forked from mirrors/easyappointments
Do not return appointments of a different user to the another provider or secretary on the default calendar screen.
This commit is contained in:
parent
c7a304c197
commit
75b2473576
1 changed files with 56 additions and 0 deletions
|
@ -671,6 +671,62 @@ class Calendar extends EA_Controller {
|
||||||
$unavailability['provider'] = $this->providers_model->find($unavailability['id_users_provider']);
|
$unavailability['provider'] = $this->providers_model->find($unavailability['id_users_provider']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
unset($appointment);
|
||||||
|
|
||||||
|
$user_id = session('user_id');
|
||||||
|
|
||||||
|
$role_slug = session('role_slug');
|
||||||
|
|
||||||
|
// If the current user is a provider he must only see his own appointments.
|
||||||
|
if ($role_slug === DB_SLUG_PROVIDER)
|
||||||
|
{
|
||||||
|
foreach ($response['appointments'] as $index => $appointment)
|
||||||
|
{
|
||||||
|
if ((int)$appointment['id_users_provider'] !== (int)$user_id)
|
||||||
|
{
|
||||||
|
unset($response['appointments'][$index]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$response['appointments'] = array_values($response['appointments']);
|
||||||
|
|
||||||
|
foreach ($response['unavailabilities'] as $index => $unavailability)
|
||||||
|
{
|
||||||
|
if ((int)$unavailability['id_users_provider'] !== (int)$user_id)
|
||||||
|
{
|
||||||
|
unset($response['unavailabilities'][$index]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$response['unavailabilities'] = array_values($response['unavailabilities']);
|
||||||
|
}
|
||||||
|
|
||||||
|
// If the current user is a secretary he must only see the appointments of his providers.
|
||||||
|
if ($role_slug === DB_SLUG_SECRETARY)
|
||||||
|
{
|
||||||
|
$providers = $this->secretaries_model->find($user_id)['providers'];
|
||||||
|
|
||||||
|
foreach ($response['appointments'] as $index => $appointment)
|
||||||
|
{
|
||||||
|
if ( ! in_array((int)$appointment['id_users_provider'], $providers))
|
||||||
|
{
|
||||||
|
unset($response['appointments'][$index]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$response['appointments'] = array_values($response['appointments']);
|
||||||
|
|
||||||
|
foreach ($response['unavailabilities'] as $index => $unavailability)
|
||||||
|
{
|
||||||
|
if ( ! in_array((int)$unavailability['id_users_provider'], $providers))
|
||||||
|
{
|
||||||
|
unset($response['unavailabilities'][$index]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$response['unavailabilities'] = array_values($response['unavailabilities']);
|
||||||
|
}
|
||||||
|
|
||||||
json_response($response);
|
json_response($response);
|
||||||
}
|
}
|
||||||
catch (Throwable $e)
|
catch (Throwable $e)
|
||||||
|
|
Loading…
Reference in a new issue