendor_support->wcfm_vendor_has_capability( $user_id, ‘sold_by’ ) && apply_filters( 'wcfm_is_allow_order_note_vendor_reference’, true ) ) {948949 $note = sprintf( __( '%s has added the following note’, ‘wc-frontend-manager-ultimate’ ), wcfm_get_vendor_store( $user_id ) ) . ': ' . “<br />” . $note;950951 }952953 954955 add_filter( 'woocommerce_new_order_note_data’, array( $WCFMu->wcfmu_marketplace, ‘filter_wcfm_vendors_comment’ ), 10, 2 );956957 }958959 960961 $comment_id = $order->add_order_note( $note, $is_customer_note, true );962963 964965 // Vendor association966967 if( wcfm_is_vendor() ) remove_filter( 'woocommerce_new_order_note_data’, array( $WCFMu->wcfmu_marketplace, ‘filter_wcfm_vendors_comment’ ), 10, 2 ); 968969 }970971 $notes = $this->get_order_notes(array(‘id’ => $request[‘id’]));972 $response = rest_ensure_response($notes);973 return $response;974975 }976977978 public function get_order_notes( $request ) {979980 $args = array(981982 ‘post_id’ => $request[‘id’],983984 ‘orderby’ => 'comment_ID’,985986 ‘order’ => 'DESC’,987988 ‘approve’ => 'approve’,989990 ‘type’ => 'order_note’991992 );993994 $args = apply_filters( 'wcfm_order_notes_args’, $args );995996 //$notes = apply_filters( 'wcfm_order_notes’, get_comments( $args ), $request[‘id’] );997998 $notes = wc_get_order_notes( $args );9991000 $response = rest_ensure_response($notes);1001 1002 return $response;1003 }100410051006}