maket/MaketRandevu
1
1
Fork 0
Code Issues 15 Pull requests Projects Releases 4 Packages Wiki Activity

Corrected Google_sync library loading and made permissions check before returning the table view calendar events.

Browse source
This commit is contained in:
Alex Tselegidis 2016-07-20 22:33:24 +02:00
parent f4e4b3eb61
commit bc1b82b7da
2 changed files with 37 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/application/controllers/Appointments.php
View file

@ -183,7 +183,7 @@ class Appointments extends CI_Controller {
if ($google_sync == TRUE) { if ($google_sync == TRUE) {
$google_token = json_decode($this->providers_model $google_token = json_decode($this->providers_model
->get_setting('google_token', $provider['id'])); ->get_setting('google_token', $provider['id']));
$this->load->library('Google_Sync'); $this->load->library('Google_sync');
$this->google_sync->refresh_token($google_token->refresh_token); $this->google_sync->refresh_token($google_token->refresh_token);
$this->google_sync->delete_appointment($provider, $appointment['id_google_calendar']); $this->google_sync->delete_appointment($provider, $appointment['id_google_calendar']);
} }

37
src/application/controllers/Backend_api.php
View file

@ -87,6 +87,41 @@ class Backend_api extends CI_Controller {
$appointment['customer'] = $this->customers_model->get_row($appointment['id_users_customer']); $appointment['customer'] = $this->customers_model->get_row($appointment['id_users_customer']);
} }
$userId = $this->session->userdata('user_id');
$roleSlug = $this->session->userdata('role_slug');
// If the current user is a provider he must only see his own appointments.
if ($roleSlug === DB_SLUG_PROVIDER) {
foreach($response['appointments'] as $index => $appointment) {
if ((int)$appointment['id_users_provider'] !== (int)$userId) {
unset($response['appointments'][$index]);
}
}
foreach($response['unavailabilities'] as $index => $unavailability) {
if ((int)$unavailability['id_users_provider'] !== (int)$userId) {
unset($response['unavailabilities'][$index]);
}
}
}
// If the current user is a secretary he must only see the appointments of his providers.
if ($roleSlug === DB_SLUG_SECRETARY) {
$this->load->model('secretaries_model');
$providers = $this->secretaries_model->get_row($userId)['providers'];
foreach($response['appointments'] as $index => $appointment) {
if (!in_array((int)$appointment['id_users_provider'], $providers)) {
unset($response['appointments'][$index]);
}
}
foreach($response['unavailabilities'] as $index => $unavailability) {
if (!in_array((int)$unavailability['id_users_provider'], $providers)) {
unset($response['unavailabilities'][$index]);
}
}
}
$this->output->set_output(json_encode($response)); $this->output->set_output(json_encode($response));
} catch(Exception $exc) { } catch(Exception $exc) {
$this->output->set_output(json_encode([ $this->output->set_output(json_encode([
@ -234,7 +269,7 @@ class Backend_api extends CI_Controller {
$google_token = json_decode($this->providers_model->get_setting('google_token', $google_token = json_decode($this->providers_model->get_setting('google_token',
$appointment['id_users_provider'])); $appointment['id_users_provider']));
$this->load->library('Google_Sync'); $this->load->library('Google_sync');
$this->google_sync->refresh_token($google_token->refresh_token); $this->google_sync->refresh_token($google_token->refresh_token);
if ($appointment['id_google_calendar'] == NULL) { if ($appointment['id_google_calendar'] == NULL) {