maket
/
MaketRandevu
1
1
Fork 0
Code Issues 15 Pull Requests Packages Projects Releases 4 Wiki Activity

Do not return appointments of a different user to the another provider or secretary on the default calendar screen.

This commit is contained in:
Alex Tselegidis 2023-04-15 14:39:12 +02:00
parent c7a304c197
commit 75b2473576
1 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
application/controllers/Calendar.php
View File

@ -671,6 +671,62 @@ class Calendar extends EA_Controller {
$unavailability['provider'] = $this->providers_model->find($unavailability['id_users_provider']);
}
unset($appointment);
$user_id = session('user_id');
$role_slug = session('role_slug');
// If the current user is a provider he must only see his own appointments.
if ($role_slug === DB_SLUG_PROVIDER)
{
foreach ($response['appointments'] as $index => $appointment)
{
if ((int)$appointment['id_users_provider'] !== (int)$user_id)
{
unset($response['appointments'][$index]);
}
}
$response['appointments'] = array_values($response['appointments']);
foreach ($response['unavailabilities'] as $index => $unavailability)
{
if ((int)$unavailability['id_users_provider'] !== (int)$user_id)
{
unset($response['unavailabilities'][$index]);
}
}
$response['unavailabilities'] = array_values($response['unavailabilities']);
}
// If the current user is a secretary he must only see the appointments of his providers.
if ($role_slug === DB_SLUG_SECRETARY)
{
$providers = $this->secretaries_model->find($user_id)['providers'];
foreach ($response['appointments'] as $index => $appointment)
{
if ( ! in_array((int)$appointment['id_users_provider'], $providers))
{
unset($response['appointments'][$index]);
}
}
$response['appointments'] = array_values($response['appointments']);
foreach ($response['unavailabilities'] as $index => $unavailability)
{
if ( ! in_array((int)$unavailability['id_users_provider'], $providers))
{
unset($response['unavailabilities'][$index]);
}
}
$response['unavailabilities'] = array_values($response['unavailabilities']);
}
json_response($response);
}
catch (Throwable $e)