diff --git a/src/application/config/constants.php b/src/application/config/constants.php index deefe73e..aa44e0a8 100644 --- a/src/application/config/constants.php +++ b/src/application/config/constants.php @@ -64,12 +64,12 @@ define('PRIV_ADD', 2); define('PRIV_EDIT', 4); define('PRIV_DELETE', 8); -define('PAGE_APPOINTMENTS', 'appointments'); -define('PAGE_CUSTOMERS', 'customers'); -define('PAGE_SERVICES', 'services'); -define('PAGE_USERS', 'users'); -define('PAGE_SYSTEM_SETTINGS', 'system_settings'); -define('PAGE_USER_SETTINGS', 'user_settings'); +define('PRIV_APPOINTMENTS', 'appointments'); +define('PRIV_CUSTOMERS', 'customers'); +define('PRIV_SERVICES', 'services'); +define('PRIV_USERS', 'users'); +define('PRIV_SYSTEM_SETTINGS', 'system_settings'); +define('PRIV_USER_SETTINGS', 'user_settings'); define('MIN_PASSWORD_LENGTH', 7); /* End of file constants.php */ diff --git a/src/application/controllers/backend.php b/src/application/controllers/backend.php index ae0fe46a..8994b34f 100644 --- a/src/application/controllers/backend.php +++ b/src/application/controllers/backend.php @@ -19,19 +19,22 @@ class Backend extends CI_Controller { */ public function index($appointment_hash = '') { $this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend'); - if (!$this->hasPrivileges(PAGE_APPOINTMENTS)) return; + if (!$this->hasPrivileges(PRIV_APPOINTMENTS)) return; $this->load->model('appointments_model'); $this->load->model('providers_model'); $this->load->model('services_model'); $this->load->model('customers_model'); $this->load->model('settings_model'); + $this->load->model('roles_model'); $view['base_url'] = $this->config->item('base_url'); $view['book_advance_timeout'] = $this->settings_model->get_setting('book_advance_timeout'); $view['company_name'] = $this->settings_model->get_setting('company_name'); $view['available_providers'] = $this->providers_model->get_available_providers(); $view['available_services'] = $this->services_model->get_available_services(); + $view['customers'] = $this->customers_model->get_batch(); + $this->setUserData($view); if ($appointment_hash != '') { $results = $this->appointments_model->get_batch(array('hash' => $appointment_hash)); @@ -54,7 +57,7 @@ class Backend extends CI_Controller { */ public function customers() { $this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/customers'); - if (!$this->hasPrivileges(PAGE_CUSTOMERS)) return; + if (!$this->hasPrivileges(PRIV_CUSTOMERS)) return; $this->load->model('providers_model'); $this->load->model('customers_model'); @@ -66,6 +69,7 @@ class Backend extends CI_Controller { $view['customers'] = $this->customers_model->get_batch(); $view['available_providers'] = $this->providers_model->get_available_providers(); $view['available_services'] = $this->services_model->get_available_services(); + $this->setUserData($view); $this->load->view('backend/header', $view); $this->load->view('backend/customers', $view); @@ -83,7 +87,7 @@ class Backend extends CI_Controller { */ public function services() { $this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/services'); - if (!$this->hasPrivileges(PAGE_SERVICES)) return; + if (!$this->hasPrivileges(PRIV_SERVICES)) return; $this->load->model('customers_model'); $this->load->model('services_model'); @@ -93,6 +97,7 @@ class Backend extends CI_Controller { $view['company_name'] = $this->settings_model->get_setting('company_name'); $view['services'] = $this->services_model->get_batch(); $view['categories'] = $this->services_model->get_all_categories(); + $this->setUserData($view); $this->load->view('backend/header', $view); $this->load->view('backend/services', $view); @@ -108,7 +113,7 @@ class Backend extends CI_Controller { */ public function users() { $this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/users'); - if (!$this->hasPrivileges(PAGE_USERS)) return; + if (!$this->hasPrivileges(PRIV_USERS)) return; $this->load->model('providers_model'); $this->load->model('secretaries_model'); @@ -123,6 +128,7 @@ class Backend extends CI_Controller { $view['secretaries'] = $this->secretaries_model->get_batch(); $view['services'] = $this->services_model->get_batch(); $view['working_plan'] = $this->settings_model->get_setting('company_working_plan'); + $this->setUserData($view); $this->load->view('backend/header', $view); $this->load->view('backend/users', $view); @@ -138,8 +144,8 @@ class Backend extends CI_Controller { */ public function settings() { $this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/settings'); - if (!$this->hasPrivileges(PAGE_SYSTEM_SETTINGS) - && !$this->hasPrivileges(PAGE_USER_SETTINGS)) return; + if (!$this->hasPrivileges(PRIV_SYSTEM_SETTINGS, FALSE) + && !$this->hasPrivileges(PRIV_USER_SETTINGS)) return; $this->load->model('settings_model'); $this->load->model('user_model'); @@ -152,6 +158,7 @@ class Backend extends CI_Controller { $view['role_slug'] = $this->session->userdata('role_slug'); $view['system_settings'] = $this->settings_model->get_settings(); $view['user_settings'] = $this->user_model->get_settings($user_id); + $this->setUserData($view); $this->load->view('backend/header', $view); $this->load->view('backend/settings', $view); @@ -199,6 +206,21 @@ class Backend extends CI_Controller { return TRUE; } + + /** + * Set the user data in order to be available at the view and js code. + * + * @param array $view Contains the view data. + */ + public function setUserData(&$view) { + $this->load->model('roles_model'); + + // Get privileges + $view['user_id'] = $this->session->userdata('user_id'); + $view['user_email'] = $this->session->userdata('user_email'); + $view['role_slug'] = $this->session->userdata('role_slug'); + $view['privileges'] = $this->roles_model->get_privileges($this->session->userdata('role_slug')); + } } /* End of file backend.php */ diff --git a/src/application/controllers/backend_api.php b/src/application/controllers/backend_api.php index d1b41fb2..eec38de2 100644 --- a/src/application/controllers/backend_api.php +++ b/src/application/controllers/backend_api.php @@ -4,6 +4,17 @@ * Contains all the backend ajax calls. */ class Backend_api extends CI_Controller { + private $privileges; + + public function __construct() { + parent::__construct(); + + $this->load->library('session'); + $this->load->model('roles_model'); + $this->privileges = $this->roles_model->get_privileges($this->session->userdata('role_slug')); + } + + /** * [AJAX] Get the registered appointments for the given date period and record. * @@ -16,12 +27,16 @@ class Backend_api extends CI_Controller { * @param {string} $_POST['end_date'] The user selected end date. */ public function ajax_get_calendar_appointments() { - $this->load->model('appointments_model'); - $this->load->model('providers_model'); - $this->load->model('services_model'); - $this->load->model('customers_model'); - try { + if ($this->privileges[PRIV_APPOINTMENTS]['view'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + + $this->load->model('appointments_model'); + $this->load->model('providers_model'); + $this->load->model('services_model'); + $this->load->model('customers_model'); + if ($_POST['filter_type'] == FILTER_TYPE_PROVIDER) { $where_id = 'id_users_provider'; } else { @@ -85,12 +100,28 @@ class Backend_api extends CI_Controller { // :: SAVE CUSTOMER CHANGES TO DATABASE if (isset($_POST['customer_data'])) { $customer = json_decode(stripcslashes($_POST['customer_data']), true); + + $REQUIRED_PRIV = (!isset($customer['id'])) + ? $this->privileges[PRIV_CUSTOMERS]['add'] + : $this->privileges[PRIV_CUSTOMERS]['edit']; + if ($REQUIRED_PRIV == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $customer['id'] = $this->customers_model->add($customer); } // :: SAVE APPOINTMENT CHANGES TO DATABASE if (isset($_POST['appointment_data'])) { $appointment = json_decode(stripcslashes($_POST['appointment_data']), true); + + $REQUIRED_PRIV = (!isset($appointment['id'])) + ? $this->privileges[PRIV_APPOINTMENTS]['add'] + : $this->privileges[PRIV_APPOINTMENTS]['edit']; + if ($REQUIRED_PRIV == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $manage_mode = isset($appointment['id']); // If the appointment does not contain the customer record id, then it // means that is is going to be inserted. Get the customer's record id. @@ -210,6 +241,10 @@ class Backend_api extends CI_Controller { */ public function ajax_delete_appointment() { try { + if ($this->privileges[PRIV_APPOINTMENTS]['delete'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + if (!isset($_POST['appointment_id'])) { throw new Exception('No appointment id provided.'); } @@ -298,6 +333,10 @@ class Backend_api extends CI_Controller { */ public function ajax_disable_provider_sync() { try { + if ($this->privileges[PRIV_USERS]['edit'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + if (!isset($_POST['provider_id'])) { throw new Exception('Provider id not specified.'); } @@ -323,6 +362,10 @@ class Backend_api extends CI_Controller { */ public function ajax_filter_customers() { try { + if ($this->privileges[PRIV_CUSTOMERS]['view'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('appointments_model'); $this->load->model('services_model'); $this->load->model('providers_model'); @@ -355,8 +398,6 @@ class Backend_api extends CI_Controller { $customer['appointments'] = $appointments; } - - echo json_encode($customers); } catch(Exception $exc) { @@ -374,13 +415,22 @@ class Backend_api extends CI_Controller { */ public function ajax_save_unavailable() { try { + // Check privileges + $unavailable = json_decode($_POST['unavailable'], true); + + $REQUIRED_PRIV = (!isset($unavailable['id'])) + ? $this->privileges[PRIV_APPOINTMENTS]['add'] + : $this->privileges[PRIV_APPOINTMENTS]['edit']; + if ($REQUIRED_PRIV == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('appointments_model'); $this->load->model('providers_model'); // Add appointment - $unavailable = json_decode($_POST['unavailable'], true); $unavailable['id'] = $this->appointments_model->add_unavailable($unavailable); - $unavailable = $this->appointments_model->get_row($unavailable['id']); + $unavailable = $this->appointments_model->get_row($unavailable['id']); // fetch all inserted data // Google Sync try { @@ -428,6 +478,10 @@ class Backend_api extends CI_Controller { */ public function ajax_delete_unavailable() { try { + if ($this->privileges[PRIV_APPOINTMENTS]['delete'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('appointments_model'); $this->load->model('providers_model'); @@ -474,6 +528,14 @@ class Backend_api extends CI_Controller { try { $this->load->model('customers_model'); $customer = json_decode($_POST['customer'], true); + + $REQUIRED_PRIV = (!isset($customer['id'])) + ? $this->privileges[PRIV_CUSTOMERS]['add'] + : $this->privileges[PRIV_CUSTOMERS]['edit']; + if ($REQUIRED_PRIV == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $customer_id = $this->customers_model->add($customer); echo json_encode(array( 'status' => AJAX_SUCCESS, @@ -493,6 +555,10 @@ class Backend_api extends CI_Controller { */ public function ajax_delete_customer() { try { + if ($this->privileges[PRIV_CUSTOMERS]['delete'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('customers_model'); $this->customers_model->delete($_POST['customer_id']); echo json_encode(AJAX_SUCCESS); @@ -512,6 +578,14 @@ class Backend_api extends CI_Controller { try { $this->load->model('services_model'); $service = json_decode($_POST['service'], true); + + $REQUIRED_PRIV = (!isset($service['id'])) + ? $this->privileges[PRIV_SERVICES]['add'] + : $this->privileges[PRIV_SERVICES]['edit']; + if ($REQUIRED_PRIV == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $service_id =$this->services_model->add($service); echo json_encode(array( 'status' => AJAX_SUCCESS, @@ -531,6 +605,10 @@ class Backend_api extends CI_Controller { */ public function ajax_delete_service() { try { + if ($this->privileges[PRIV_SERVICES]['delete'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('services_model'); $result = $this->services_model->delete($_POST['service_id']); echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE); @@ -549,6 +627,10 @@ class Backend_api extends CI_Controller { */ public function ajax_filter_services() { try { + if ($this->privileges[PRIV_SERVICES]['view'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('services_model'); $key = mysql_real_escape_string($_POST['key']); $where = @@ -574,6 +656,14 @@ class Backend_api extends CI_Controller { try { $this->load->model('services_model'); $category = json_decode($_POST['category'], true); + + $REQUIRED_PRIV = (!isset($category['id'])) + ? $this->privileges[PRIV_SERVICES]['add'] + : $this->privileges[PRIV_SERVICES]['edit']; + if ($REQUIRED_PRIV == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $category_id = $this->services_model->add_category($category); echo json_encode(array( 'status' => AJAX_SUCCESS, @@ -593,6 +683,10 @@ class Backend_api extends CI_Controller { */ public function ajax_delete_service_category() { try { + if ($this->privileges[PRIV_SERVICES]['delete'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('services_model'); $result = $this->services_model->delete_category($_POST['category_id']); echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE); @@ -611,6 +705,10 @@ class Backend_api extends CI_Controller { */ public function ajax_filter_service_categories() { try { + if ($this->privileges[PRIV_SERVICES]['view'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('services_model'); $key = mysql_real_escape_string($_POST['key']); $where = '(name LIKE "%' . $key . '%" OR description LIKE "%' . $key . '%")'; @@ -631,6 +729,10 @@ class Backend_api extends CI_Controller { */ public function ajax_filter_admins() { try { + if ($this->privileges[PRIV_USERS]['view'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('admins_model'); $key = mysql_real_escape_string($_POST['key']); $where = @@ -660,6 +762,14 @@ class Backend_api extends CI_Controller { try { $this->load->model('admins_model'); $admin = json_decode($_POST['admin'], true); + + $REQUIRED_PRIV = (!isset($admin['id'])) + ? $this->privileges[PRIV_USERS]['add'] + : $this->privileges[PRIV_USERS]['edit']; + if ($REQUIRED_PRIV == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $admin_id = $this->admins_model->add($admin); $response = array( @@ -683,6 +793,10 @@ class Backend_api extends CI_Controller { */ public function ajax_delete_admin() { try { + if ($this->privileges[PRIV_USERS]['delete'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('admins_model'); $result = $this->admins_model->delete($_POST['admin_id']); echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE); @@ -701,6 +815,10 @@ class Backend_api extends CI_Controller { */ public function ajax_filter_providers() { try { + if ($this->privileges[PRIV_USERS]['view'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('providers_model'); $key = mysql_real_escape_string($_POST['key']); $where = @@ -731,6 +849,13 @@ class Backend_api extends CI_Controller { $this->load->model('providers_model'); $provider = json_decode($_POST['provider'], true); + $REQUIRED_PRIV = (!isset($provider['id'])) + ? $this->privileges[PRIV_USERS]['add'] + : $this->privileges[PRIV_USERS]['edit']; + if ($REQUIRED_PRIV == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + if (!isset($provider['settings']['working_plan'])) { $this->load->model('settings_model'); $provider['settings']['working_plan'] = $this->settings_model @@ -759,6 +884,10 @@ class Backend_api extends CI_Controller { */ public function ajax_delete_provider() { try { + if ($this->privileges[PRIV_USERS]['delete'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('providers_model'); $result = $this->providers_model->delete($_POST['provider_id']); echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE); @@ -777,6 +906,10 @@ class Backend_api extends CI_Controller { */ public function ajax_filter_secretaries() { try { + if ($this->privileges[PRIV_USERS]['view'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('secretaries_model'); $key = mysql_real_escape_string($_POST['key']); $where = @@ -806,6 +939,14 @@ class Backend_api extends CI_Controller { try { $this->load->model('secretaries_model'); $secretary = json_decode($_POST['secretary'], true); + + $REQUIRED_PRIV = (!isset($secretary['id'])) + ? $this->privileges[PRIV_USERS]['add'] + : $this->privileges[PRIV_USERS]['edit']; + if ($REQUIRED_PRIV == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $secretary_id = $this->secretaries_model->add($secretary); echo json_encode(array( @@ -827,6 +968,10 @@ class Backend_api extends CI_Controller { */ public function ajax_delete_secretary() { try { + if ($this->privileges[PRIV_USERS]['delete'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } + $this->load->model('secretaries_model'); $result = $this->secretaries_model->delete($_POST['secretary_id']); echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE); @@ -850,10 +995,16 @@ class Backend_api extends CI_Controller { public function ajax_save_settings() { try { if ($_POST['type'] == SETTINGS_SYSTEM) { + if ($this->privileges[PRIV_SYSTEM_SETTINGS]['edit'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } $this->load->model('settings_model'); $settings = json_decode($_POST['settings'], true); $this->settings_model->save_settings($settings); } else if ($_POST['type'] == SETTINGS_USER) { + if ($this->privileges[PRIV_USER_SETTINGS]['edit'] == FALSE) { + throw new Exception('You do not have the required privileges for this task.'); + } $this->load->model('user_model'); $this->user_model->save_settings(json_decode($_POST['settings'], true)); } diff --git a/src/application/controllers/user.php b/src/application/controllers/user.php index 4966930f..138706da 100644 --- a/src/application/controllers/user.php +++ b/src/application/controllers/user.php @@ -38,11 +38,18 @@ class User extends CI_Controller { } public function no_privileges() { - // can't view the requested page. + $view['base_url'] = $this->config->item('base_url'); + $this->load->view('user/no_privileges', $view); } /** * [AJAX] Check whether the user has entered the correct login credentials. + * + * The session data of a logged in user are the following: + * 'user_id' + * 'user_email' + * 'role_slug' + * 'dest_url' */ public function ajax_check_login() { try { diff --git a/src/application/models/admins_model.php b/src/application/models/admins_model.php index ca249818..3fbe331b 100644 --- a/src/application/models/admins_model.php +++ b/src/application/models/admins_model.php @@ -35,9 +35,7 @@ class Admins_Model extends CI_Model { * @throws Exception When the admin data are invalid (see validate() method). */ public function add($admin) { - if (!$this->validate($admin)) { - throw new Exception('Admin data are invalid: ' . print_r($admin, TRUE)); - } + $this->validate($admin); if ($this->exists($admin) && !isset($admin['id'])) { $admin['id'] = $this->find_record_id($admin); @@ -178,44 +176,42 @@ class Admins_Model extends CI_Model { * * @param array $admin Contains the admin user data. * @return bool Returns the validation result. + * + * @throws Exception When data are invalid. */ public function validate($admin) { $this->load->helper('data_validation'); - - try { - // If a record id is provided then check whether the record exists in the database. - if (isset($admin['id'])) { - $num_rows = $this->db->get_where('ea_users', array('id' => $admin['id'])) - ->num_rows(); - if ($num_rows == 0) { - throw new Exception('Given admin id does not exist in database: ' . $admin['id']); - } + + // If a record id is provided then check whether the record exists in the database. + if (isset($admin['id'])) { + $num_rows = $this->db->get_where('ea_users', array('id' => $admin['id'])) + ->num_rows(); + if ($num_rows == 0) { + throw new Exception('Given admin id does not exist in database: ' . $admin['id']); } - - // Validate required fields integrity. - if (!isset($admin['last_name']) - || !isset($admin['email']) - || !isset($admin['phone_number'])) { - throw new Exception('Not all required fields are provided : ' . print_r($admin, TRUE)); - } - - // Validate admin email address. - if (!filter_var($admin['email'], FILTER_VALIDATE_EMAIL)) { - throw new Exception('Invalid email address provided : ' . $admin['email']); - } - - // Validate admin password - if (isset($admin['settings']['password'])) { - if (strlen($admin['settings']['password']) < MIN_PASSWORD_LENGTH) { - throw new Exception('The user password must be at least ' - . MIN_PASSWORD_LENGTH . ' characters long.'); - } - } - - return TRUE; - } catch (Exception $exc) { - return FALSE; } + + // Validate required fields integrity. + if (!isset($admin['last_name']) + || !isset($admin['email']) + || !isset($admin['phone_number'])) { + throw new Exception('Not all required fields are provided : ' . print_r($admin, TRUE)); + } + + // Validate admin email address. + if (!filter_var($admin['email'], FILTER_VALIDATE_EMAIL)) { + throw new Exception('Invalid email address provided : ' . $admin['email']); + } + + // Validate admin password + if (isset($admin['settings']['password'])) { + if (strlen($admin['settings']['password']) < MIN_PASSWORD_LENGTH) { + throw new Exception('The user password must be at least ' + . MIN_PASSWORD_LENGTH . ' characters long.'); + } + } + + return TRUE; // Operation completed successfully. } /** diff --git a/src/application/models/appointments_model.php b/src/application/models/appointments_model.php index 01518421..98f14837 100644 --- a/src/application/models/appointments_model.php +++ b/src/application/models/appointments_model.php @@ -21,9 +21,7 @@ class Appointments_Model extends CI_Model { */ public function add($appointment) { // Validate the appointment data before doing anything. - if (!$this->validate($appointment)) { - throw new Exception('Appointment data are invalid.'); - } + $this->validate($appointment); // Perform insert() or update() operation. if (!isset($appointment['id'])) { @@ -148,64 +146,60 @@ class Appointments_Model extends CI_Model { public function validate($appointment) { $this->load->helper('data_validation'); - try { - // If a appointment id is given, check wether the record exists - // in the database. - if (isset($appointment['id'])) { - $num_rows = $this->db->get_where('ea_appointments', - array('id' => $appointment['id']))->num_rows(); - if ($num_rows == 0) { - throw new Exception('Provided appointment id does not ' - . 'exist in the database.'); - } - } - - // Check if appointment dates are valid. - if (!validate_mysql_datetime($appointment['start_datetime'])) { - throw new Exception('Appointment start datetime is invalid.'); - } - - if (!validate_mysql_datetime($appointment['end_datetime'])) { - throw new Exception('Appointment end datetime is invalid.'); + // If a appointment id is given, check wether the record exists + // in the database. + if (isset($appointment['id'])) { + $num_rows = $this->db->get_where('ea_appointments', + array('id' => $appointment['id']))->num_rows(); + if ($num_rows == 0) { + throw new Exception('Provided appointment id does not ' + . 'exist in the database.'); } + } - // Check if the provider's id is valid. + // Check if appointment dates are valid. + if (!validate_mysql_datetime($appointment['start_datetime'])) { + throw new Exception('Appointment start datetime is invalid.'); + } + + if (!validate_mysql_datetime($appointment['end_datetime'])) { + throw new Exception('Appointment end datetime is invalid.'); + } + + // Check if the provider's id is valid. + $num_rows = $this->db + ->select('*') + ->from('ea_users') + ->join('ea_roles', 'ea_roles.id = ea_users.id_roles', 'inner') + ->where('ea_users.id', $appointment['id_users_provider']) + ->where('ea_roles.slug', DB_SLUG_PROVIDER) + ->get()->num_rows(); + if ($num_rows == 0) { + throw new Exception('Appointment provider id is invalid.'); + } + + if ($appointment['is_unavailable'] == FALSE) { + // Check if the customer's id is valid. $num_rows = $this->db ->select('*') ->from('ea_users') ->join('ea_roles', 'ea_roles.id = ea_users.id_roles', 'inner') - ->where('ea_users.id', $appointment['id_users_provider']) - ->where('ea_roles.slug', DB_SLUG_PROVIDER) + ->where('ea_users.id', $appointment['id_users_customer']) + ->where('ea_roles.slug', DB_SLUG_CUSTOMER) ->get()->num_rows(); if ($num_rows == 0) { - throw new Exception('Appointment provider id is invalid.'); + throw new Exception('Appointment customer id is invalid.'); } - - if ($appointment['is_unavailable'] == FALSE) { - // Check if the customer's id is valid. - $num_rows = $this->db - ->select('*') - ->from('ea_users') - ->join('ea_roles', 'ea_roles.id = ea_users.id_roles', 'inner') - ->where('ea_users.id', $appointment['id_users_customer']) - ->where('ea_roles.slug', DB_SLUG_CUSTOMER) - ->get()->num_rows(); - if ($num_rows == 0) { - throw new Exception('Appointment customer id is invalid.'); - } - - // Check if the service id is valid. - $num_rows = $this->db->get_where('ea_services', - array('id' => $appointment['id_services']))->num_rows(); - if ($num_rows == 0) { - throw new Exception('Appointment customer id is invalid.'); - } + + // Check if the service id is valid. + $num_rows = $this->db->get_where('ea_services', + array('id' => $appointment['id_services']))->num_rows(); + if ($num_rows == 0) { + throw new Exception('Appointment customer id is invalid.'); } - - return TRUE; - } catch (Exception $exc) { - return FALSE; } + + return TRUE; } /** diff --git a/src/application/models/customers_model.php b/src/application/models/customers_model.php index ae2c7a25..220623c0 100644 --- a/src/application/models/customers_model.php +++ b/src/application/models/customers_model.php @@ -21,9 +21,7 @@ class Customers_Model extends CI_Model { */ public function add($customer) { // Validate the customer data before doing anything. - if (!$this->validate($customer)) { - throw new Exception('Customer data are not valid.'); - } + !$this->validate($customer); // :: CHECK IF CUSTOMER ALREADY EXIST (FROM EMAIL). if ($this->exists($customer) && !isset($customer['id'])) { @@ -158,35 +156,32 @@ class Customers_Model extends CI_Model { public function validate($customer) { $this->load->helper('data_validation'); - try { - // If a customer id is provided, check whether the record - // exist in the database. - if (isset($customer['id'])) { - $num_rows = $this->db->get_where('ea_users', - array('id' => $customer['id']))->num_rows(); - if ($num_rows == 0) { - throw new Exception('Provided customer id does not ' - . 'exist in the database.'); - } + + // If a customer id is provided, check whether the record + // exist in the database. + if (isset($customer['id'])) { + $num_rows = $this->db->get_where('ea_users', + array('id' => $customer['id']))->num_rows(); + if ($num_rows == 0) { + throw new Exception('Provided customer id does not ' + . 'exist in the database.'); } - // Validate required fields - if (!isset($customer['last_name']) - || !isset($customer['email']) - || !isset($customer['phone_number'])) { - throw new Exception('Not all required fields are provided : ' - . print_r($customer, TRUE)); - } - - // Validate email address - if (!filter_var($customer['email'], FILTER_VALIDATE_EMAIL)) { - throw new Exception('Invalid email address provided : ' - . $customer['email']); - } - - return TRUE; - } catch (Exception $exc) { - return FALSE; } + // Validate required fields + if (!isset($customer['last_name']) + || !isset($customer['email']) + || !isset($customer['phone_number'])) { + throw new Exception('Not all required fields are provided : ' + . print_r($customer, TRUE)); + } + + // Validate email address + if (!filter_var($customer['email'], FILTER_VALIDATE_EMAIL)) { + throw new Exception('Invalid email address provided : ' + . $customer['email']); + } + + return TRUE; } /** diff --git a/src/application/models/providers_model.php b/src/application/models/providers_model.php index 0e49ed06..2a8813f6 100644 --- a/src/application/models/providers_model.php +++ b/src/application/models/providers_model.php @@ -48,9 +48,7 @@ class Providers_Model extends CI_Model { * @throws Exception When the record data validation fails. */ public function add($provider) { - if (!$this->validate($provider)) { - throw new Exception('Provider data are not valid :' . print_r($provider, TRUE)); - } + $this->validate($provider); if ($this->exists($provider) && !isset($provider['id'])) { $provider['id'] = $this->find_record_id($provider); @@ -196,58 +194,54 @@ class Providers_Model extends CI_Model { public function validate($provider) { $this->load->helper('data_validation'); - try { - // If a provider id is present, check whether the record exist in the database. - if (isset($provider['id'])) { - $num_rows = $this->db->get_where('ea_users', - array('id' => $provider['id']))->num_rows(); - if ($num_rows == 0) { - throw new Exception('Provided record id does not exist in the database.'); - } + // If a provider id is present, check whether the record exist in the database. + if (isset($provider['id'])) { + $num_rows = $this->db->get_where('ea_users', + array('id' => $provider['id']))->num_rows(); + if ($num_rows == 0) { + throw new Exception('Provided record id does not exist in the database.'); } - - // Validate required fields. - if (!isset($provider['last_name']) - || !isset($provider['email']) - || !isset($provider['phone_number'])) { - throw new Exception('Not all required fields are provided : ' . print_r($provider, TRUE)); - } - - // Validate provider email address. - if (!filter_var($provider['email'], FILTER_VALIDATE_EMAIL)) { - throw new Exception('Invalid email address provided : ' . $provider['email']); - } - - // Validate provider services. - if (!isset($provider['services']) || !is_array($provider['services'])) { - throw new Exception('Invalid provider services given: ' . print_r($provider, TRUE)); - } else { // Check if services are valid numeric values. - foreach($provider['services'] as $service_id) { - if (!is_numeric($service_id)) { - throw new Exception('A provider service with invalid id was found: ' - . print_r($provider, TRUE)); - } - } - } - - // Validate provider settings. - if (!isset($provider['settings']) || count($provider['settings']) == 0 - || !is_array($provider['settings'])) { - throw new Exception('Invalid provider settings given: ' . print_r($provider, TRUE)); - } - - // Validate admin password - if (isset($provider['settings']['password'])) { - if (strlen($provider['settings']['password']) < MIN_PASSWORD_LENGTH) { - throw new Exception('The user password must be at least ' - . MIN_PASSWORD_LENGTH . ' characters long.'); - } - } - - return TRUE; - } catch (Exception $exc) { - return FALSE; } + + // Validate required fields. + if (!isset($provider['last_name']) + || !isset($provider['email']) + || !isset($provider['phone_number'])) { + throw new Exception('Not all required fields are provided : ' . print_r($provider, TRUE)); + } + + // Validate provider email address. + if (!filter_var($provider['email'], FILTER_VALIDATE_EMAIL)) { + throw new Exception('Invalid email address provided : ' . $provider['email']); + } + + // Validate provider services. + if (!isset($provider['services']) || !is_array($provider['services'])) { + throw new Exception('Invalid provider services given: ' . print_r($provider, TRUE)); + } else { // Check if services are valid numeric values. + foreach($provider['services'] as $service_id) { + if (!is_numeric($service_id)) { + throw new Exception('A provider service with invalid id was found: ' + . print_r($provider, TRUE)); + } + } + } + + // Validate provider settings. + if (!isset($provider['settings']) || count($provider['settings']) == 0 + || !is_array($provider['settings'])) { + throw new Exception('Invalid provider settings given: ' . print_r($provider, TRUE)); + } + + // Validate admin password + if (isset($provider['settings']['password'])) { + if (strlen($provider['settings']['password']) < MIN_PASSWORD_LENGTH) { + throw new Exception('The user password must be at least ' + . MIN_PASSWORD_LENGTH . ' characters long.'); + } + } + + return TRUE; } /** diff --git a/src/application/models/roles_model.php b/src/application/models/roles_model.php index 556286ac..955522ef 100644 --- a/src/application/models/roles_model.php +++ b/src/application/models/roles_model.php @@ -18,6 +18,55 @@ class Roles_Model extends CI_Model { public function get_role_id($role_slug) { return $this->db->get_where('ea_roles', array('slug' => $role_slug))->row()->id; } + + /** + * Returns all the privileges (bool values) of a role slug. + * + * The privilege numbers are converted into bool values of the four main actions (view, + * add, edit, delete). By checking each value you can know if the user is able to perform + * this action. + * + * @param string $slug The role slug. + * @return array Returns the privilege value. + */ + public function get_privileges($slug) { + $privileges = $this->db->get_where('ea_roles', array('slug' => $slug))->row_array(); + unset($privileges['id'], $privileges['name'], $privileges['slug'], $privileges['is_admin']); + + // Convert the numeric values to bool so that is easier to check whether a + // user has the required privileges for a specific action. + foreach($privileges as &$value) { + $privileges_number = $value; + + $value = array( + 'view' => false, + 'add' => false, + 'edit' => false, + 'delete' => false + ); + + if ($privileges_number > 0) { + if (intval($privileges_number / PRIV_DELETE) == 1) { + $value['delete'] = TRUE; + $privileges_number -= PRIV_DELETE; + } + + if (intval($privileges_number / PRIV_EDIT) == 1) { + $value['edit'] = TRUE; + $privileges_number -= PRIV_EDIT; + } + + if (intval($privileges_number / PRIV_ADD) == 1) { + $value['add'] = TRUE; + $privileges_number -= PRIV_ADD; + } + + $value['view'] = TRUE; + } + } + + return $privileges; + } } /* End of file roles_model.php */ diff --git a/src/application/models/secretaries_model.php b/src/application/models/secretaries_model.php index 28254f87..8a9f904f 100644 --- a/src/application/models/secretaries_model.php +++ b/src/application/models/secretaries_model.php @@ -36,9 +36,7 @@ class Secretaries_Model extends CI_Model { * @throws Exception When the secretary data are invalid (see validate() method). */ public function add($secretary) { - if (!$this->validate($secretary)) { - throw new Exception('Secretary data are invalid: ' . print_r($secretary, TRUE)); - } + $this->validate($secretary); if ($this->exists($secretary) && !isset($secretary['id'])) { $secretary['id'] = $this->find_record_id($secretary); @@ -177,45 +175,41 @@ class Secretaries_Model extends CI_Model { public function validate($secretary) { $this->load->helper('data_validation'); - try { - // If a record id is provided then check whether the record exists in the database. - if (isset($secretary['id'])) { - $num_rows = $this->db->get_where('ea_users', array('id' => $secretary['id'])) - ->num_rows(); - if ($num_rows == 0) { - throw new Exception('Given secretary id does not exist in database: ' . $secretary['id']); - } + // If a record id is provided then check whether the record exists in the database. + if (isset($secretary['id'])) { + $num_rows = $this->db->get_where('ea_users', array('id' => $secretary['id'])) + ->num_rows(); + if ($num_rows == 0) { + throw new Exception('Given secretary id does not exist in database: ' . $secretary['id']); } - - // Validate 'providers' value datatype (must be array) - if (isset($secretary['providers']) && !is_array($secretary['providers'])) { - throw new Exception('Secretary providers value is not an array.'); - } - - // Validate required fields integrity. - if (!isset($secretary['last_name']) - || !isset($secretary['email']) - || !isset($secretary['phone_number'])) { - throw new Exception('Not all required fields are provided : ' . print_r($secretary, TRUE)); - } - - // Validate secretary email address. - if (!filter_var($secretary['email'], FILTER_VALIDATE_EMAIL)) { - throw new Exception('Invalid email address provided : ' . $secretary['email']); - } - - // Validate admin password - if (isset($secretary['settings']['password'])) { - if (strlen($secretary['settings']['password']) < MIN_PASSWORD_LENGTH) { - throw new Exception('The user password must be at least ' - . MIN_PASSWORD_LENGTH . ' characters long.'); - } - } - - return TRUE; - } catch (Exception $exc) { - return FALSE; } + + // Validate 'providers' value datatype (must be array) + if (isset($secretary['providers']) && !is_array($secretary['providers'])) { + throw new Exception('Secretary providers value is not an array.'); + } + + // Validate required fields integrity. + if (!isset($secretary['last_name']) + || !isset($secretary['email']) + || !isset($secretary['phone_number'])) { + throw new Exception('Not all required fields are provided : ' . print_r($secretary, TRUE)); + } + + // Validate secretary email address. + if (!filter_var($secretary['email'], FILTER_VALIDATE_EMAIL)) { + throw new Exception('Invalid email address provided : ' . $secretary['email']); + } + + // Validate admin password + if (isset($secretary['settings']['password'])) { + if (strlen($secretary['settings']['password']) < MIN_PASSWORD_LENGTH) { + throw new Exception('The user password must be at least ' + . MIN_PASSWORD_LENGTH . ' characters long.'); + } + } + + return TRUE; } /** diff --git a/src/application/models/services_model.php b/src/application/models/services_model.php index 6d3903cf..748a869e 100644 --- a/src/application/models/services_model.php +++ b/src/application/models/services_model.php @@ -15,9 +15,7 @@ class Services_Model extends CI_Model { * @return numeric Returns the record id. */ public function add($service) { - if (!$this->validate($service)) { - throw new Exception('Service data are invalid.'); - } + $this->validate($service); if (!isset($service['id'])) { $service['id'] = $this->insert($service); @@ -86,49 +84,45 @@ class Services_Model extends CI_Model { public function validate($service) { $this->load->helper('data_validation'); - try { - // If record id is provided we need to check whether the record exists - // in the database. - if (isset($service['id'])) { - $num_rows = $this->db->get_where('ea_services', array('id' => $service['id'])) - ->num_rows(); - if ($num_rows == 0) { - throw new Exception('Provided service id does not exist in the database.'); - } + // If record id is provided we need to check whether the record exists + // in the database. + if (isset($service['id'])) { + $num_rows = $this->db->get_where('ea_services', array('id' => $service['id'])) + ->num_rows(); + if ($num_rows == 0) { + throw new Exception('Provided service id does not exist in the database.'); } - - // Check if service category id is valid (only when present) - if ($service['id_service_categories'] != NULL) { - $num_rows = $this->db->get_where('ea_service_categories', - array('id' => $service['id_service_categories']))->num_rows(); - if ($num_rows == 0) { - throw new Exception('Provided service category id does not exist in database.'); - } - } - - // Check for required fields - if ($service['name'] == '') { - throw new Exception('Not all required service fields where provided: ' - . print_r($service, TRUE)); - } - - // Duration must be numeric - if ($service['duration'] !== NULL) { - if (!is_numeric($service['duration'])) { - throw new Exception('Service duration is not numeric.'); - } - } - - if ($service['price'] !== NULL) { - if (!is_numeric($service['price'])) { - throw new Exception('Service price is not numeric.'); - } - } - - return TRUE; - } catch(Exception $exc) { - return FALSE; } + + // Check if service category id is valid (only when present) + if ($service['id_service_categories'] != NULL) { + $num_rows = $this->db->get_where('ea_service_categories', + array('id' => $service['id_service_categories']))->num_rows(); + if ($num_rows == 0) { + throw new Exception('Provided service category id does not exist in database.'); + } + } + + // Check for required fields + if ($service['name'] == '') { + throw new Exception('Not all required service fields where provided: ' + . print_r($service, TRUE)); + } + + // Duration must be numeric + if ($service['duration'] !== NULL) { + if (!is_numeric($service['duration'])) { + throw new Exception('Service duration is not numeric.'); + } + } + + if ($service['price'] !== NULL) { + if (!is_numeric($service['price'])) { + throw new Exception('Service price is not numeric.'); + } + } + + return TRUE; } /** diff --git a/src/application/views/backend/calendar.php b/src/application/views/backend/calendar.php index fba193f8..97b3ab8f 100644 --- a/src/application/views/backend/calendar.php +++ b/src/application/views/backend/calendar.php @@ -16,7 +16,14 @@ 'availableServices' : , 'baseUrl' : , 'bookAdvanceTimeout' : , - 'editAppointment' : + 'editAppointment' : , + 'customers' : , + 'user' : { + 'id' : , + 'email' : , + 'role_slug' : , + 'privileges': + } }; $(document).ready(function() { @@ -33,6 +40,7 @@
+ +
+
-
+
@@ -75,9 +86,10 @@

Edit Appointment

- + +
@@ -115,7 +127,14 @@
- Customer Details + + Customer Details + + + + @@ -192,9 +211,11 @@

Add Unavailable Period

- +
+ +
diff --git a/src/application/views/backend/customers.php b/src/application/views/backend/customers.php index 60b88828..d7011816 100644 --- a/src/application/views/backend/customers.php +++ b/src/application/views/backend/customers.php @@ -9,7 +9,13 @@ 'availableProviders': , 'availableServices': , 'baseUrl': , - 'customers': + 'customers': , + 'user' : { + 'id' : , + 'email' : , + 'role_slug' : , + 'privileges': + } }; $(document).ready(function() { @@ -38,15 +44,23 @@
+ + + + + + + +