maket/MaketRandevu
1
1
Fork 0
Code Issues 15 Pull requests Projects Releases 4 Packages Wiki Activity

* The user can now see the reason when a validation fails (during an add() procedure).

Browse source 
* Fixed service - provider connection in backend/calendar appointment modal.
* Backend notification messages on top are now disappearing after a few seconds (excluding cases where there are action items - the user must close the notification)
* The user will be able to select an existing customer from the backend/calendar appointment modal when creating a new appointment record.
* Started work on user privileges and on how the system performs according to that.
This commit is contained in:
alextselegidis@gmail.com 2013-09-26 16:06:57 +00:00
parent 148258385c
commit a9f3a5cbdb
27 changed files with 827 additions and 321 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/application/config/constants.php
View file

@ -64,12 +64,12 @@ define('PRIV_ADD', 2);
define('PRIV_EDIT', 4); define('PRIV_EDIT', 4);
define('PRIV_DELETE', 8); define('PRIV_DELETE', 8);
define('PAGE_APPOINTMENTS', 'appointments'); define('PRIV_APPOINTMENTS', 'appointments');
define('PAGE_CUSTOMERS', 'customers'); define('PRIV_CUSTOMERS', 'customers');
define('PAGE_SERVICES', 'services'); define('PRIV_SERVICES', 'services');
define('PAGE_USERS', 'users'); define('PRIV_USERS', 'users');
define('PAGE_SYSTEM_SETTINGS', 'system_settings'); define('PRIV_SYSTEM_SETTINGS', 'system_settings');
define('PAGE_USER_SETTINGS', 'user_settings'); define('PRIV_USER_SETTINGS', 'user_settings');
define('MIN_PASSWORD_LENGTH', 7); define('MIN_PASSWORD_LENGTH', 7);
/* End of file constants.php */ /* End of file constants.php */

34
src/application/controllers/backend.php
View file

@ -19,19 +19,22 @@ class Backend extends CI_Controller {
*/ */
public function index($appointment_hash = '') { public function index($appointment_hash = '') {
$this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend'); $this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend');
if (!$this->hasPrivileges(PAGE_APPOINTMENTS)) return; if (!$this->hasPrivileges(PRIV_APPOINTMENTS)) return;
$this->load->model('appointments_model'); $this->load->model('appointments_model');
$this->load->model('providers_model'); $this->load->model('providers_model');
$this->load->model('services_model'); $this->load->model('services_model');
$this->load->model('customers_model'); $this->load->model('customers_model');
$this->load->model('settings_model'); $this->load->model('settings_model');
$this->load->model('roles_model');
$view['base_url'] = $this->config->item('base_url'); $view['base_url'] = $this->config->item('base_url');
$view['book_advance_timeout'] = $this->settings_model->get_setting('book_advance_timeout'); $view['book_advance_timeout'] = $this->settings_model->get_setting('book_advance_timeout');
$view['company_name'] = $this->settings_model->get_setting('company_name'); $view['company_name'] = $this->settings_model->get_setting('company_name');
$view['available_providers'] = $this->providers_model->get_available_providers(); $view['available_providers'] = $this->providers_model->get_available_providers();
$view['available_services'] = $this->services_model->get_available_services(); $view['available_services'] = $this->services_model->get_available_services();
$view['customers'] = $this->customers_model->get_batch();
$this->setUserData($view);
if ($appointment_hash != '') { if ($appointment_hash != '') {
$results = $this->appointments_model->get_batch(array('hash' => $appointment_hash)); $results = $this->appointments_model->get_batch(array('hash' => $appointment_hash));
@ -54,7 +57,7 @@ class Backend extends CI_Controller {
*/ */
public function customers() { public function customers() {
$this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/customers'); $this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/customers');
if (!$this->hasPrivileges(PAGE_CUSTOMERS)) return; if (!$this->hasPrivileges(PRIV_CUSTOMERS)) return;
$this->load->model('providers_model'); $this->load->model('providers_model');
$this->load->model('customers_model'); $this->load->model('customers_model');
@ -66,6 +69,7 @@ class Backend extends CI_Controller {
$view['customers'] = $this->customers_model->get_batch(); $view['customers'] = $this->customers_model->get_batch();
$view['available_providers'] = $this->providers_model->get_available_providers(); $view['available_providers'] = $this->providers_model->get_available_providers();
$view['available_services'] = $this->services_model->get_available_services(); $view['available_services'] = $this->services_model->get_available_services();
$this->setUserData($view);
$this->load->view('backend/header', $view); $this->load->view('backend/header', $view);
$this->load->view('backend/customers', $view); $this->load->view('backend/customers', $view);
@ -83,7 +87,7 @@ class Backend extends CI_Controller {
*/ */
public function services() { public function services() {
$this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/services'); $this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/services');
if (!$this->hasPrivileges(PAGE_SERVICES)) return; if (!$this->hasPrivileges(PRIV_SERVICES)) return;
$this->load->model('customers_model'); $this->load->model('customers_model');
$this->load->model('services_model'); $this->load->model('services_model');
@ -93,6 +97,7 @@ class Backend extends CI_Controller {
$view['company_name'] = $this->settings_model->get_setting('company_name'); $view['company_name'] = $this->settings_model->get_setting('company_name');
$view['services'] = $this->services_model->get_batch(); $view['services'] = $this->services_model->get_batch();
$view['categories'] = $this->services_model->get_all_categories(); $view['categories'] = $this->services_model->get_all_categories();
$this->setUserData($view);
$this->load->view('backend/header', $view); $this->load->view('backend/header', $view);
$this->load->view('backend/services', $view); $this->load->view('backend/services', $view);
@ -108,7 +113,7 @@ class Backend extends CI_Controller {
*/ */
public function users() { public function users() {
$this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/users'); $this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/users');
if (!$this->hasPrivileges(PAGE_USERS)) return; if (!$this->hasPrivileges(PRIV_USERS)) return;
$this->load->model('providers_model'); $this->load->model('providers_model');
$this->load->model('secretaries_model'); $this->load->model('secretaries_model');
@ -123,6 +128,7 @@ class Backend extends CI_Controller {
$view['secretaries'] = $this->secretaries_model->get_batch(); $view['secretaries'] = $this->secretaries_model->get_batch();
$view['services'] = $this->services_model->get_batch(); $view['services'] = $this->services_model->get_batch();
$view['working_plan'] = $this->settings_model->get_setting('company_working_plan'); $view['working_plan'] = $this->settings_model->get_setting('company_working_plan');
$this->setUserData($view);
$this->load->view('backend/header', $view); $this->load->view('backend/header', $view);
$this->load->view('backend/users', $view); $this->load->view('backend/users', $view);
@ -138,8 +144,8 @@ class Backend extends CI_Controller {
*/ */
public function settings() { public function settings() {
$this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/settings'); $this->session->set_userdata('dest_url', $this->config->item('base_url') . 'backend/settings');
if (!$this->hasPrivileges(PAGE_SYSTEM_SETTINGS) if (!$this->hasPrivileges(PRIV_SYSTEM_SETTINGS, FALSE)
&& !$this->hasPrivileges(PAGE_USER_SETTINGS)) return; && !$this->hasPrivileges(PRIV_USER_SETTINGS)) return;
$this->load->model('settings_model'); $this->load->model('settings_model');
$this->load->model('user_model'); $this->load->model('user_model');
@ -152,6 +158,7 @@ class Backend extends CI_Controller {
$view['role_slug'] = $this->session->userdata('role_slug'); $view['role_slug'] = $this->session->userdata('role_slug');
$view['system_settings'] = $this->settings_model->get_settings(); $view['system_settings'] = $this->settings_model->get_settings();
$view['user_settings'] = $this->user_model->get_settings($user_id); $view['user_settings'] = $this->user_model->get_settings($user_id);
$this->setUserData($view);
$this->load->view('backend/header', $view); $this->load->view('backend/header', $view);
$this->load->view('backend/settings', $view); $this->load->view('backend/settings', $view);
@ -199,6 +206,21 @@ class Backend extends CI_Controller {
return TRUE; return TRUE;
} }
/**
* Set the user data in order to be available at the view and js code.
*
* @param array $view Contains the view data.
*/
public function setUserData(&$view) {
$this->load->model('roles_model');
// Get privileges
$view['user_id'] = $this->session->userdata('user_id');
$view['user_email'] = $this->session->userdata('user_email');
$view['role_slug'] = $this->session->userdata('role_slug');
$view['privileges'] = $this->roles_model->get_privileges($this->session->userdata('role_slug'));
}
} }
/* End of file backend.php */ /* End of file backend.php */

169
src/application/controllers/backend_api.php
View file

@ -4,6 +4,17 @@
* Contains all the backend ajax calls. * Contains all the backend ajax calls.
*/ */
class Backend_api extends CI_Controller { class Backend_api extends CI_Controller {
private $privileges;
public function __construct() {
parent::__construct();
$this->load->library('session');
$this->load->model('roles_model');
$this->privileges = $this->roles_model->get_privileges($this->session->userdata('role_slug'));
}
/** /**
* [AJAX] Get the registered appointments for the given date period and record. * [AJAX] Get the registered appointments for the given date period and record.
* *
@ -16,12 +27,16 @@ class Backend_api extends CI_Controller {
* @param {string} $_POST['end_date'] The user selected end date. * @param {string} $_POST['end_date'] The user selected end date.
*/ */
public function ajax_get_calendar_appointments() { public function ajax_get_calendar_appointments() {
$this->load->model('appointments_model');
$this->load->model('providers_model');
$this->load->model('services_model');
$this->load->model('customers_model');
try { try {
if ($this->privileges[PRIV_APPOINTMENTS]['view'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('appointments_model');
$this->load->model('providers_model');
$this->load->model('services_model');
$this->load->model('customers_model');
if ($_POST['filter_type'] == FILTER_TYPE_PROVIDER) { if ($_POST['filter_type'] == FILTER_TYPE_PROVIDER) {
$where_id = 'id_users_provider'; $where_id = 'id_users_provider';
} else { } else {
@ -85,12 +100,28 @@ class Backend_api extends CI_Controller {
// :: SAVE CUSTOMER CHANGES TO DATABASE // :: SAVE CUSTOMER CHANGES TO DATABASE
if (isset($_POST['customer_data'])) { if (isset($_POST['customer_data'])) {
$customer = json_decode(stripcslashes($_POST['customer_data']), true); $customer = json_decode(stripcslashes($_POST['customer_data']), true);
$REQUIRED_PRIV = (!isset($customer['id']))
? $this->privileges[PRIV_CUSTOMERS]['add']
: $this->privileges[PRIV_CUSTOMERS]['edit'];
if ($REQUIRED_PRIV == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$customer['id'] = $this->customers_model->add($customer); $customer['id'] = $this->customers_model->add($customer);
} }
// :: SAVE APPOINTMENT CHANGES TO DATABASE // :: SAVE APPOINTMENT CHANGES TO DATABASE
if (isset($_POST['appointment_data'])) { if (isset($_POST['appointment_data'])) {
$appointment = json_decode(stripcslashes($_POST['appointment_data']), true); $appointment = json_decode(stripcslashes($_POST['appointment_data']), true);
$REQUIRED_PRIV = (!isset($appointment['id']))
? $this->privileges[PRIV_APPOINTMENTS]['add']
: $this->privileges[PRIV_APPOINTMENTS]['edit'];
if ($REQUIRED_PRIV == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$manage_mode = isset($appointment['id']); $manage_mode = isset($appointment['id']);
// If the appointment does not contain the customer record id, then it // If the appointment does not contain the customer record id, then it
// means that is is going to be inserted. Get the customer's record id. // means that is is going to be inserted. Get the customer's record id.
@ -210,6 +241,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_delete_appointment() { public function ajax_delete_appointment() {
try { try {
if ($this->privileges[PRIV_APPOINTMENTS]['delete'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
if (!isset($_POST['appointment_id'])) { if (!isset($_POST['appointment_id'])) {
throw new Exception('No appointment id provided.'); throw new Exception('No appointment id provided.');
} }
@ -298,6 +333,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_disable_provider_sync() { public function ajax_disable_provider_sync() {
try { try {
if ($this->privileges[PRIV_USERS]['edit'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
if (!isset($_POST['provider_id'])) { if (!isset($_POST['provider_id'])) {
throw new Exception('Provider id not specified.'); throw new Exception('Provider id not specified.');
} }
@ -323,6 +362,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_filter_customers() { public function ajax_filter_customers() {
try { try {
if ($this->privileges[PRIV_CUSTOMERS]['view'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('appointments_model'); $this->load->model('appointments_model');
$this->load->model('services_model'); $this->load->model('services_model');
$this->load->model('providers_model'); $this->load->model('providers_model');
@ -355,8 +398,6 @@ class Backend_api extends CI_Controller {
$customer['appointments'] = $appointments; $customer['appointments'] = $appointments;
} }
echo json_encode($customers); echo json_encode($customers);
} catch(Exception $exc) { } catch(Exception $exc) {
@ -374,13 +415,22 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_save_unavailable() { public function ajax_save_unavailable() {
try { try {
// Check privileges
$unavailable = json_decode($_POST['unavailable'], true);
$REQUIRED_PRIV = (!isset($unavailable['id']))
? $this->privileges[PRIV_APPOINTMENTS]['add']
: $this->privileges[PRIV_APPOINTMENTS]['edit'];
if ($REQUIRED_PRIV == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('appointments_model'); $this->load->model('appointments_model');
$this->load->model('providers_model'); $this->load->model('providers_model');
// Add appointment // Add appointment
$unavailable = json_decode($_POST['unavailable'], true);
$unavailable['id'] = $this->appointments_model->add_unavailable($unavailable); $unavailable['id'] = $this->appointments_model->add_unavailable($unavailable);
$unavailable = $this->appointments_model->get_row($unavailable['id']); $unavailable = $this->appointments_model->get_row($unavailable['id']); // fetch all inserted data
// Google Sync // Google Sync
try { try {
@ -428,6 +478,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_delete_unavailable() { public function ajax_delete_unavailable() {
try { try {
if ($this->privileges[PRIV_APPOINTMENTS]['delete'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('appointments_model'); $this->load->model('appointments_model');
$this->load->model('providers_model'); $this->load->model('providers_model');
@ -474,6 +528,14 @@ class Backend_api extends CI_Controller {
try { try {
$this->load->model('customers_model'); $this->load->model('customers_model');
$customer = json_decode($_POST['customer'], true); $customer = json_decode($_POST['customer'], true);
$REQUIRED_PRIV = (!isset($customer['id']))
? $this->privileges[PRIV_CUSTOMERS]['add']
: $this->privileges[PRIV_CUSTOMERS]['edit'];
if ($REQUIRED_PRIV == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$customer_id = $this->customers_model->add($customer); $customer_id = $this->customers_model->add($customer);
echo json_encode(array( echo json_encode(array(
'status' => AJAX_SUCCESS, 'status' => AJAX_SUCCESS,
@ -493,6 +555,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_delete_customer() { public function ajax_delete_customer() {
try { try {
if ($this->privileges[PRIV_CUSTOMERS]['delete'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('customers_model'); $this->load->model('customers_model');
$this->customers_model->delete($_POST['customer_id']); $this->customers_model->delete($_POST['customer_id']);
echo json_encode(AJAX_SUCCESS); echo json_encode(AJAX_SUCCESS);
@ -512,6 +578,14 @@ class Backend_api extends CI_Controller {
try { try {
$this->load->model('services_model'); $this->load->model('services_model');
$service = json_decode($_POST['service'], true); $service = json_decode($_POST['service'], true);
$REQUIRED_PRIV = (!isset($service['id']))
? $this->privileges[PRIV_SERVICES]['add']
: $this->privileges[PRIV_SERVICES]['edit'];
if ($REQUIRED_PRIV == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$service_id =$this->services_model->add($service); $service_id =$this->services_model->add($service);
echo json_encode(array( echo json_encode(array(
'status' => AJAX_SUCCESS, 'status' => AJAX_SUCCESS,
@ -531,6 +605,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_delete_service() { public function ajax_delete_service() {
try { try {
if ($this->privileges[PRIV_SERVICES]['delete'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('services_model'); $this->load->model('services_model');
$result = $this->services_model->delete($_POST['service_id']); $result = $this->services_model->delete($_POST['service_id']);
echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE); echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE);
@ -549,6 +627,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_filter_services() { public function ajax_filter_services() {
try { try {
if ($this->privileges[PRIV_SERVICES]['view'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('services_model'); $this->load->model('services_model');
$key = mysql_real_escape_string($_POST['key']); $key = mysql_real_escape_string($_POST['key']);
$where = $where =
@ -574,6 +656,14 @@ class Backend_api extends CI_Controller {
try { try {
$this->load->model('services_model'); $this->load->model('services_model');
$category = json_decode($_POST['category'], true); $category = json_decode($_POST['category'], true);
$REQUIRED_PRIV = (!isset($category['id']))
? $this->privileges[PRIV_SERVICES]['add']
: $this->privileges[PRIV_SERVICES]['edit'];
if ($REQUIRED_PRIV == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$category_id = $this->services_model->add_category($category); $category_id = $this->services_model->add_category($category);
echo json_encode(array( echo json_encode(array(
'status' => AJAX_SUCCESS, 'status' => AJAX_SUCCESS,
@ -593,6 +683,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_delete_service_category() { public function ajax_delete_service_category() {
try { try {
if ($this->privileges[PRIV_SERVICES]['delete'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('services_model'); $this->load->model('services_model');
$result = $this->services_model->delete_category($_POST['category_id']); $result = $this->services_model->delete_category($_POST['category_id']);
echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE); echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE);
@ -611,6 +705,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_filter_service_categories() { public function ajax_filter_service_categories() {
try { try {
if ($this->privileges[PRIV_SERVICES]['view'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('services_model'); $this->load->model('services_model');
$key = mysql_real_escape_string($_POST['key']); $key = mysql_real_escape_string($_POST['key']);
$where = '(name LIKE "%' . $key . '%" OR description LIKE "%' . $key . '%")'; $where = '(name LIKE "%' . $key . '%" OR description LIKE "%' . $key . '%")';
@ -631,6 +729,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_filter_admins() { public function ajax_filter_admins() {
try { try {
if ($this->privileges[PRIV_USERS]['view'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('admins_model'); $this->load->model('admins_model');
$key = mysql_real_escape_string($_POST['key']); $key = mysql_real_escape_string($_POST['key']);
$where = $where =
@ -660,6 +762,14 @@ class Backend_api extends CI_Controller {
try { try {
$this->load->model('admins_model'); $this->load->model('admins_model');
$admin = json_decode($_POST['admin'], true); $admin = json_decode($_POST['admin'], true);
$REQUIRED_PRIV = (!isset($admin['id']))
? $this->privileges[PRIV_USERS]['add']
: $this->privileges[PRIV_USERS]['edit'];
if ($REQUIRED_PRIV == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$admin_id = $this->admins_model->add($admin); $admin_id = $this->admins_model->add($admin);
$response = array( $response = array(
@ -683,6 +793,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_delete_admin() { public function ajax_delete_admin() {
try { try {
if ($this->privileges[PRIV_USERS]['delete'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('admins_model'); $this->load->model('admins_model');
$result = $this->admins_model->delete($_POST['admin_id']); $result = $this->admins_model->delete($_POST['admin_id']);
echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE); echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE);
@ -701,6 +815,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_filter_providers() { public function ajax_filter_providers() {
try { try {
if ($this->privileges[PRIV_USERS]['view'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('providers_model'); $this->load->model('providers_model');
$key = mysql_real_escape_string($_POST['key']); $key = mysql_real_escape_string($_POST['key']);
$where = $where =
@ -731,6 +849,13 @@ class Backend_api extends CI_Controller {
$this->load->model('providers_model'); $this->load->model('providers_model');
$provider = json_decode($_POST['provider'], true); $provider = json_decode($_POST['provider'], true);
$REQUIRED_PRIV = (!isset($provider['id']))
? $this->privileges[PRIV_USERS]['add']
: $this->privileges[PRIV_USERS]['edit'];
if ($REQUIRED_PRIV == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
if (!isset($provider['settings']['working_plan'])) { if (!isset($provider['settings']['working_plan'])) {
$this->load->model('settings_model'); $this->load->model('settings_model');
$provider['settings']['working_plan'] = $this->settings_model $provider['settings']['working_plan'] = $this->settings_model
@ -759,6 +884,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_delete_provider() { public function ajax_delete_provider() {
try { try {
if ($this->privileges[PRIV_USERS]['delete'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('providers_model'); $this->load->model('providers_model');
$result = $this->providers_model->delete($_POST['provider_id']); $result = $this->providers_model->delete($_POST['provider_id']);
echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE); echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE);
@ -777,6 +906,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_filter_secretaries() { public function ajax_filter_secretaries() {
try { try {
if ($this->privileges[PRIV_USERS]['view'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('secretaries_model'); $this->load->model('secretaries_model');
$key = mysql_real_escape_string($_POST['key']); $key = mysql_real_escape_string($_POST['key']);
$where = $where =
@ -806,6 +939,14 @@ class Backend_api extends CI_Controller {
try { try {
$this->load->model('secretaries_model'); $this->load->model('secretaries_model');
$secretary = json_decode($_POST['secretary'], true); $secretary = json_decode($_POST['secretary'], true);
$REQUIRED_PRIV = (!isset($secretary['id']))
? $this->privileges[PRIV_USERS]['add']
: $this->privileges[PRIV_USERS]['edit'];
if ($REQUIRED_PRIV == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$secretary_id = $this->secretaries_model->add($secretary); $secretary_id = $this->secretaries_model->add($secretary);
echo json_encode(array( echo json_encode(array(
@ -827,6 +968,10 @@ class Backend_api extends CI_Controller {
*/ */
public function ajax_delete_secretary() { public function ajax_delete_secretary() {
try { try {
if ($this->privileges[PRIV_USERS]['delete'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('secretaries_model'); $this->load->model('secretaries_model');
$result = $this->secretaries_model->delete($_POST['secretary_id']); $result = $this->secretaries_model->delete($_POST['secretary_id']);
echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE); echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE);
@ -850,10 +995,16 @@ class Backend_api extends CI_Controller {
public function ajax_save_settings() { public function ajax_save_settings() {
try { try {
if ($_POST['type'] == SETTINGS_SYSTEM) { if ($_POST['type'] == SETTINGS_SYSTEM) {
if ($this->privileges[PRIV_SYSTEM_SETTINGS]['edit'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('settings_model'); $this->load->model('settings_model');
$settings = json_decode($_POST['settings'], true); $settings = json_decode($_POST['settings'], true);
$this->settings_model->save_settings($settings); $this->settings_model->save_settings($settings);
} else if ($_POST['type'] == SETTINGS_USER) { } else if ($_POST['type'] == SETTINGS_USER) {
if ($this->privileges[PRIV_USER_SETTINGS]['edit'] == FALSE) {
throw new Exception('You do not have the required privileges for this task.');
}
$this->load->model('user_model'); $this->load->model('user_model');
$this->user_model->save_settings(json_decode($_POST['settings'], true)); $this->user_model->save_settings(json_decode($_POST['settings'], true));
} }

9
src/application/controllers/user.php
View file

@ -38,11 +38,18 @@ class User extends CI_Controller {
} }
public function no_privileges() { public function no_privileges() {
// can't view the requested page. $view['base_url'] = $this->config->item('base_url');
$this->load->view('user/no_privileges', $view);
} }
/** /**
* [AJAX] Check whether the user has entered the correct login credentials. * [AJAX] Check whether the user has entered the correct login credentials.
*
* The session data of a logged in user are the following:
* 'user_id'
* 'user_email'
* 'role_slug'
* 'dest_url'
*/ */
public function ajax_check_login() { public function ajax_check_login() {
try { try {

68
src/application/models/admins_model.php
View file

@ -35,9 +35,7 @@ class Admins_Model extends CI_Model {
* @throws Exception When the admin data are invalid (see validate() method). * @throws Exception When the admin data are invalid (see validate() method).
*/ */
public function add($admin) { public function add($admin) {
if (!$this->validate($admin)) { $this->validate($admin);
throw new Exception('Admin data are invalid: ' . print_r($admin, TRUE));
}
if ($this->exists($admin) && !isset($admin['id'])) { if ($this->exists($admin) && !isset($admin['id'])) {
$admin['id'] = $this->find_record_id($admin); $admin['id'] = $this->find_record_id($admin);
@ -178,44 +176,42 @@ class Admins_Model extends CI_Model {
* *
* @param array $admin Contains the admin user data. * @param array $admin Contains the admin user data.
* @return bool Returns the validation result. * @return bool Returns the validation result.
*
* @throws Exception When data are invalid.
*/ */
public function validate($admin) { public function validate($admin) {
$this->load->helper('data_validation'); $this->load->helper('data_validation');
try { // If a record id is provided then check whether the record exists in the database.
// If a record id is provided then check whether the record exists in the database. if (isset($admin['id'])) {
if (isset($admin['id'])) { $num_rows = $this->db->get_where('ea_users', array('id' => $admin['id']))
$num_rows = $this->db->get_where('ea_users', array('id' => $admin['id'])) ->num_rows();
->num_rows(); if ($num_rows == 0) {
if ($num_rows == 0) { throw new Exception('Given admin id does not exist in database: ' . $admin['id']);
throw new Exception('Given admin id does not exist in database: ' . $admin['id']);
}
} }
// Validate required fields integrity.
if (!isset($admin['last_name'])
|| !isset($admin['email'])
|| !isset($admin['phone_number'])) {
throw new Exception('Not all required fields are provided : ' . print_r($admin, TRUE));
}
// Validate admin email address.
if (!filter_var($admin['email'], FILTER_VALIDATE_EMAIL)) {
throw new Exception('Invalid email address provided : ' . $admin['email']);
}
// Validate admin password
if (isset($admin['settings']['password'])) {
if (strlen($admin['settings']['password']) < MIN_PASSWORD_LENGTH) {
throw new Exception('The user password must be at least '
. MIN_PASSWORD_LENGTH . ' characters long.');
}
}
return TRUE;
} catch (Exception $exc) {
return FALSE;
} }
// Validate required fields integrity.
if (!isset($admin['last_name'])
|| !isset($admin['email'])
|| !isset($admin['phone_number'])) {
throw new Exception('Not all required fields are provided : ' . print_r($admin, TRUE));
}
// Validate admin email address.
if (!filter_var($admin['email'], FILTER_VALIDATE_EMAIL)) {
throw new Exception('Invalid email address provided : ' . $admin['email']);
}
// Validate admin password
if (isset($admin['settings']['password'])) {
if (strlen($admin['settings']['password']) < MIN_PASSWORD_LENGTH) {
throw new Exception('The user password must be at least '
. MIN_PASSWORD_LENGTH . ' characters long.');
}
}
return TRUE; // Operation completed successfully.
} }
/** /**

94
src/application/models/appointments_model.php
View file

@ -21,9 +21,7 @@ class Appointments_Model extends CI_Model {
*/ */
public function add($appointment) { public function add($appointment) {
// Validate the appointment data before doing anything. // Validate the appointment data before doing anything.
if (!$this->validate($appointment)) { $this->validate($appointment);
throw new Exception('Appointment data are invalid.');
}
// Perform insert() or update() operation. // Perform insert() or update() operation.
if (!isset($appointment['id'])) { if (!isset($appointment['id'])) {
@ -148,64 +146,60 @@ class Appointments_Model extends CI_Model {
public function validate($appointment) { public function validate($appointment) {
$this->load->helper('data_validation'); $this->load->helper('data_validation');
try { // If a appointment id is given, check wether the record exists
// If a appointment id is given, check wether the record exists // in the database.
// in the database. if (isset($appointment['id'])) {
if (isset($appointment['id'])) { $num_rows = $this->db->get_where('ea_appointments',
$num_rows = $this->db->get_where('ea_appointments', array('id' => $appointment['id']))->num_rows();
array('id' => $appointment['id']))->num_rows(); if ($num_rows == 0) {
if ($num_rows == 0) { throw new Exception('Provided appointment id does not '
throw new Exception('Provided appointment id does not ' . 'exist in the database.');
. 'exist in the database.');
}
}
// Check if appointment dates are valid.
if (!validate_mysql_datetime($appointment['start_datetime'])) {
throw new Exception('Appointment start datetime is invalid.');
}
if (!validate_mysql_datetime($appointment['end_datetime'])) {
throw new Exception('Appointment end datetime is invalid.');
} }
}
// Check if the provider's id is valid. // Check if appointment dates are valid.
if (!validate_mysql_datetime($appointment['start_datetime'])) {
throw new Exception('Appointment start datetime is invalid.');
}
if (!validate_mysql_datetime($appointment['end_datetime'])) {
throw new Exception('Appointment end datetime is invalid.');
}
// Check if the provider's id is valid.
$num_rows = $this->db
->select('*')
->from('ea_users')
->join('ea_roles', 'ea_roles.id = ea_users.id_roles', 'inner')
->where('ea_users.id', $appointment['id_users_provider'])
->where('ea_roles.slug', DB_SLUG_PROVIDER)
->get()->num_rows();
if ($num_rows == 0) {
throw new Exception('Appointment provider id is invalid.');
}
if ($appointment['is_unavailable'] == FALSE) {
// Check if the customer's id is valid.
$num_rows = $this->db $num_rows = $this->db
->select('*') ->select('*')
->from('ea_users') ->from('ea_users')
->join('ea_roles', 'ea_roles.id = ea_users.id_roles', 'inner') ->join('ea_roles', 'ea_roles.id = ea_users.id_roles', 'inner')
->where('ea_users.id', $appointment['id_users_provider']) ->where('ea_users.id', $appointment['id_users_customer'])
->where('ea_roles.slug', DB_SLUG_PROVIDER) ->where('ea_roles.slug', DB_SLUG_CUSTOMER)
->get()->num_rows(); ->get()->num_rows();
if ($num_rows == 0) { if ($num_rows == 0) {
throw new Exception('Appointment provider id is invalid.'); throw new Exception('Appointment customer id is invalid.');
} }
if ($appointment['is_unavailable'] == FALSE) { // Check if the service id is valid.
// Check if the customer's id is valid. $num_rows = $this->db->get_where('ea_services',
$num_rows = $this->db array('id' => $appointment['id_services']))->num_rows();
->select('*') if ($num_rows == 0) {
->from('ea_users') throw new Exception('Appointment customer id is invalid.');
->join('ea_roles', 'ea_roles.id = ea_users.id_roles', 'inner')
->where('ea_users.id', $appointment['id_users_customer'])
->where('ea_roles.slug', DB_SLUG_CUSTOMER)
->get()->num_rows();
if ($num_rows == 0) {
throw new Exception('Appointment customer id is invalid.');
}
// Check if the service id is valid.
$num_rows = $this->db->get_where('ea_services',
array('id' => $appointment['id_services']))->num_rows();
if ($num_rows == 0) {
throw new Exception('Appointment customer id is invalid.');
}
} }
return TRUE;
} catch (Exception $exc) {
return FALSE;
} }
return TRUE;
} }
/** /**

55
src/application/models/customers_model.php
View file

@ -21,9 +21,7 @@ class Customers_Model extends CI_Model {
*/ */
public function add($customer) { public function add($customer) {
// Validate the customer data before doing anything. // Validate the customer data before doing anything.
if (!$this->validate($customer)) { !$this->validate($customer);
throw new Exception('Customer data are not valid.');
}
// :: CHECK IF CUSTOMER ALREADY EXIST (FROM EMAIL). // :: CHECK IF CUSTOMER ALREADY EXIST (FROM EMAIL).
if ($this->exists($customer) && !isset($customer['id'])) { if ($this->exists($customer) && !isset($customer['id'])) {
@ -158,35 +156,32 @@ class Customers_Model extends CI_Model {
public function validate($customer) { public function validate($customer) {
$this->load->helper('data_validation'); $this->load->helper('data_validation');
try {
// If a customer id is provided, check whether the record // If a customer id is provided, check whether the record
// exist in the database. // exist in the database.
if (isset($customer['id'])) { if (isset($customer['id'])) {
$num_rows = $this->db->get_where('ea_users', $num_rows = $this->db->get_where('ea_users',
array('id' => $customer['id']))->num_rows(); array('id' => $customer['id']))->num_rows();
if ($num_rows == 0) { if ($num_rows == 0) {
throw new Exception('Provided customer id does not ' throw new Exception('Provided customer id does not '
. 'exist in the database.'); . 'exist in the database.');
}
} }
// Validate required fields
if (!isset($customer['last_name'])
|| !isset($customer['email'])
|| !isset($customer['phone_number'])) {
throw new Exception('Not all required fields are provided : '
. print_r($customer, TRUE));
}
// Validate email address
if (!filter_var($customer['email'], FILTER_VALIDATE_EMAIL)) {
throw new Exception('Invalid email address provided : '
. $customer['email']);
}
return TRUE;
} catch (Exception $exc) {
return FALSE;
} }
// Validate required fields
if (!isset($customer['last_name'])
|| !isset($customer['email'])
|| !isset($customer['phone_number'])) {
throw new Exception('Not all required fields are provided : '
. print_r($customer, TRUE));
}
// Validate email address
if (!filter_var($customer['email'], FILTER_VALIDATE_EMAIL)) {
throw new Exception('Invalid email address provided : '
. $customer['email']);
}
return TRUE;
} }
/** /**

100
src/application/models/providers_model.php
View file

@ -48,9 +48,7 @@ class Providers_Model extends CI_Model {
* @throws Exception When the record data validation fails. * @throws Exception When the record data validation fails.
*/ */
public function add($provider) { public function add($provider) {
if (!$this->validate($provider)) { $this->validate($provider);
throw new Exception('Provider data are not valid :' . print_r($provider, TRUE));
}
if ($this->exists($provider) && !isset($provider['id'])) { if ($this->exists($provider) && !isset($provider['id'])) {
$provider['id'] = $this->find_record_id($provider); $provider['id'] = $this->find_record_id($provider);
@ -196,58 +194,54 @@ class Providers_Model extends CI_Model {
public function validate($provider) { public function validate($provider) {
$this->load->helper('data_validation'); $this->load->helper('data_validation');
try { // If a provider id is present, check whether the record exist in the database.
// If a provider id is present, check whether the record exist in the database. if (isset($provider['id'])) {
if (isset($provider['id'])) { $num_rows = $this->db->get_where('ea_users',
$num_rows = $this->db->get_where('ea_users', array('id' => $provider['id']))->num_rows();
array('id' => $provider['id']))->num_rows(); if ($num_rows == 0) {
if ($num_rows == 0) { throw new Exception('Provided record id does not exist in the database.');
throw new Exception('Provided record id does not exist in the database.');
}
} }
// Validate required fields.
if (!isset($provider['last_name'])
|| !isset($provider['email'])
|| !isset($provider['phone_number'])) {
throw new Exception('Not all required fields are provided : ' . print_r($provider, TRUE));
}
// Validate provider email address.
if (!filter_var($provider['email'], FILTER_VALIDATE_EMAIL)) {
throw new Exception('Invalid email address provided : ' . $provider['email']);
}
// Validate provider services.
if (!isset($provider['services']) || !is_array($provider['services'])) {
throw new Exception('Invalid provider services given: ' . print_r($provider, TRUE));
} else { // Check if services are valid numeric values.
foreach($provider['services'] as $service_id) {
if (!is_numeric($service_id)) {
throw new Exception('A provider service with invalid id was found: '
. print_r($provider, TRUE));
}
}
}
// Validate provider settings.
if (!isset($provider['settings']) || count($provider['settings']) == 0
|| !is_array($provider['settings'])) {
throw new Exception('Invalid provider settings given: ' . print_r($provider, TRUE));
}
// Validate admin password
if (isset($provider['settings']['password'])) {
if (strlen($provider['settings']['password']) < MIN_PASSWORD_LENGTH) {
throw new Exception('The user password must be at least '
. MIN_PASSWORD_LENGTH . ' characters long.');
}
}
return TRUE;
} catch (Exception $exc) {
return FALSE;
} }
// Validate required fields.
if (!isset($provider['last_name'])
|| !isset($provider['email'])
|| !isset($provider['phone_number'])) {
throw new Exception('Not all required fields are provided : ' . print_r($provider, TRUE));
}
// Validate provider email address.
if (!filter_var($provider['email'], FILTER_VALIDATE_EMAIL)) {
throw new Exception('Invalid email address provided : ' . $provider['email']);
}
// Validate provider services.
if (!isset($provider['services']) || !is_array($provider['services'])) {
throw new Exception('Invalid provider services given: ' . print_r($provider, TRUE));
} else { // Check if services are valid numeric values.
foreach($provider['services'] as $service_id) {
if (!is_numeric($service_id)) {
throw new Exception('A provider service with invalid id was found: '
. print_r($provider, TRUE));
}
}
}
// Validate provider settings.
if (!isset($provider['settings']) || count($provider['settings']) == 0
|| !is_array($provider['settings'])) {
throw new Exception('Invalid provider settings given: ' . print_r($provider, TRUE));
}
// Validate admin password
if (isset($provider['settings']['password'])) {
if (strlen($provider['settings']['password']) < MIN_PASSWORD_LENGTH) {
throw new Exception('The user password must be at least '
. MIN_PASSWORD_LENGTH . ' characters long.');
}
}
return TRUE;
} }
/** /**

49
src/application/models/roles_model.php
View file

@ -18,6 +18,55 @@ class Roles_Model extends CI_Model {
public function get_role_id($role_slug) { public function get_role_id($role_slug) {
return $this->db->get_where('ea_roles', array('slug' => $role_slug))->row()->id; return $this->db->get_where('ea_roles', array('slug' => $role_slug))->row()->id;
} }
/**
* Returns all the privileges (bool values) of a role slug.
*
* The privilege numbers are converted into bool values of the four main actions (view,
* add, edit, delete). By checking each value you can know if the user is able to perform
* this action.
*
* @param string $slug The role slug.
* @return array Returns the privilege value.
*/
public function get_privileges($slug) {
$privileges = $this->db->get_where('ea_roles', array('slug' => $slug))->row_array();
unset($privileges['id'], $privileges['name'], $privileges['slug'], $privileges['is_admin']);
// Convert the numeric values to bool so that is easier to check whether a
// user has the required privileges for a specific action.
foreach($privileges as &$value) {
$privileges_number = $value;
$value = array(
'view' => false,
'add' => false,
'edit' => false,
'delete' => false
);
if ($privileges_number > 0) {
if (intval($privileges_number / PRIV_DELETE) == 1) {
$value['delete'] = TRUE;
$privileges_number -= PRIV_DELETE;
}
if (intval($privileges_number / PRIV_EDIT) == 1) {
$value['edit'] = TRUE;
$privileges_number -= PRIV_EDIT;
}
if (intval($privileges_number / PRIV_ADD) == 1) {
$value['add'] = TRUE;
$privileges_number -= PRIV_ADD;
}
$value['view'] = TRUE;
}
}
return $privileges;
}
} }
/* End of file roles_model.php */ /* End of file roles_model.php */

74
src/application/models/secretaries_model.php
View file

@ -36,9 +36,7 @@ class Secretaries_Model extends CI_Model {
* @throws Exception When the secretary data are invalid (see validate() method). * @throws Exception When the secretary data are invalid (see validate() method).
*/ */
public function add($secretary) { public function add($secretary) {
if (!$this->validate($secretary)) { $this->validate($secretary);
throw new Exception('Secretary data are invalid: ' . print_r($secretary, TRUE));
}
if ($this->exists($secretary) && !isset($secretary['id'])) { if ($this->exists($secretary) && !isset($secretary['id'])) {
$secretary['id'] = $this->find_record_id($secretary); $secretary['id'] = $this->find_record_id($secretary);
@ -177,45 +175,41 @@ class Secretaries_Model extends CI_Model {
public function validate($secretary) { public function validate($secretary) {
$this->load->helper('data_validation'); $this->load->helper('data_validation');
try { // If a record id is provided then check whether the record exists in the database.
// If a record id is provided then check whether the record exists in the database. if (isset($secretary['id'])) {
if (isset($secretary['id'])) { $num_rows = $this->db->get_where('ea_users', array('id' => $secretary['id']))
$num_rows = $this->db->get_where('ea_users', array('id' => $secretary['id'])) ->num_rows();
->num_rows(); if ($num_rows == 0) {
if ($num_rows == 0) { throw new Exception('Given secretary id does not exist in database: ' . $secretary['id']);
throw new Exception('Given secretary id does not exist in database: ' . $secretary['id']);
}
} }
// Validate 'providers' value datatype (must be array)
if (isset($secretary['providers']) && !is_array($secretary['providers'])) {
throw new Exception('Secretary providers value is not an array.');
}
// Validate required fields integrity.
if (!isset($secretary['last_name'])
|| !isset($secretary['email'])
|| !isset($secretary['phone_number'])) {
throw new Exception('Not all required fields are provided : ' . print_r($secretary, TRUE));
}
// Validate secretary email address.
if (!filter_var($secretary['email'], FILTER_VALIDATE_EMAIL)) {
throw new Exception('Invalid email address provided : ' . $secretary['email']);
}
// Validate admin password
if (isset($secretary['settings']['password'])) {
if (strlen($secretary['settings']['password']) < MIN_PASSWORD_LENGTH) {
throw new Exception('The user password must be at least '
. MIN_PASSWORD_LENGTH . ' characters long.');
}
}
return TRUE;
} catch (Exception $exc) {
return FALSE;
} }
// Validate 'providers' value datatype (must be array)
if (isset($secretary['providers']) && !is_array($secretary['providers'])) {
throw new Exception('Secretary providers value is not an array.');
}
// Validate required fields integrity.
if (!isset($secretary['last_name'])
|| !isset($secretary['email'])
|| !isset($secretary['phone_number'])) {
throw new Exception('Not all required fields are provided : ' . print_r($secretary, TRUE));
}
// Validate secretary email address.
if (!filter_var($secretary['email'], FILTER_VALIDATE_EMAIL)) {
throw new Exception('Invalid email address provided : ' . $secretary['email']);
}
// Validate admin password
if (isset($secretary['settings']['password'])) {
if (strlen($secretary['settings']['password']) < MIN_PASSWORD_LENGTH) {
throw new Exception('The user password must be at least '
. MIN_PASSWORD_LENGTH . ' characters long.');
}
}
return TRUE;
} }
/** /**

82
src/application/models/services_model.php
View file

@ -15,9 +15,7 @@ class Services_Model extends CI_Model {
* @return numeric Returns the record id. * @return numeric Returns the record id.
*/ */
public function add($service) { public function add($service) {
if (!$this->validate($service)) { $this->validate($service);
throw new Exception('Service data are invalid.');
}
if (!isset($service['id'])) { if (!isset($service['id'])) {
$service['id'] = $this->insert($service); $service['id'] = $this->insert($service);
@ -86,49 +84,45 @@ class Services_Model extends CI_Model {
public function validate($service) { public function validate($service) {
$this->load->helper('data_validation'); $this->load->helper('data_validation');
try { // If record id is provided we need to check whether the record exists
// If record id is provided we need to check whether the record exists // in the database.
// in the database. if (isset($service['id'])) {
if (isset($service['id'])) { $num_rows = $this->db->get_where('ea_services', array('id' => $service['id']))
$num_rows = $this->db->get_where('ea_services', array('id' => $service['id'])) ->num_rows();
->num_rows(); if ($num_rows == 0) {
if ($num_rows == 0) { throw new Exception('Provided service id does not exist in the database.');
throw new Exception('Provided service id does not exist in the database.');
}
} }
// Check if service category id is valid (only when present)
if ($service['id_service_categories'] != NULL) {
$num_rows = $this->db->get_where('ea_service_categories',
array('id' => $service['id_service_categories']))->num_rows();
if ($num_rows == 0) {
throw new Exception('Provided service category id does not exist in database.');
}
}
// Check for required fields
if ($service['name'] == '') {
throw new Exception('Not all required service fields where provided: '
. print_r($service, TRUE));
}
// Duration must be numeric
if ($service['duration'] !== NULL) {
if (!is_numeric($service['duration'])) {
throw new Exception('Service duration is not numeric.');
}
}
if ($service['price'] !== NULL) {
if (!is_numeric($service['price'])) {
throw new Exception('Service price is not numeric.');
}
}
return TRUE;
} catch(Exception $exc) {
return FALSE;
} }
// Check if service category id is valid (only when present)
if ($service['id_service_categories'] != NULL) {
$num_rows = $this->db->get_where('ea_service_categories',
array('id' => $service['id_service_categories']))->num_rows();
if ($num_rows == 0) {
throw new Exception('Provided service category id does not exist in database.');
}
}
// Check for required fields
if ($service['name'] == '') {
throw new Exception('Not all required service fields where provided: '
. print_r($service, TRUE));
}
// Duration must be numeric
if ($service['duration'] !== NULL) {
if (!is_numeric($service['duration'])) {
throw new Exception('Service duration is not numeric.');
}
}
if ($service['price'] !== NULL) {
if (!is_numeric($service['price'])) {
throw new Exception('Service price is not numeric.');
}
}
return TRUE;
} }
/** /**

35
src/application/views/backend/calendar.php
View file

@ -16,7 +16,14 @@
'availableServices' : <?php echo json_encode($available_services); ?>, 'availableServices' : <?php echo json_encode($available_services); ?>,
'baseUrl' : <?php echo '"' . $base_url . '"'; ?>, 'baseUrl' : <?php echo '"' . $base_url . '"'; ?>,
'bookAdvanceTimeout' : <?php echo $book_advance_timeout; ?>, 'bookAdvanceTimeout' : <?php echo $book_advance_timeout; ?>,
'editAppointment' : <?php echo json_encode($edit_appointment); ?> 'editAppointment' : <?php echo json_encode($edit_appointment); ?>,
'customers' : <?php echo json_encode($customers); ?>,
'user' : {
'id' : <?php echo $user_id; ?>,
'email' : <?php echo '"' . $user_email . '"'; ?>,
'role_slug' : <?php echo '"' . $role_slug . '"'; ?>,
'privileges': <?php echo json_encode($privileges); ?>
}
}; };
$(document).ready(function() { $(document).ready(function() {
@ -33,6 +40,7 @@
<div id="calendar-actions"> <div id="calendar-actions">
<div class="btn-group"> <div class="btn-group">
<?php if ($privileges[PRIV_USERS]['edit'] == TRUE) { ?>
<button id="google-sync" class="btn btn-primary" <button id="google-sync" class="btn btn-primary"
title="Trigger the Google Calendar synchronization process."> title="Trigger the Google Calendar synchronization process.">
<i class="icon-refresh icon-white"></i> <i class="icon-refresh icon-white"></i>
@ -44,6 +52,7 @@
<i class="icon-calendar"></i> <i class="icon-calendar"></i>
<span>Enable Sync</span> <span>Enable Sync</span>
</button> </button>
<?php } ?>
<button id="reload-appointments" class="btn" title="Reload calendar appointments."> <button id="reload-appointments" class="btn" title="Reload calendar appointments.">
<i class="icon-repeat"></i> <i class="icon-repeat"></i>
@ -51,19 +60,21 @@
</button> </button>
</div> </div>
<?php if ($privileges[PRIV_APPOINTMENTS]['add'] == TRUE) { ?>
<div class="btn-group"> <div class="btn-group">
<button id="insert-appointment" class="btn" <button id="insert-appointment" class="btn btn-info"
title="Create a new appointment and store it into the database."> title="Create a new appointment and store it into the database.">
<i class="icon-plus"></i> <i class="icon-plus icon-white"></i>
<span>Appointment</span> <span>Appointment</span>
</button> </button>
<button id="insert-unavailable" class="btn" <button id="insert-unavailable" class="btn"
title="During unavailable periods the provider won't accept new appointments."> title="During unavailable periods the provider won't accept new appointments.">
<i class="icon-ban-circle"></i> <i class="icon-plus"></i>
<span>Unavailable</span> <span>Unavailable</span>
</button> </button>
</div> </div>
<?php } ?>
</div> </div>
</div> </div>
@ -75,9 +86,10 @@
<button type="button" class="close" data-dismiss="modal" <button type="button" class="close" data-dismiss="modal"
aria-hidden="true">&times;</button> aria-hidden="true">&times;</button>
<h3>Edit Appointment</h3> <h3>Edit Appointment</h3>
<div id="modal-message" class="alert" style="display: none;"></div>
</div> </div>
<div class="modal-message alert" style="display: none;"></div>
<div class="modal-body"> <div class="modal-body">
<form class="form-horizontal"> <form class="form-horizontal">
<fieldset> <fieldset>
@ -115,7 +127,14 @@
</fieldset> </fieldset>
<fieldset class="row-fluid"> <fieldset class="row-fluid">
<legend>Customer Details</legend> <legend>
Customer Details
<button id="select-customer" class="btn btn-primary btn-mini"
title="Pick an existing customer." type="button">Select Existing Customer</button>
<input type="text" id="filter-existing-customers" placeholder="Type to filter customers."
style="display: none;" class="input-medium"/>
<div id="existing-customers-list" style="display: none;"></div>
</legend>
<input id="customer-id" type="hidden" /> <input id="customer-id" type="hidden" />
@ -192,9 +211,11 @@
<button type="button" class="close" data-dismiss="modal" <button type="button" class="close" data-dismiss="modal"
aria-hidden="true">&times;</button> aria-hidden="true">&times;</button>
<h3>Add Unavailable Period</h3> <h3>Add Unavailable Period</h3>
<div class="modal-message" class="alert" style="display: none;"></div>
</div> </div>
<div class="modal-message alert" style="display: none;"></div>
<div class="modal-body"> <div class="modal-body">
<form class="form-horizontal"> <form class="form-horizontal">
<fieldset> <fieldset>

16
src/application/views/backend/customers.php
View file

@ -9,7 +9,13 @@
'availableProviders': <?php echo json_encode($available_providers); ?>, 'availableProviders': <?php echo json_encode($available_providers); ?>,
'availableServices': <?php echo json_encode($available_services); ?>, 'availableServices': <?php echo json_encode($available_services); ?>,
'baseUrl': <?php echo '"' . $base_url . '"'; ?>, 'baseUrl': <?php echo '"' . $base_url . '"'; ?>,
'customers': <?php echo json_encode($customers); ?> 'customers': <?php echo json_encode($customers); ?>,
'user' : {
'id' : <?php echo $user_id; ?>,
'email' : <?php echo '"' . $user_email . '"'; ?>,
'role_slug' : <?php echo '"' . $role_slug . '"'; ?>,
'privileges': <?php echo json_encode($privileges); ?>
}
}; };
$(document).ready(function() { $(document).ready(function() {
@ -38,15 +44,23 @@
<div id="details" class="span7 row-fluid"> <div id="details" class="span7 row-fluid">
<div class="btn-toolbar"> <div class="btn-toolbar">
<div id="add-edit-delete-group" class="btn-group"> <div id="add-edit-delete-group" class="btn-group">
<?php if ($privileges[PRIV_CUSTOMERS]['add'] == TRUE) { ?>
<button id="add-customer" class="btn"> <button id="add-customer" class="btn">
<i class="icon-plus"></i> <i class="icon-plus"></i>
Add</button> Add</button>
<?php } ?>
<?php if ($privileges[PRIV_CUSTOMERS]['edit'] == TRUE) { ?>
<button id="edit-customer" class="btn" disabled="disabled"> <button id="edit-customer" class="btn" disabled="disabled">
<i class="icon-pencil"></i> <i class="icon-pencil"></i>
Edit</button> Edit</button>
<?php }?>
<?php if ($privileges[PRIV_CUSTOMERS]['delete'] == TRUE) { ?>
<button id="delete-customer" class="btn" disabled="disabled"> <button id="delete-customer" class="btn" disabled="disabled">
<i class="icon-remove"></i> <i class="icon-remove"></i>
Delete</button> Delete</button>
<?php } ?>
</div> </div>
<div id="save-cancel-group" class="btn-group" style="display:none;"> <div id="save-cancel-group" class="btn-group" style="display:none;">

18
src/application/views/backend/header.php
View file

@ -73,31 +73,37 @@
<div id="header-menu"> <div id="header-menu">
<?php // CALENDAR MENU ITEM <?php // CALENDAR MENU ITEM
// ------------------------------------------------------ ?> // ------------------------------------------------------ ?>
<a href="<?php echo $base_url; ?>backend" class="menu-item"> <?php $hidden = ($privileges[PRIV_APPOINTMENTS]['view'] == TRUE) ? '' : 'hidden'; ?>
<a href="<?php echo $base_url; ?>backend" class="menu-item <?php echo $hidden; ?>">
Calendar Calendar
</a> </a>
<?php // CUSTOMERS MENU ITEM <?php // CUSTOMERS MENU ITEM
// ------------------------------------------------------ ?> // ------------------------------------------------------ ?>
<a href="<?php echo $base_url; ?>backend/customers" class="menu-item"> <?php $hidden = ($privileges[PRIV_CUSTOMERS]['view'] == TRUE) ? '' : 'hidden'; ?>
<a href="<?php echo $base_url; ?>backend/customers" class="menu-item <?php echo $hidden; ?>">
Customers Customers
</a> </a>
<?php // SERVICES MENU ITEM <?php // SERVICES MENU ITEM
// ------------------------------------------------------ ?> // ------------------------------------------------------ ?>
<a href="<?php echo $base_url; ?>backend/services" class="menu-item"> <?php $hidden = ($privileges[PRIV_SERVICES]['view'] == TRUE) ? '' : 'hidden'; ?>
<a href="<?php echo $base_url; ?>backend/services" class="menu-item <?php echo $hidden; ?>">
Services Services
</a> </a>
<?php // PROVIDERS MENU ITEM <?php // USERS MENU ITEM
// ------------------------------------------------------ ?> // ------------------------------------------------------ ?>
<a href="<?php echo $base_url; ?>backend/users" class="menu-item"> <?php $hidden = ($privileges[PRIV_USERS]['view'] == TRUE) ? '' : 'hidden'; ?>
<a href="<?php echo $base_url; ?>backend/users" class="menu-item <?php echo $hidden; ?>">
Users Users
</a> </a>
<?php // SETTINGS MENU ITEM <?php // SETTINGS MENU ITEM
// ------------------------------------------------------ ?> // ------------------------------------------------------ ?>
<a href="<?php echo $base_url; ?>backend/settings" class="menu-item"> <?php $hidden = ($privileges[PRIV_SYSTEM_SETTINGS]['view'] == TRUE
|| $privileges[PRIV_USER_SETTINGS]['view'] == TRUE) ? '' : 'hidden'; ?>
<a href="<?php echo $base_url; ?>backend/settings" class="menu-item <?php echo $hidden; ?>">
Settings Settings
</a> </a>

8
src/application/views/backend/services.php
View file

@ -5,7 +5,13 @@
var GlobalVariables = { var GlobalVariables = {
'baseUrl': <?php echo '"' . $base_url . '"'; ?>, 'baseUrl': <?php echo '"' . $base_url . '"'; ?>,
'services': <?php echo json_encode($services); ?>, 'services': <?php echo json_encode($services); ?>,
'categories': <?php echo json_encode($categories); ?> 'categories': <?php echo json_encode($categories); ?>,
'user' : {
'id' : <?php echo $user_id; ?>,
'email' : <?php echo '"' . $user_email . '"'; ?>,
'role_slug' : <?php echo '"' . $role_slug . '"'; ?>,
'privileges': <?php echo json_encode($privileges); ?>
}
}; };
$(document).ready(function() { $(document).ready(function() {

31
src/application/views/backend/settings.php
View file

@ -14,6 +14,12 @@
'settings': { 'settings': {
'system': <?php echo json_encode($system_settings); ?>, 'system': <?php echo json_encode($system_settings); ?>,
'user': <?php echo json_encode($user_settings); ?> 'user': <?php echo json_encode($user_settings); ?>
},
'user' : {
'id' : <?php echo $user_id; ?>,
'email' : <?php echo '"' . $user_email . '"'; ?>,
'role_slug' : <?php echo '"' . $role_slug . '"'; ?>,
'privileges': <?php echo json_encode($privileges); ?>
} }
}; };
@ -24,9 +30,17 @@
<div id="settings-page" class="row-fluid"> <div id="settings-page" class="row-fluid">
<ul class="nav nav-tabs"> <ul class="nav nav-tabs">
<li class="general-tab tab active"><a>General</a></li> <?php if ($privileges[PRIV_SYSTEM_SETTINGS]['view'] == TRUE) { ?>
<li class="general-tab tab"><a>General</a></li>
<?php } ?>
<?php if ($privileges[PRIV_SYSTEM_SETTINGS]['view'] == TRUE) { ?>
<li class="business-logic-tab tab"><a>Business Logic</a></li> <li class="business-logic-tab tab"><a>Business Logic</a></li>
<?php } ?>
<?php if ($privileges[PRIV_USER_SETTINGS]['view'] == TRUE) { ?>
<li class="user-tab tab"><a>User</a></li> <li class="user-tab tab"><a>User</a></li>
<?php } ?>
</ul> </ul>
<?php <?php
@ -36,12 +50,15 @@
// //
// -------------------------------------------------------------- // --------------------------------------------------------------
?> ?>
<div id="general" class="tab-content"> <?php $hidden = ($privileges[PRIV_SYSTEM_SETTINGS]['view'] == TRUE) ? '' : 'hidden'; ?>
<div id="general" class="tab-content <?php echo $hidden; ?>">
<form> <form>
<fieldset> <fieldset>
<legend> <legend>
General Settings General Settings
<?php if ($privileges[PRIV_SYSTEM_SETTINGS]['edit'] == TRUE) { ?>
<button type="button" class="save-settings btn btn-primary btn-mini">Save</button> <button type="button" class="save-settings btn btn-primary btn-mini">Save</button>
<?php } ?>
</legend> </legend>
<label for="company-name">Company Name *</label> <label for="company-name">Company Name *</label>
@ -80,12 +97,15 @@
// //
// -------------------------------------------------------------- // --------------------------------------------------------------
?> ?>
<div id="business-logic" class="tab-content" style="display: none;"> <?php $hidden = ($privileges[PRIV_SYSTEM_SETTINGS]['view'] == TRUE) ? '' : 'hidden'; ?>
<div id="business-logic" class="tab-content <?php echo $hidden; ?>">
<form> <form>
<fieldset> <fieldset>
<legend> <legend>
Business Logic Business Logic
<?php if ($privileges[PRIV_SYSTEM_SETTINGS]['edit'] == TRUE) { ?>
<button type="button" class="save-settings btn btn-primary btn-mini">Save</button> <button type="button" class="save-settings btn btn-primary btn-mini">Save</button>
<?php } ?>
</legend> </legend>
<div class="row-fluid"> <div class="row-fluid">
@ -201,12 +221,15 @@
// //
// -------------------------------------------------------------- // --------------------------------------------------------------
?> ?>
<div id="user" class="tab-content" style="display: none;"> <?php $hidden = ($privileges[PRIV_USER_SETTINGS]['view'] == TRUE) ? '' : 'hidden'; ?>
<div id="user" class="tab-content <?php echo $hidden; ?>">
<form class="row-fluid"> <form class="row-fluid">
<fieldset class="span5"> <fieldset class="span5">
<legend> <legend>
Personal Info Personal Info
<?php if ($privileges[PRIV_USER_SETTINGS]['edit'] == TRUE) { ?>
<button type="button" class="save-settings btn btn-primary btn-mini">Save</button> <button type="button" class="save-settings btn btn-primary btn-mini">Save</button>
<?php } ?>
</legend> </legend>
<input type="hidden" id="user-id" /> <input type="hidden" id="user-id" />

8
src/application/views/backend/users.php
View file

@ -23,7 +23,13 @@
'providers': <?php echo json_encode($providers); ?>, 'providers': <?php echo json_encode($providers); ?>,
'secretaries': <?php echo json_encode($secretaries); ?>, 'secretaries': <?php echo json_encode($secretaries); ?>,
'services': <?php echo json_encode($services); ?>, 'services': <?php echo json_encode($services); ?>,
'workingPlan': $.parseJSON(<?php echo json_encode($working_plan); ?>) 'workingPlan': $.parseJSON(<?php echo json_encode($working_plan); ?>),
'user' : {
'id' : <?php echo $user_id; ?>,
'email' : <?php echo '"' . $user_email . '"'; ?>,
'role_slug' : <?php echo '"' . $role_slug . '"'; ?>,
'privileges': <?php echo json_encode($privileges); ?>
}
}; };
$(document).ready(function() { $(document).ready(function() {

80
src/application/views/user/no_privileges.php
View file

@ -1,7 +1,73 @@
<?php <!DOCTYPE html>
<html>
/* <head>
* To change this template, choose Tools | Templates <meta http-equiv="content-type" content="text/html; charset=UTF-8">
* and open the template in the editor.
*/ <?php // INCLUDE JS FILES ?>
?> <script
type="text/javascript"
src="<?php echo $this->config->base_url(); ?>assets/js/libs/jquery/jquery.min.js"></script>
<script
type="text/javascript"
src="<?php echo $this->config->base_url(); ?>assets/js/libs/bootstrap/bootstrap.min.js"></script>
<?php // INCLUDE CSS FILES ?>
<link
rel="stylesheet"
type="text/css"
href="<?php echo $this->config->base_url(); ?>assets/css/libs/bootstrap/bootstrap.css">
<link
rel="stylesheet"
type="text/css"
href="<?php echo $this->config->base_url(); ?>assets/css/libs/bootstrap/bootstrap-responsive.css">
<?php // SET FAVICON FOR PAGE ?>
<link
rel="icon"
type="image/x-icon"
href="<?php echo $this->config->base_url(); ?>assets/images/favicon.ico">
<style>
body {
background-color: #CAEDF3;
}
#no-priv-frame {
width: 630px;
margin: 150px auto 0 auto;
background: #FFF;
border: 1px solid #DDDADA;
padding: 70px;
}
#login-icon {
float: right;
margin-top: 17px;
}
label {
font-weight: bold;
}
.btn {
margin-right: 10px;
}
</style>
</head>
<body>
<div id="no-priv-frame" class="frame-container">
<h3>No Privileges</h3>
<p>
You do not have the required privileges to view this page. Please navigate to a
different section.
</p>
<br>
<a href="<?php echo $this->config->base_url(); ?>backend" class="btn btn-danger btn-large">
<i class="icon-wrench icon-white"></i>
Backend Calendar
</a>
</div>
</body>
</html>

32
src/assets/css/backend.css
View file

@ -90,7 +90,7 @@ root {
} }
#modal-message { #modal-message {
margin: 10px 0px; margin: 10px;
} }
body .modal-header { body .modal-header {
@ -160,7 +160,7 @@ body .modal-header h3 {
} }
#calendar .fc-header-title h2 { #calendar .fc-header-title h2 {
font-size: 20px; font-size: 18px;
margin: 0px; margin: 0px;
line-height: 32px; line-height: 32px;
} }
@ -192,6 +192,34 @@ body .modal-header h3 {
margin-left: -430px; margin-left: -430px;
} }
#existing-customers-list {
height: 110px;
overflow-y: auto;
margin-bottom: 8px;
font-size: 12px;
line-height: 22px;
}
#existing-customers-list div {
display: inline-block;
width: 250px;
margin: 0 5px 5px 0;
padding: 3px 5px;
border-radius: 3px;
}
#existing-customers-list div:hover {
background: #B8F0C1;
font-weight: bold;
cursor: pointer;
}
#filter-existing-customers {
display: inline-block;
height: 14px;
font-size: 12px;
}
/* BACKEND CUSTOMERS PAGE /* BACKEND CUSTOMERS PAGE
-------------------------------------------------------------------- */ -------------------------------------------------------------------- */
#customers-page #filter-customers { #customers-page #filter-customers {

12
src/assets/js/backend.js
View file

@ -30,6 +30,11 @@ var Backend = {
DB_SLUG_SECRETARY: 'secretary', DB_SLUG_SECRETARY: 'secretary',
DB_SLUG_CUSTOMER: 'customer', DB_SLUG_CUSTOMER: 'customer',
PRIV_VIEW: 1,
PRIV_ADD: 2,
PRIV_EDIT: 4,
PRIV_DELETE: 8,
/** /**
* Place the backend footer always on the bottom of the page. * Place the backend footer always on the bottom of the page.
*/ */
@ -62,12 +67,15 @@ var Backend = {
* 'function' key values. * 'function' key values.
*/ */
displayNotification: function(message, actions) { displayNotification: function(message, actions) {
if (message === undefined) { if (message == undefined) {
message = 'NO MESSAGE PROVIDED FOR THIS NOTIFICATION'; message = 'NO MESSAGE PROVIDED FOR THIS NOTIFICATION';
} }
if (actions === undefined) { if (actions == undefined) {
actions = []; actions = [];
setTimeout(function() {
$('#notification').slideUp('slow');
}, 7000);
} }
var notificationHtml = var notificationHtml =

131
src/assets/js/backend_calendar.js
View file

@ -671,6 +671,98 @@ var BackendCalendar = {
$dialog.find('.modal-header h3').text('New Unavailable Period'); $dialog.find('.modal-header h3').text('New Unavailable Period');
$dialog.modal('show'); $dialog.modal('show');
}); });
/**
* Event: Pick Existing Customer Button "Click"
*/
$('#select-customer').click(function() {
var $list = $('#existing-customers-list');
if (!$list.is(':visible')) {
$(this).text('Hide List');
$list.empty();
$list.slideDown('slow');
$('#filter-existing-customers').fadeIn('slow');
$('#filter-existing-customers').val('');
$.each(GlobalVariables.customers, function(index, c) {
$list.append('<div data-id="' + c.id + '">'
+ c.first_name + ' ' + c.last_name + '</div>');
});
} else {
$list.slideUp('slow');
$('#filter-existing-customers').fadeOut('slow');
$(this).text('Select Existing Customer');
}
});
/**
* Event: Select Existing Customer From List "Click"
*/
$(document).on('click', '#existing-customers-list div', function() {
var id = $(this).attr('data-id');
$.each(GlobalVariables.customers, function(index, c) {
if (c.id == id) {
$('#customer-id').val(c.id);
$('#first-name').val(c.first_name);
$('#last-name').val(c.last_name);
$('#email').val(c.email);
$('#phone-number').val(c.phone_number);
$('#address').val(c.address);
$('#city').val(c.city);
$('#zip-code').val(c.zip_code);
return false;
}
});
$('#select-customer').trigger('click'); // hide list
});
/**
* Event: Filter Existing Customers "Change"
*/
$('#filter-existing-customers').keyup(function() {
var key = $(this).val();
var $list = $('#existing-customers-list');
$list.empty();
$.each(GlobalVariables.customers, function(index, c) {
if (c.first_name.indexOf(key) != -1
|| c.last_name.indexOf(key) != -1
|| c.email.indexOf(key) != -1
|| c.phone_number.indexOf(key) != -1
|| c.address.indexOf(key) != -1
|| c.city.indexOf(key) != -1
|| c.zip_code.indexOf(key) != -1) {
$list.append('<div data-id="' + c.id + '">'
+ c.first_name + ' ' + c.last_name + '</div>');
}
});
});
/**
* Event: Selected Service "Change"
*
* When the user clicks on a service, its available providers should
* become visible.
*/
$('#select-service').change(function() {
var sid = $('#select-service').val();
$('#select-provider').empty();
$.each(GlobalVariables.availableProviders, function(indexProvider, provider) {
$.each(provider.services, function(indexService, serviceId) {
// If the current provider is able to provide the selected service,
// add him to the listbox.
if (serviceId == sid) {
var optionHtml = '<option value="' + provider['id'] + '">'
+ provider['last_name'] + ' ' + provider['first_name']
+ '</option>';
$('#select-provider').append(optionHtml);
}
});
});
});
}, },
/** /**
@ -1011,6 +1103,13 @@ var BackendCalendar = {
*/ */
calendarEventResize: function(event, dayDelta, minuteDelta, revertFunc, calendarEventResize: function(event, dayDelta, minuteDelta, revertFunc,
jsEvent, ui, view) { jsEvent, ui, view) {
if (GlobalVariables.user.privileges.appointments.edit == false) {
revertFunc();
Backend.displayNotification('You do not have the required privileges to '
+ 'edit appointments.');
return;
}
if ($('#notification').is(':visible')) { if ($('#notification').is(':visible')) {
$('#notification').hide('bind'); $('#notification').hide('bind');
} }
@ -1164,7 +1263,7 @@ var BackendCalendar = {
calendarEventClick: function(event, jsEvent, view) { calendarEventClick: function(event, jsEvent, view) {
$('.popover').remove(); // Close all open popovers. $('.popover').remove(); // Close all open popovers.
var html; // Popover's html code var html, displayEdit, displayDelete;
// Depending where the user clicked the event (title or empty space) we // Depending where the user clicked the event (title or empty space) we
// need to use different selectors to reach the parent element. // need to use different selectors to reach the parent element.
@ -1172,9 +1271,11 @@ var BackendCalendar = {
var $altParent = $(jsEvent.target).parents().eq(1); var $altParent = $(jsEvent.target).parents().eq(1);
if ($parent.hasClass('fc-unavailable') || $altParent.hasClass('fc-unavailable')) { if ($parent.hasClass('fc-unavailable') || $altParent.hasClass('fc-unavailable')) {
var displayEdit = ($parent.hasClass('fc-custom') || $altParent.hasClass('fc-custom')) displayEdit = (($parent.hasClass('fc-custom') || $altParent.hasClass('fc-custom'))
&& GlobalVariables.user.privileges.appointments.edit == true)
? '' : 'hide'; ? '' : 'hide';
var displayDelete = displayEdit; // Same value at the time. displayDelete = (GlobalVariables.user.privileges.appointments.delete == true)
? '' : 'hide'; // Same value at the time.
var notes = ''; var notes = '';
if (event.data) { // Only custom unavailable periods have notes. if (event.data) { // Only custom unavailable periods have notes.
@ -1199,7 +1300,12 @@ var BackendCalendar = {
'<button class="delete-popover btn btn-danger ' + displayDelete + '">Delete</button>' + '<button class="delete-popover btn btn-danger ' + displayDelete + '">Delete</button>' +
'<button class="close-popover btn" data-po=' + jsEvent.target + '>Close</button>' + '<button class="close-popover btn" data-po=' + jsEvent.target + '>Close</button>' +
'</center>'; '</center>';
} else { } else {
displayEdit = (GlobalVariables.user.privileges.appointments.edit == true)
? '' : 'hide';
displayDelete = (GlobalVariables.user.privileges.appointments.delete == true)
? '' : 'hide';
html = html =
'<style type="text/css">' '<style type="text/css">'
+ '.popover-content strong {min-width: 80px; display:inline-block;}' + '.popover-content strong {min-width: 80px; display:inline-block;}'
@ -1223,8 +1329,8 @@ var BackendCalendar = {
+ event.data['customer']['last_name'] + event.data['customer']['last_name']
+ '<hr>' + + '<hr>' +
'<center>' + '<center>' +
'<button class="edit-popover btn btn-primary">Edit</button>' + '<button class="edit-popover btn btn-primary ' + displayEdit + '">Edit</button>' +
'<button class="delete-popover btn btn-danger">Delete</button>' + '<button class="delete-popover btn btn-danger ' + displayDelete + '">Delete</button>' +
'<button class="close-popover btn" data-po=' + jsEvent.target + '>Close</button>' + '<button class="close-popover btn" data-po=' + jsEvent.target + '>Close</button>' +
'</center>'; '</center>';
} }
@ -1254,6 +1360,13 @@ var BackendCalendar = {
*/ */
calendarEventDrop : function(event, dayDelta, minuteDelta, allDay, calendarEventDrop : function(event, dayDelta, minuteDelta, allDay,
revertFunc, jsEvent, ui, view) { revertFunc, jsEvent, ui, view) {
if (GlobalVariables.user.privileges.appointments.edit == false) {
revertFunc();
Backend.displayNotification('You do not have the required privileges to '
+ 'edit appointments.');
return;
}
if ($('#notification').is(':visible')) { if ($('#notification').is(':visible')) {
$('#notification').hide('bind'); $('#notification').hide('bind');
} }
@ -1458,7 +1571,7 @@ var BackendCalendar = {
// :: EMPTY FORM FIELDS // :: EMPTY FORM FIELDS
$dialog.find('input, textarea').val(''); $dialog.find('input, textarea').val('');
$dialog.find('#modal-message').hide(); $dialog.find('.modal-message').hide();
$dialog.find('#select-service, #select-provider').empty(); $dialog.find('#select-service, #select-provider').empty();
// :: PREPARE SERVICE AND PROVIDER LISTBOXES // :: PREPARE SERVICE AND PROVIDER LISTBOXES
@ -1526,7 +1639,7 @@ var BackendCalendar = {
// Reset previous validation css formating. // Reset previous validation css formating.
$dialog.find('.control-group').removeClass('error'); $dialog.find('.control-group').removeClass('error');
$dialog.find('#modal-message').hide(); $dialog.find('.modal-message').hide();
try { try {
// :: CHECK REQUIRED FIELDS // :: CHECK REQUIRED FIELDS
@ -1549,7 +1662,7 @@ var BackendCalendar = {
return true; return true;
} catch(exc) { } catch(exc) {
$dialog.find('#modal-message').addClass('alert-error').text(exc).show('fade'); $dialog.find('.modal-message').addClass('alert-error').text(exc).show('fade');
return false; return false;
} }
}, },

5
src/assets/js/backend_customers.js
View file

@ -294,12 +294,17 @@ CustomersHelper.prototype.validate = function(customer) {
*/ */
CustomersHelper.prototype.resetForm = function() { CustomersHelper.prototype.resetForm = function() {
$('#details').find('input, textarea').val(''); $('#details').find('input, textarea').val('');
$('#details').find('input, textarea').prop('readonly', true);
$('#customer-appointments').html(''); $('#customer-appointments').html('');
$('#appointment-details').html(''); $('#appointment-details').html('');
$('#edit-customer, #delete-customer').prop('disabled', true); $('#edit-customer, #delete-customer').prop('disabled', true);
$('#add-edit-delete-group').show(); $('#add-edit-delete-group').show();
$('#save-cancel-group').hide(); $('#save-cancel-group').hide();
$('#details .required').css('border', '');
$('#details #form-message').hide();
$('#filter-customers button').prop('disabled', false); $('#filter-customers button').prop('disabled', false);
$('#filter-customers .selected-row').removeClass('selected-row'); $('#filter-customers .selected-row').removeClass('selected-row');
$('#filter-customers .results').css('color', ''); $('#filter-customers .results').css('color', '');

6
src/assets/js/backend_services.js
View file

@ -292,7 +292,7 @@ ServicesHelper.prototype.delete = function(id) {
BackendServices.helper.resetForm(); BackendServices.helper.resetForm();
BackendServices.helper.filter($('#filter-services .key').val()); BackendServices.helper.filter($('#filter-services .key').val());
}); }, 'json');
}; };
/** /**
@ -641,7 +641,7 @@ CategoriesHelper.prototype.save = function(category) {
$('#filter-categories .key').val(''); $('#filter-categories .key').val('');
BackendServices.helper.filter('', response.id, true); BackendServices.helper.filter('', response.id, true);
BackendServices.updateAvailableCategories(); BackendServices.updateAvailableCategories();
}); }, 'json');
}; };
/** /**
@ -665,7 +665,7 @@ CategoriesHelper.prototype.delete = function(id) {
BackendServices.helper.resetForm(); BackendServices.helper.resetForm();
BackendServices.helper.filter($('#filter-categories .key').val()); BackendServices.helper.filter($('#filter-categories .key').val());
BackendServices.updateAvailableCategories(); BackendServices.updateAvailableCategories();
}); }, 'json');
}; };
/** /**

14
src/assets/js/backend_settings.js
View file

@ -81,7 +81,21 @@ var BackendSettings = {
if (bindEventHandlers) { if (bindEventHandlers) {
BackendSettings.bindEventHandlers(); BackendSettings.bindEventHandlers();
$('#settings-page .nav li').first().addClass('active');
$('#settings-page .nav li').first().find('a').trigger('click');
} }
// Apply Privileges
if (GlobalVariables.user.privileges.system_settings.edit == false) {
$('#general, #business-logic').find('select, input, textarea').prop('readonly', true);
$('#general, #business-logic').find('button').prop('disabled', true);
}
if (GlobalVariables.user.privileges.user_settings.edit == false) {
$('#user').find('select, input, textarea').prop('readonly', true);
$('#user').find('button').prop('disabled', true);
}
}, },
/** /**

2
src/assets/js/backend_users_admins.js
View file

@ -201,7 +201,7 @@ AdminsHelper.prototype.delete = function(id) {
Backend.displayNotification('Admin deleted successfully!'); Backend.displayNotification('Admin deleted successfully!');
BackendUsers.helper.resetForm(); BackendUsers.helper.resetForm();
BackendUsers.helper.filter($('#filter-admins .key').val()); BackendUsers.helper.filter($('#filter-admins .key').val());
}); }, 'json');
}; };
/** /**

2
src/assets/js/backend_users_providers.js
View file

@ -242,7 +242,7 @@ ProvidersHelper.prototype.delete = function(id) {
Backend.displayNotification('Provider deleted successfully!'); Backend.displayNotification('Provider deleted successfully!');
BackendUsers.helper.resetForm(); BackendUsers.helper.resetForm();
BackendUsers.helper.filter($('#filter-providers .key').val()); BackendUsers.helper.filter($('#filter-providers .key').val());
}); }, 'json');
}; };
/** /**

2
src/assets/js/backend_users_secretaries.js
View file

@ -212,7 +212,7 @@ SecretariesHelper.prototype.delete = function(id) {
Backend.displayNotification('Secretary deleted successfully!'); Backend.displayNotification('Secretary deleted successfully!');
BackendUsers.helper.resetForm(); BackendUsers.helper.resetForm();
BackendUsers.helper.filter($('#filter-secretaries .key').val()); BackendUsers.helper.filter($('#filter-secretaries .key').val());
}); }, 'json');
}; };
/** /**