diff --git a/application/controllers/About.php b/application/controllers/About.php index 84adf898..646bff92 100644 --- a/application/controllers/About.php +++ b/application/controllers/About.php @@ -19,11 +19,6 @@ * @package Controllers */ class About extends EA_Controller { - /** - * @var array - */ - protected $permissions; - /** * Calendar constructor. */ @@ -43,13 +38,6 @@ class About extends EA_Controller { $this->load->library('notifications'); $this->load->library('synchronization'); $this->load->library('timezones'); - - $role_slug = session('role_slug'); - - if ($role_slug) - { - $this->permissions = $this->roles_model->get_permissions_by_slug($role_slug); - } } /** @@ -61,18 +49,20 @@ class About extends EA_Controller { if (cannot('view', PRIV_USER_SETTINGS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $user_id = session('user_id'); $role_slug = session('role_slug'); - $this->load->view('pages/about', [ + html_vars([ 'page_title' => lang('settings'), 'active_menu' => PRIV_SYSTEM_SETTINGS, 'user_display_name' => $this->accounts->get_user_display_name($user_id), 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), ]); + + $this->load->view('pages/about', html_vars()); } } diff --git a/application/controllers/Account_settings.php b/application/controllers/Account_settings.php index 76e3def5..ba7fa7b2 100644 --- a/application/controllers/Account_settings.php +++ b/application/controllers/Account_settings.php @@ -43,13 +43,6 @@ class Account_settings extends EA_Controller { $this->load->library('notifications'); $this->load->library('synchronization'); $this->load->library('timezones'); - - $role_slug = session('role_slug'); - - if ($role_slug) - { - $this->permissions = $this->roles_model->get_permissions_by_slug($role_slug); - } } /** @@ -61,14 +54,14 @@ class Account_settings extends EA_Controller { if (cannot('view', PRIV_USER_SETTINGS)) { - show_error('Forbidden', 403); + abort(403,'Forbidden'); } $user_id = session('user_id'); $role_slug = session('role_slug'); - $this->load->view('pages/account_settings', [ + html_vars([ 'page_title' => lang('settings'), 'active_menu' => PRIV_SYSTEM_SETTINGS, 'user_display_name' => $this->accounts->get_user_display_name($user_id), @@ -76,6 +69,8 @@ class Account_settings extends EA_Controller { 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), 'user_settings' => $this->users_model->find($user_id), ]); + + $this->load->view('pages/account_settings', html_vars()); } /** diff --git a/application/controllers/Admins.php b/application/controllers/Admins.php index 710ce4e5..e39949ef 100644 --- a/application/controllers/Admins.php +++ b/application/controllers/Admins.php @@ -36,7 +36,7 @@ class Admins extends EA_Controller { /** * Render the backend admins page. * - * On this page admin users will be able to manage admins, which are eventually selected by customers during the + * On this page admin users will be able to manage admins, which are eventually selected by customers during the * booking process. */ public function index() @@ -52,13 +52,15 @@ class Admins extends EA_Controller { $role_slug = session('role_slug'); - $this->load->view('pages/admins', [ + html_vars([ 'page_title' => lang('admins'), 'active_menu' => PRIV_USERS, 'user_display_name' => $this->accounts->get_user_display_name($user_id), 'timezones' => $this->timezones->to_array(), 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), ]); + + $this->load->view('pages/admins', html_vars()); } /** @@ -70,7 +72,7 @@ class Admins extends EA_Controller { { if (cannot('view', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403,'Forbidden'); } $keyword = request('keyword', ''); @@ -78,7 +80,7 @@ class Admins extends EA_Controller { $order_by = 'first_name ASC, last_name ASC, email ASC'; $limit = request('limit', 1000); - + $offset = 0; $admins = $this->admins_model->search($keyword, $limit, $offset, $order_by); diff --git a/application/controllers/Booking.php b/application/controllers/Booking.php index e1585e86..8d7151dc 100755 --- a/application/controllers/Booking.php +++ b/application/controllers/Booking.php @@ -44,17 +44,19 @@ class Booking extends EA_Controller { $this->load->library('availability'); $this->load->driver('cache', ['adapter' => 'file']); - - $this->preload(); } /** - * Preload the page config and variables. + * Render the booking page. + * + * This method creates the appointment book wizard. */ - protected function preload() + public function index() { - if ( ! is_callback('booking', 'index') && ! is_callback('booking', 'reschedule')) + if ( ! is_app_installed()) { + redirect('installation'); + return; } @@ -64,7 +66,7 @@ class Booking extends EA_Controller { foreach ($available_providers as &$available_provider) { // Only expose the required provider data. - + $this->providers_model->only($available_provider, [ 'id', 'first_name', @@ -96,11 +98,9 @@ class Booking extends EA_Controller { $timezones = $this->timezones->to_array(); $grouped_timezones = $this->timezones->to_grouped_array(); - if (is_callback('booking', 'reschedule')) + if (!empty($appointment_hash)) { // Load the appointments data and enable the manage mode of the booking page. - - $appointment_hash = $this->uri->segment(3); $manage_mode = TRUE; @@ -116,11 +116,13 @@ class Booking extends EA_Controller { 'message_icon' => base_url('assets/img/error.png') ]); + $this->load->view('pages/booking_message', html_vars()); + return; } // Make sure the appointment can still be rescheduled. - + $start_datetime = strtotime($results[0]['start_datetime']); $limit = strtotime('+' . $book_advance_timeout . ' minutes', strtotime('now')); @@ -141,6 +143,8 @@ class Booking extends EA_Controller { 'message_icon' => base_url('assets/img/error.png') ]); + $this->load->view('pages/booking_message', html_vars()); + return; } @@ -199,29 +203,6 @@ class Booking extends EA_Controller { 'provider_data' => $provider, 'customer_data' => $customer, ]); - } - - /** - * Render the booking page. - * - * This method creates the appointment book wizard. - */ - public function index() - { - if ( ! is_app_installed()) - { - redirect('installation'); - - return; - } - - if (html_vars('show_message')) - { - // The requested appointment was not found in the database. - $this->load->view('pages/booking_message', html_vars()); - - return; - } $this->load->view('pages/booking', html_vars()); } @@ -251,6 +232,7 @@ class Booking extends EA_Controller { $selected_date = request('selected_date'); // Do not continue if there was no provider selected (more likely there is no provider in the system). + if (empty($provider_id)) { json_response([]); @@ -260,10 +242,12 @@ class Booking extends EA_Controller { // If manage mode is TRUE then the following we should not consider the selected appointment when // calculating the available time periods of the provider. + $exclude_appointment_id = request('manage_mode') === 'true' ? request('appointment_id') : NULL; // If the user has selected the "any-provider" option then we will need to search for an available provider // that will provide the requested service. + $service = $this->services_model->find($service_id); if ($provider_id === ANY_PROVIDER) diff --git a/application/controllers/Booking_cancellation.php b/application/controllers/Booking_cancellation.php index d1455aa4..a03bcd01 100755 --- a/application/controllers/Booking_cancellation.php +++ b/application/controllers/Booking_cancellation.php @@ -48,8 +48,8 @@ class Booking_cancellation extends EA_Controller { { try { - $exceptions = []; - + $exceptions = []; + $occurrences = $this->appointments_model->get(['hash' => $appointment_hash]); if (empty($occurrences)) @@ -84,11 +84,13 @@ class Booking_cancellation extends EA_Controller { $exceptions[] = $e; } - $this->load->view('pages/booking_message', [ + html_vars([ 'message_title' => lang('appointment_cancelled_title'), 'message_text' => lang('appointment_cancelled'), 'message_icon' => base_url('assets/img/success.png'), 'exceptions' => $exceptions ]); + + $this->load->view('pages/booking_message', html_vars()); } } diff --git a/application/controllers/Booking_confirmation.php b/application/controllers/Booking_confirmation.php index f1b432cb..9883bec5 100755 --- a/application/controllers/Booking_confirmation.php +++ b/application/controllers/Booking_confirmation.php @@ -34,19 +34,17 @@ class Booking_confirmation extends EA_Controller { /** * Display the appointment registration success page. - * - * @param string $appointment_hash The appointment hash identifier. - * - * @throws Exception */ - public function of(string $appointment_hash) + public function of() { + $appointment_hash = $this->uri->segment(2); + $occurrences = $this->appointments_model->get(['hash' => $appointment_hash]); if (empty($occurrences)) { redirect('appointments'); // The appointment does not exist. - + return; } @@ -58,40 +56,35 @@ class Booking_confirmation extends EA_Controller { $provider = $this->providers_model->find($appointment['id_users_provider']); + $this->providers_model->only($provider, [ + 'id', + 'first_name', + 'last_name', + 'email', + 'timezone' + ]); + $service = $this->services_model->find($appointment['id_services']); + $this->services_model->only($service, [ + 'id', + 'first_name', + 'last_name', + 'email', + 'timezone' + ]); + $company_name = setting('company_name'); - $exceptions = $this->session->flashdata('book_success') ?? []; - - $this->load->view('pages/booking_confirmation', [ + html_vars([ 'page_title' => lang('success'), 'appointment_data' => $appointment, - 'provider_data' => [ - 'id' => $provider['id'], - 'first_name' => $provider['first_name'], - 'last_name' => $provider['last_name'], - 'email' => $provider['email'], - 'timezone' => $provider['timezone'], - ], - 'customer_data' => [ - 'id' => $customer['id'], - 'first_name' => $customer['first_name'], - 'last_name' => $customer['last_name'], - 'email' => $customer['email'], - 'timezone' => $customer['timezone'], - ], + 'provider_data' => $provider, + 'customer_data' => $customer, 'service_data' => $service, 'company_name' => $company_name, - 'exceptions' => $exceptions, - 'scripts' => [ - 'https://apis.google.com/js/client.js', - asset_url('assets/vendor/datejs/date.min.js'), - asset_url('assets/vendor/moment/moment.min.js'), - asset_url('assets/vendor/moment-timezone/moment-timezone-with-data.min.js'), - asset_url('assets/js/frontend_book_success.js'), - asset_url('assets/js/general_functions.js') - ] ]); + + $this->load->view('pages/booking_confirmation', html_vars()); } } diff --git a/application/controllers/Booking_settings.php b/application/controllers/Booking_settings.php index 90ccdb8e..b8735517 100644 --- a/application/controllers/Booking_settings.php +++ b/application/controllers/Booking_settings.php @@ -19,11 +19,6 @@ * @package Controllers */ class Booking_settings extends EA_Controller { - /** - * @var array - */ - protected array $permissions; - /** * Calendar constructor. */ @@ -43,13 +38,6 @@ class Booking_settings extends EA_Controller { $this->load->library('notifications'); $this->load->library('synchronization'); $this->load->library('timezones'); - - $role_slug = session('role_slug'); - - if ($role_slug) - { - $this->permissions = $this->roles_model->get_permissions_by_slug($role_slug); - } } /** @@ -61,14 +49,14 @@ class Booking_settings extends EA_Controller { if (cannot('view', PRIV_SYSTEM_SETTINGS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $user_id = session('user_id'); $role_slug = session('role_slug'); - $this->load->view('pages/booking_settings', [ + html_vars([ 'page_title' => lang('settings'), 'active_menu' => PRIV_SYSTEM_SETTINGS, 'user_display_name' => $this->accounts->get_user_display_name($user_id), @@ -76,6 +64,8 @@ class Booking_settings extends EA_Controller { 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), 'system_settings' => $this->settings_model->get(), ]); + + $this->load->view('pages/booking_settings', html_vars()); } /** @@ -85,7 +75,7 @@ class Booking_settings extends EA_Controller { { try { - if ($this->permissions[PRIV_SYSTEM_SETTINGS]['edit'] == FALSE) + if (cannot('edit', PRIV_SYSTEM_SETTINGS)) { throw new Exception('You do not have the required permissions for this task.'); } diff --git a/application/controllers/Business_settings.php b/application/controllers/Business_settings.php index dfb41f64..46f9dd29 100644 --- a/application/controllers/Business_settings.php +++ b/application/controllers/Business_settings.php @@ -19,11 +19,6 @@ * @package Controllers */ class Business_settings extends EA_Controller { - /** - * @var array - */ - protected $permissions; - /** * Business_logic constructor. */ @@ -43,13 +38,6 @@ class Business_settings extends EA_Controller { $this->load->library('notifications'); $this->load->library('synchronization'); $this->load->library('timezones'); - - $role_slug = session('role_slug'); - - if ($role_slug) - { - $this->permissions = $this->roles_model->get_permissions_by_slug($role_slug); - } } /** @@ -61,14 +49,14 @@ class Business_settings extends EA_Controller { if (cannot('view', PRIV_SYSTEM_SETTINGS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $user_id = session('user_id'); $role_slug = session('role_slug'); - $this->load->view('pages/business_settings', [ + html_vars([ 'page_title' => lang('settings'), 'active_menu' => PRIV_SYSTEM_SETTINGS, 'user_display_name' => $this->accounts->get_user_display_name($user_id), @@ -76,6 +64,8 @@ class Business_settings extends EA_Controller { 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), 'system_settings' => $this->settings_model->get(), ]); + + $this->load->view('pages/business_settings', html_vars()); } /** @@ -85,7 +75,7 @@ class Business_settings extends EA_Controller { { try { - if ($this->permissions[PRIV_SYSTEM_SETTINGS]['edit'] == FALSE) + if (cannot('edit', PRIV_SYSTEM_SETTINGS)) { throw new Exception('You do not have the required permissions for this task.'); } diff --git a/application/controllers/Calendar.php b/application/controllers/Calendar.php index c0575786..ad6fa6a2 100644 --- a/application/controllers/Calendar.php +++ b/application/controllers/Calendar.php @@ -42,23 +42,16 @@ class Calendar extends EA_Controller { $this->load->library('notifications'); $this->load->library('synchronization'); $this->load->library('timezones'); - - $role_slug = session('role_slug'); - - if ($role_slug) - { - $this->permissions = $this->roles_model->get_permissions_by_slug($role_slug); - } } /** * Display the main backend page. * - * This method displays the main backend page. All login permission can view this page which displays a - * calendar with the events of the selected provider or service. If a user has more privileges he will see more - * menus at the top of the page. + * This method displays the main backend page. All login permission can view this page which displays a calendar + * with the events of the selected provider or service. If a user has more privileges he will see more menus at the + * top of the page. * - * @param string $appointment_hash Appointment edit dialog will appear when the page loads (default ''). + * @param string $appointment_hash Appointment hash. */ public function index(string $appointment_hash = '') { @@ -84,18 +77,21 @@ class Calendar extends EA_Controller { $secretary_providers = $secretary['providers']; } - $occurrences = $this->appointments_model->get(['hash' => $appointment_hash]); - $edit_appointment = NULL; - if ($appointment_hash !== '' && ! empty($occurrences)) + if ( ! empty($appointment_hash)) { - $edit_appointment = $occurrences[0]; - - $this->appointments_model->load($edit_appointment, ['customer']); + $occurrences = $this->appointments_model->get(['hash' => $appointment_hash]); + + if ($appointment_hash !== '' && ! empty($occurrences)) + { + $edit_appointment = $occurrences[0]; + + $this->appointments_model->load($edit_appointment, ['customer']); + } } - $this->load->view('pages/calendar', [ + html_vars([ 'page_title' => lang('calendar'), 'active_menu' => PRIV_APPOINTMENTS, 'user_display_name' => $this->accounts->get_user_display_name($user_id), @@ -107,11 +103,13 @@ class Calendar extends EA_Controller { 'secretary_providers' => $secretary_providers, 'edit_appointment' => $edit_appointment, ]); + + $this->load->view('pages/calendar', html_vars()); } /** * Render the calendar page and display the selected appointment. - * + * * This method will call the "index" callback to handle the page rendering. * * @param string $appointment_hash Appointment hash. @@ -135,11 +133,11 @@ class Calendar extends EA_Controller { { $customer = json_decode($customer_data, TRUE); - $required_permissions = ( ! isset($customer['id'])) - ? $this->permissions[PRIV_CUSTOMERS]['add'] - : $this->permissions[PRIV_CUSTOMERS]['edit']; + $required_permissions = ! empty($customer['id']) + ? can('add', PRIV_CUSTOMERS) + : can('edit', PRIV_CUSTOMERS); - if ($required_permissions == FALSE) + if ( ! $required_permissions) { throw new Exception('You do not have the required permissions for this task.'); } @@ -156,9 +154,9 @@ class Calendar extends EA_Controller { { $appointment = json_decode($appointment_data, TRUE); - $required_permissions = ( ! isset($appointment['id'])) - ? $this->permissions[PRIV_APPOINTMENTS]['add'] - : $this->permissions[PRIV_APPOINTMENTS]['edit']; + $required_permissions = ! empty($appointment['id']) + ? can('add', PRIV_APPOINTMENTS) + : can('edit', PRIV_APPOINTMENTS); if ($required_permissions == FALSE) { @@ -272,8 +270,8 @@ class Calendar extends EA_Controller { $unavailable = json_decode(request('unavailable'), TRUE); $required_permissions = ( ! isset($unavailable['id'])) - ? $this->permissions[PRIV_APPOINTMENTS]['add'] - : $this->permissions[PRIV_APPOINTMENTS]['edit']; + ? can('add', PRIV_APPOINTMENTS) + : can('edit', PRIV_APPOINTMENTS); if ( ! $required_permissions) { @@ -333,7 +331,7 @@ class Calendar extends EA_Controller { { try { - if ($this->permissions[PRIV_APPOINTMENTS]['delete'] == FALSE) + if (can('delete', PRIV_APPOINTMENTS)) { throw new Exception('You do not have the required permissions for this task.'); } @@ -383,7 +381,7 @@ class Calendar extends EA_Controller { { try { - $required_permissions = $this->permissions[PRIV_USERS]['edit']; + $required_permissions = can('edit', PRIV_USERS); if ( ! $required_permissions) { @@ -415,7 +413,7 @@ class Calendar extends EA_Controller { { try { - $required_permissions = $this->permissions[PRIV_USERS]['edit']; + $required_permissions = can('edit', PRIV_CUSTOMERS); if ( ! $required_permissions) { @@ -537,7 +535,7 @@ class Calendar extends EA_Controller { { try { - if ($this->permissions[PRIV_APPOINTMENTS]['view'] == FALSE) + if (cannot('view', PRIV_APPOINTMENTS)) { throw new Exception('You do not have the required permissions for this task.'); } diff --git a/application/controllers/Categories.php b/application/controllers/Categories.php index def4ce7d..37b1a8e9 100644 --- a/application/controllers/Categories.php +++ b/application/controllers/Categories.php @@ -36,7 +36,7 @@ class Categories extends EA_Controller { /** * Render the backend categories page. * - * On this page admin users will be able to manage categories, which are eventually selected by customers during the + * On this page admin users will be able to manage categories, which are eventually selected by customers during the * booking process. */ public function index() @@ -45,20 +45,22 @@ class Categories extends EA_Controller { if (cannot('view', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $user_id = session('user_id'); $role_slug = session('role_slug'); - $this->load->view('pages/categories', [ + html_vars([ 'page_title' => lang('categories'), 'active_menu' => PRIV_SERVICES, 'user_display_name' => $this->accounts->get_user_display_name($user_id), 'timezones' => $this->timezones->to_array(), 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), ]); + + $this->load->view('pages/categories', html_vars()); } /** @@ -70,7 +72,7 @@ class Categories extends EA_Controller { { if (cannot('view', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $keyword = request('keyword', ''); @@ -78,8 +80,8 @@ class Categories extends EA_Controller { $order_by = 'name ASC'; $limit = request('limit', 1000); - - $offset = 0; + + $offset = 0; $categories = $this->categories_model->search($keyword, $limit, $offset, $order_by); @@ -102,7 +104,7 @@ class Categories extends EA_Controller { if (cannot('add', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $category_id = $this->categories_model->save($category); @@ -129,7 +131,7 @@ class Categories extends EA_Controller { if (cannot('edit', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $category_id = $this->categories_model->save($category); @@ -154,7 +156,7 @@ class Categories extends EA_Controller { { if (cannot('delete', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $category_id = request('category_id'); @@ -170,7 +172,7 @@ class Categories extends EA_Controller { json_exception($e); } } - + /** * Find a category. */ @@ -180,7 +182,7 @@ class Categories extends EA_Controller { { if (cannot('view', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $category_id = request('category_id'); diff --git a/application/controllers/Customers.php b/application/controllers/Customers.php index 4dd15194..06d062ef 100644 --- a/application/controllers/Customers.php +++ b/application/controllers/Customers.php @@ -46,20 +46,22 @@ class Customers extends EA_Controller { if (cannot('view', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $user_id = session('user_id'); $role_slug = session('role_slug'); - $this->load->view('pages/customers', [ + html_vars([ 'page_title' => lang('customers'), 'active_menu' => PRIV_CUSTOMERS, 'user_display_name' => $this->accounts->get_user_display_name($user_id), 'timezones' => $this->timezones->to_array(), 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), ]); + + $this->load->view('pages/customers', html_vars()); } /** @@ -71,7 +73,7 @@ class Customers extends EA_Controller { { if (cannot('view', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $keyword = request('keyword', ''); @@ -118,7 +120,7 @@ class Customers extends EA_Controller { if (cannot('add', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $customer_id = $this->customers_model->save($customer); @@ -145,7 +147,7 @@ class Customers extends EA_Controller { if (cannot('edit', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $customer_id = $this->customers_model->save($customer); @@ -170,7 +172,7 @@ class Customers extends EA_Controller { { if (cannot('delete', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $customer_id = request('customer_id'); @@ -196,7 +198,7 @@ class Customers extends EA_Controller { { if (cannot('view', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $customer_id = request('customer_id'); diff --git a/application/controllers/General_settings.php b/application/controllers/General_settings.php index f4cbe22b..0d3bd083 100644 --- a/application/controllers/General_settings.php +++ b/application/controllers/General_settings.php @@ -19,11 +19,6 @@ * @package Controllers */ class General_settings extends EA_Controller { - /** - * @var array - */ - protected $permissions; - /** * Calendar constructor. */ @@ -43,13 +38,6 @@ class General_settings extends EA_Controller { $this->load->library('notifications'); $this->load->library('synchronization'); $this->load->library('timezones'); - - $role_slug = session('role_slug'); - - if ($role_slug) - { - $this->permissions = $this->roles_model->get_permissions_by_slug($role_slug); - } } /** @@ -61,14 +49,14 @@ class General_settings extends EA_Controller { if (cannot('view', PRIV_SYSTEM_SETTINGS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $user_id = session('user_id'); $role_slug = session('role_slug'); - $this->load->view('pages/general_settings', [ + html_vars([ 'page_title' => lang('settings'), 'active_menu' => PRIV_SYSTEM_SETTINGS, 'user_display_name' => $this->accounts->get_user_display_name($user_id), @@ -76,6 +64,8 @@ class General_settings extends EA_Controller { 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), 'system_settings' => $this->settings_model->get(), ]); + + $this->load->view('pages/general_settings', html_vars()); } /** @@ -85,7 +75,7 @@ class General_settings extends EA_Controller { { try { - if ($this->permissions[PRIV_SYSTEM_SETTINGS]['edit'] == FALSE) + if (cannot('edit', PRIV_SYSTEM_SETTINGS)) { throw new Exception('You do not have the required permissions for this task.'); } diff --git a/application/controllers/Legal_settings.php b/application/controllers/Legal_settings.php index 18a7b569..84037c33 100644 --- a/application/controllers/Legal_settings.php +++ b/application/controllers/Legal_settings.php @@ -43,13 +43,6 @@ class Legal_settings extends EA_Controller { $this->load->library('notifications'); $this->load->library('synchronization'); $this->load->library('timezones'); - - $role_slug = session('role_slug'); - - if ($role_slug) - { - $this->permissions = $this->roles_model->get_permissions_by_slug($role_slug); - } } /** @@ -68,13 +61,15 @@ class Legal_settings extends EA_Controller { $role_slug = session('role_slug'); - $this->load->view('pages/legal_settings', [ + html_vars([ 'page_title' => lang('settings'), 'active_menu' => PRIV_SYSTEM_SETTINGS, 'user_display_name' => $this->accounts->get_user_display_name($user_id), 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), 'system_settings' => $this->settings_model->get(), ]); + + $this->load->view('pages/legal_settings', html_vars()); } /** @@ -84,7 +79,7 @@ class Legal_settings extends EA_Controller { { try { - if ($this->permissions[PRIV_SYSTEM_SETTINGS]['edit'] == FALSE) + if (cannot('edit', PRIV_SYSTEM_SETTINGS)) { throw new Exception('You do not have the required permissions for this task.'); } diff --git a/application/controllers/Login.php b/application/controllers/Login.php index 239b8beb..3a2744c1 100644 --- a/application/controllers/Login.php +++ b/application/controllers/Login.php @@ -39,11 +39,13 @@ class Login extends EA_Controller { */ public function index() { - $this->load->view('pages/login', [ + html_vars([ 'base_url' => config('base_url'), 'dest_url' => session('dest_url', site_url('backend')), 'company_name' => setting('company_name') ]); + + $this->load->view('pages/login', html_vars()); } /** diff --git a/application/controllers/Logout.php b/application/controllers/Logout.php index 840b95f2..a6574ad2 100644 --- a/application/controllers/Logout.php +++ b/application/controllers/Logout.php @@ -25,10 +25,13 @@ class Logout extends EA_Controller { public function index() { $this->session->sess_destroy(); - - $this->load->view('pages/logout', [ - 'base_url' => config('base_url'), - 'company_name' => setting('company_name') + + $company_name = setting('company_name'); + + html_vars([ + 'company_name' => $company_name ]); + + $this->load->view('pages/logout', html_vars()); } } diff --git a/application/controllers/Providers.php b/application/controllers/Providers.php index 6286e0b7..d98f2e8d 100644 --- a/application/controllers/Providers.php +++ b/application/controllers/Providers.php @@ -46,14 +46,14 @@ class Providers extends EA_Controller { if (cannot('view', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $user_id = session('user_id'); $role_slug = session('role_slug'); - - $this->load->view('pages/providers', [ + + html_vars([ 'page_title' => lang('providers'), 'active_menu' => PRIV_USERS, 'user_display_name' => $this->accounts->get_user_display_name($user_id), @@ -61,6 +61,8 @@ class Providers extends EA_Controller { 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), 'services' => $this->services_model->get(), ]); + + $this->load->view('pages/providers', html_vars()); } /** @@ -72,7 +74,7 @@ class Providers extends EA_Controller { { if (cannot('view', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $keyword = request('keyword', ''); @@ -104,7 +106,7 @@ class Providers extends EA_Controller { if (cannot('add', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $provider_id = $this->providers_model->save($provider); @@ -131,7 +133,7 @@ class Providers extends EA_Controller { if (cannot('edit', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $provider_id = $this->providers_model->save($provider); @@ -156,7 +158,7 @@ class Providers extends EA_Controller { { if (cannot('delete', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $provider_id = request('provider_id'); @@ -182,7 +184,7 @@ class Providers extends EA_Controller { { if (cannot('view', PRIV_USERS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $provider_id = request('provider_id'); diff --git a/application/controllers/Recovery.php b/application/controllers/Recovery.php index 21aac0b0..70d38472 100644 --- a/application/controllers/Recovery.php +++ b/application/controllers/Recovery.php @@ -35,11 +35,14 @@ class Recovery extends EA_Controller { */ public function index() { - $this->load->view('pages/recovery', [ - 'base_url' => config('base_url'), + $company_name = setting('company_name'); + + html_vars([ 'dest_url' => session('dest_url', site_url('backend')), - 'company_name' => setting('company_name') - ]); + 'company_name' => $company_name + ]); + + $this->load->view('pages/recovery', html_vars()); } /** diff --git a/application/controllers/Secretaries.php b/application/controllers/Secretaries.php index f216d782..20f28620 100644 --- a/application/controllers/Secretaries.php +++ b/application/controllers/Secretaries.php @@ -53,14 +53,16 @@ class Secretaries extends EA_Controller { $role_slug = session('role_slug'); - $this->load->view('pages/secretaries', [ + html_vars([ 'page_title' => lang('secretaries'), 'active_menu' => PRIV_USERS, 'user_display_name' => $this->accounts->get_user_display_name($user_id), 'timezones' => $this->timezones->to_array(), 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), 'providers' => $this->providers_model->get(), - ]); + ]); + + $this->load->view('pages/secretaries', html_vars()); } /** diff --git a/application/controllers/Services.php b/application/controllers/Services.php index 2912f04e..49d57302 100644 --- a/application/controllers/Services.php +++ b/application/controllers/Services.php @@ -45,20 +45,22 @@ class Services extends EA_Controller { if (cannot('view', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $user_id = session('user_id'); $role_slug = session('role_slug'); - - $this->load->view('pages/services', [ + + html_vars([ 'page_title' => lang('services'), 'active_menu' => PRIV_SERVICES, 'user_display_name' => $this->accounts->get_user_display_name($user_id), 'timezones' => $this->timezones->to_array(), 'privileges' => $this->roles_model->get_permissions_by_slug($role_slug), ]); + + $this->load->view('pages/services', html_vars()); } /** @@ -70,7 +72,7 @@ class Services extends EA_Controller { { if (cannot('view', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $keyword = request('keyword', ''); @@ -102,7 +104,7 @@ class Services extends EA_Controller { if (cannot('add', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $service_id = $this->services_model->save($service); @@ -129,7 +131,7 @@ class Services extends EA_Controller { if (cannot('edit', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $service_id = $this->services_model->save($service); @@ -154,7 +156,7 @@ class Services extends EA_Controller { { if (cannot('delete', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $service_id = request('service_id'); @@ -180,7 +182,7 @@ class Services extends EA_Controller { { if (cannot('delete', PRIV_SERVICES)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $service_id = request('service_id'); diff --git a/application/controllers/Update.php b/application/controllers/Update.php index a495af1d..89b4ee51 100644 --- a/application/controllers/Update.php +++ b/application/controllers/Update.php @@ -50,7 +50,7 @@ class Update extends EA_Controller { { if (cannot('edit', PRIV_SYSTEM_SETTINGS)) { - show_error('Forbidden', 403); + abort(403, 'Forbidden'); } $this->instance->migrate();