From b3b1815c8d462d0dd7653dd26b0d3da2739bb3f2 Mon Sep 17 00:00:00 2001 From: alext Date: Sun, 29 Jul 2018 16:08:41 +0200 Subject: [PATCH] Providers should not be able to create appointments for other providers in the backend calendar page. #510 --- CHANGELOG.md | 1 + src/assets/js/backend_calendar_appointments_modal.js | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 82836036..d96c0a2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - #485: Make REST API search check with "q" parameter case insensitive. - #489: REST API response headers must use the Content-Type application/json value. - #500: Performance optimization in backend calendar page, after the user clicks the insert appointment button. +- #510: Providers should not be able to create appointments for other providers in the backend calendar page. - #512: Only show appointments of the currently logged in provider. ## [1.3.1] diff --git a/src/assets/js/backend_calendar_appointments_modal.js b/src/assets/js/backend_calendar_appointments_modal.js index d3021b7c..a1d18a4d 100755 --- a/src/assets/js/backend_calendar_appointments_modal.js +++ b/src/assets/js/backend_calendar_appointments_modal.js @@ -299,6 +299,14 @@ window.BackendCalendarAppointmentsModal = window.BackendCalendarAppointmentsModa // Update the providers select box. $.each(GlobalVariables.availableProviders, function (indexProvider, provider) { $.each(provider.services, function (indexService, serviceId) { + if (GlobalVariables.user.role_slug === Backend.DB_SLUG_PROVIDER && parseInt(provider.id) !== GlobalVariables.user.id) { + return true; // continue + } + + if (GlobalVariables.user.role_slug === Backend.DB_SLUG_SECRETARY && GlobalVariables.secretaryProviders.indexOf(provider.id) === -1) { + return true; // continue + } + // If the current provider is able to provide the selected service, add him to the listbox. if (serviceId == sid) { var optionHtml = '