forked from mirrors/easyappointments
Providers and secretaries shall not be able to see appointments of other providers (#512).
This commit is contained in:
parent
3fd0c2834b
commit
ba3227e11c
4 changed files with 23 additions and 1 deletions
|
@ -14,7 +14,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|||
- #485: Make REST API search check with "q" parameter case insensitive.
|
||||
- #489: REST API response headers must use the Content-Type application/json value.
|
||||
- #500: Performance optimization in backend calendar page, after the user clicks the insert appointment button.
|
||||
|
||||
- #512: Only show appointments of the currently logged in provider.
|
||||
|
||||
## [1.3.1]
|
||||
|
||||
### Added
|
||||
|
|
|
@ -122,6 +122,7 @@ class Backend extends CI_Controller {
|
|||
|
||||
$this->load->model('providers_model');
|
||||
$this->load->model('customers_model');
|
||||
$this->load->model('secretaries_model');
|
||||
$this->load->model('services_model');
|
||||
$this->load->model('settings_model');
|
||||
$this->load->model('user_model');
|
||||
|
@ -135,6 +136,17 @@ class Backend extends CI_Controller {
|
|||
$view['customers'] = $this->customers_model->get_batch();
|
||||
$view['available_providers'] = $this->providers_model->get_available_providers();
|
||||
$view['available_services'] = $this->services_model->get_available_services();
|
||||
|
||||
if ($this->session->userdata('role_slug') === DB_SLUG_SECRETARY)
|
||||
{
|
||||
$secretary = $this->secretaries_model->get_row($this->session->userdata('user_id'));
|
||||
$view['secretary_providers'] = $secretary['providers'];
|
||||
}
|
||||
else
|
||||
{
|
||||
$view['secretary_providers'] = [];
|
||||
}
|
||||
|
||||
$this->set_user_data($view);
|
||||
|
||||
$this->load->view('backend/header', $view);
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
csrfToken : <?= json_encode($this->security->get_csrf_hash()) ?>,
|
||||
availableProviders : <?= json_encode($available_providers) ?>,
|
||||
availableServices : <?= json_encode($available_services) ?>,
|
||||
secretaryProviders : <?= json_encode($secretary_providers) ?>,
|
||||
dateFormat : <?= json_encode($date_format) ?>,
|
||||
timeFormat : <?= json_encode($time_format) ?>,
|
||||
baseUrl : <?= json_encode($base_url) ?>,
|
||||
|
|
|
@ -317,6 +317,14 @@
|
|||
|
||||
$('#customer-appointments').empty();
|
||||
$.each(customer.appointments, function (index, appointment) {
|
||||
if (GlobalVariables.user.role_slug === Backend.DB_SLUG_PROVIDER && parseInt(appointment.id_users_provider) !== GlobalVariables.user.id) {
|
||||
return true; // continue
|
||||
}
|
||||
|
||||
if (GlobalVariables.user.role_slug === Backend.DB_SLUG_SECRETARY && GlobalVariables.secretaryProviders.indexOf(appointment.id_users_provider) === -1) {
|
||||
return true; // continue
|
||||
}
|
||||
|
||||
var start = GeneralFunctions.formatDate(Date.parse(appointment.start_datetime), GlobalVariables.dateFormat, true);
|
||||
var end = GeneralFunctions.formatDate(Date.parse(appointment.end_datetime), GlobalVariables.dateFormat, true);
|
||||
var html =
|
||||
|
|
Loading…
Reference in a new issue