forked from mirrors/easyappointments
Providers and secretaries shall not be able to see appointments of other providers (#512).
This commit is contained in:
parent
3fd0c2834b
commit
ba3227e11c
4 changed files with 23 additions and 1 deletions
|
@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
||||||
- #485: Make REST API search check with "q" parameter case insensitive.
|
- #485: Make REST API search check with "q" parameter case insensitive.
|
||||||
- #489: REST API response headers must use the Content-Type application/json value.
|
- #489: REST API response headers must use the Content-Type application/json value.
|
||||||
- #500: Performance optimization in backend calendar page, after the user clicks the insert appointment button.
|
- #500: Performance optimization in backend calendar page, after the user clicks the insert appointment button.
|
||||||
|
- #512: Only show appointments of the currently logged in provider.
|
||||||
|
|
||||||
## [1.3.1]
|
## [1.3.1]
|
||||||
|
|
||||||
|
|
|
@ -122,6 +122,7 @@ class Backend extends CI_Controller {
|
||||||
|
|
||||||
$this->load->model('providers_model');
|
$this->load->model('providers_model');
|
||||||
$this->load->model('customers_model');
|
$this->load->model('customers_model');
|
||||||
|
$this->load->model('secretaries_model');
|
||||||
$this->load->model('services_model');
|
$this->load->model('services_model');
|
||||||
$this->load->model('settings_model');
|
$this->load->model('settings_model');
|
||||||
$this->load->model('user_model');
|
$this->load->model('user_model');
|
||||||
|
@ -135,6 +136,17 @@ class Backend extends CI_Controller {
|
||||||
$view['customers'] = $this->customers_model->get_batch();
|
$view['customers'] = $this->customers_model->get_batch();
|
||||||
$view['available_providers'] = $this->providers_model->get_available_providers();
|
$view['available_providers'] = $this->providers_model->get_available_providers();
|
||||||
$view['available_services'] = $this->services_model->get_available_services();
|
$view['available_services'] = $this->services_model->get_available_services();
|
||||||
|
|
||||||
|
if ($this->session->userdata('role_slug') === DB_SLUG_SECRETARY)
|
||||||
|
{
|
||||||
|
$secretary = $this->secretaries_model->get_row($this->session->userdata('user_id'));
|
||||||
|
$view['secretary_providers'] = $secretary['providers'];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$view['secretary_providers'] = [];
|
||||||
|
}
|
||||||
|
|
||||||
$this->set_user_data($view);
|
$this->set_user_data($view);
|
||||||
|
|
||||||
$this->load->view('backend/header', $view);
|
$this->load->view('backend/header', $view);
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
csrfToken : <?= json_encode($this->security->get_csrf_hash()) ?>,
|
csrfToken : <?= json_encode($this->security->get_csrf_hash()) ?>,
|
||||||
availableProviders : <?= json_encode($available_providers) ?>,
|
availableProviders : <?= json_encode($available_providers) ?>,
|
||||||
availableServices : <?= json_encode($available_services) ?>,
|
availableServices : <?= json_encode($available_services) ?>,
|
||||||
|
secretaryProviders : <?= json_encode($secretary_providers) ?>,
|
||||||
dateFormat : <?= json_encode($date_format) ?>,
|
dateFormat : <?= json_encode($date_format) ?>,
|
||||||
timeFormat : <?= json_encode($time_format) ?>,
|
timeFormat : <?= json_encode($time_format) ?>,
|
||||||
baseUrl : <?= json_encode($base_url) ?>,
|
baseUrl : <?= json_encode($base_url) ?>,
|
||||||
|
|
|
@ -317,6 +317,14 @@
|
||||||
|
|
||||||
$('#customer-appointments').empty();
|
$('#customer-appointments').empty();
|
||||||
$.each(customer.appointments, function (index, appointment) {
|
$.each(customer.appointments, function (index, appointment) {
|
||||||
|
if (GlobalVariables.user.role_slug === Backend.DB_SLUG_PROVIDER && parseInt(appointment.id_users_provider) !== GlobalVariables.user.id) {
|
||||||
|
return true; // continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if (GlobalVariables.user.role_slug === Backend.DB_SLUG_SECRETARY && GlobalVariables.secretaryProviders.indexOf(appointment.id_users_provider) === -1) {
|
||||||
|
return true; // continue
|
||||||
|
}
|
||||||
|
|
||||||
var start = GeneralFunctions.formatDate(Date.parse(appointment.start_datetime), GlobalVariables.dateFormat, true);
|
var start = GeneralFunctions.formatDate(Date.parse(appointment.start_datetime), GlobalVariables.dateFormat, true);
|
||||||
var end = GeneralFunctions.formatDate(Date.parse(appointment.end_datetime), GlobalVariables.dateFormat, true);
|
var end = GeneralFunctions.formatDate(Date.parse(appointment.end_datetime), GlobalVariables.dateFormat, true);
|
||||||
var html =
|
var html =
|
||||||
|
|
Loading…
Reference in a new issue