diff --git a/application/controllers/Backend_api.php b/application/controllers/Backend_api.php index e1b99deb..be99d282 100755 --- a/application/controllers/Backend_api.php +++ b/application/controllers/Backend_api.php @@ -11,6 +11,25 @@ * @since v1.0.0 * ---------------------------------------------------------------------------- */ +/* +|------------------------------------------------------------------------------ +| Deprecation Notice +|------------------------------------------------------------------------------ +| +| This file is still in the project for backwards compatibility reasons and for +| providing additional information on how to migrate your code to the latest +| codebase state. +| +| Visit the Easy!Appointments Developers website for more information: +| +| https://developers.easyappointments.org +| +| Since v1.5, the methods of this controller were ported to standalone controller +| classes, that can both handle the page rendering and all asynchronous HTTP +| requests. +| +*/ + /** * Backend API controller. * @@ -19,217 +38,20 @@ * @package Controllers */ class Backend_api extends EA_Controller { - /** - * @var array - */ - protected $permissions; - - /** - * Backend_api constructor. - */ - public function __construct() - { - parent::__construct(); - - $this->load->model('admins_model'); - $this->load->model('appointments_model'); - $this->load->model('consents_model'); - $this->load->model('customers_model'); - $this->load->model('providers_model'); - $this->load->model('roles_model'); - $this->load->model('secretaries_model'); - $this->load->model('categories_model'); - $this->load->model('services_model'); - $this->load->model('settings_model'); - $this->load->model('unavailabilities_model'); - $this->load->model('users_model'); - - $this->load->library('google_sync'); - $this->load->library('ics_file'); - $this->load->library('notifications'); - $this->load->library('synchronization'); - $this->load->library('timezones'); - - $role_slug = session('role_slug'); - - if ($role_slug) - { - $this->permissions = $this->roles_model->get_permissions_by_slug($role_slug); - } - } - /** * Get Calendar Events - * - * This method will return all the calendar events within a specified period. */ public function ajax_get_calendar_events() { - try - { - $start_date = request('startDate') . ' 00:00:00'; - - $end_date = request('endDate') . ' 23:59:59'; - - $response = [ - 'appointments' => $this->appointments_model->get([ - 'is_unavailable' => FALSE, - 'start_datetime >=' => $start_date, - 'end_datetime <=' => $end_date - ]), - 'unavailability_events' => $this->appointments_model->get([ - 'is_unavailable' => TRUE, - 'start_datetime >=' => $start_date, - 'end_datetime <=' => $end_date - ]) - ]; - - foreach ($response['appointments'] as &$appointment) - { - $appointment['provider'] = $this->providers_model->find($appointment['id_users_provider']); - $appointment['service'] = $this->services_model->find($appointment['id_services']); - $appointment['customer'] = $this->customers_model->find($appointment['id_users_customer']); - } - - unset($appointment); - - $user_id = session('user_id'); - - $role_slug = session('role_slug'); - - // If the current user is a provider he must only see his own appointments. - if ($role_slug === DB_SLUG_PROVIDER) - { - foreach ($response['appointments'] as $index => $appointment) - { - if ((int)$appointment['id_users_provider'] !== (int)$user_id) - { - unset($response['appointments'][$index]); - } - } - - foreach ($response['unavailability_events'] as $index => $unavailability_event) - { - if ((int)$unavailability_event['id_users_provider'] !== (int)$user_id) - { - unset($response['unavailability_events'][$index]); - } - } - } - - // If the current user is a secretary he must only see the appointments of his providers. - if ($role_slug === DB_SLUG_SECRETARY) - { - $providers = $this->secretaries_model->find($user_id)['providers']; - - foreach ($response['appointments'] as $index => $appointment) - { - if ( ! in_array((int)$appointment['id_users_provider'], $providers)) - { - unset($response['appointments'][$index]); - } - } - - foreach ($response['unavailability_events'] as $index => $unavailability_event) - { - if ( ! in_array((int)$unavailability_event['id_users_provider'], $providers)) - { - unset($response['unavailability_events'][$index]); - } - } - } - - json_response($response); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('calendar/get_calendar_appointments_for_table_view'); } /** * Get the registered appointments for the given date period and record. - * - * This method returns the database appointments and unavailable periods for the user selected date period and - * record type (provider or service). */ public function ajax_get_calendar_appointments() { - try - { - if ($this->permissions[PRIV_APPOINTMENTS]['view'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $filter_type = request('filter_type'); - - if ( ! $filter_type) - { - json_response([ - 'appointments' => [], - 'unavailables' => [] - ]); - - return; - } - - if ($filter_type == FILTER_TYPE_PROVIDER) - { - $where_id = 'id_users_provider'; - } - else - { - $where_id = 'id_services'; - } - - // Get appointments - $record_id = $this->db->escape(request('record_id')); - $start_date = $this->db->escape(request('start_date')); - $end_date = $this->db->escape(date('Y-m-d', strtotime(request('end_date') . ' +1 day'))); - - $where_clause = $where_id . ' = ' . $record_id . ' - AND ((start_datetime > ' . $start_date . ' AND start_datetime < ' . $end_date . ') - or (end_datetime > ' . $start_date . ' AND end_datetime < ' . $end_date . ') - or (start_datetime <= ' . $start_date . ' AND end_datetime >= ' . $end_date . ')) - AND is_unavailable = 0 - '; - - $response['appointments'] = $this->appointments_model->get($where_clause); - - foreach ($response['appointments'] as &$appointment) - { - $appointment['provider'] = $this->providers_model->find($appointment['id_users_provider']); - $appointment['service'] = $this->services_model->find($appointment['id_services']); - $appointment['customer'] = $this->customers_model->find($appointment['id_users_customer']); - } - - // Get unavailable periods (only for provider). - $response['unavailables'] = []; - - if ($filter_type == FILTER_TYPE_PROVIDER) - { - $where_clause = $where_id . ' = ' . $record_id . ' - AND ((start_datetime > ' . $start_date . ' AND start_datetime < ' . $end_date . ') - or (end_datetime > ' . $start_date . ' AND end_datetime < ' . $end_date . ') - or (start_datetime <= ' . $start_date . ' AND end_datetime >= ' . $end_date . ')) - AND is_unavailable = 1 - '; - - $response['unavailables'] = $this->appointments_model->get($where_clause); - } - - foreach ($response['unavailables'] as &$unavailable) - { - $unavailable['provider'] = $this->providers_model->find($unavailable['id_users_provider']); - } - - json_response($response); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('calendar/get_calendar_appointments'); } /** @@ -237,182 +59,23 @@ class Backend_api extends EA_Controller { */ public function ajax_save_appointment() { - try - { - // Save customer changes to the database. - $customer_data = request('customer_data'); - - if ($customer_data) - { - $customer = json_decode($customer_data, TRUE); - - $required_permissions = ( ! isset($customer['id'])) - ? $this->permissions[PRIV_CUSTOMERS]['add'] - : $this->permissions[PRIV_CUSTOMERS]['edit']; - - if ($required_permissions == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $customer['id'] = $this->customers_model->save($customer); - } - - // Save appointment changes to the database. - $appointment_data = request('appointment_data'); - - $manage_mode = ! empty($appointment_data['id']); - - if ($appointment_data) - { - $appointment = json_decode($appointment_data, TRUE); - - $required_permissions = ( ! isset($appointment['id'])) - ? $this->permissions[PRIV_APPOINTMENTS]['add'] - : $this->permissions[PRIV_APPOINTMENTS]['edit']; - - if ($required_permissions == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - // If the appointment does not contain the customer record id, then it means that is going to be - // inserted. - if ( ! isset($appointment['id_users_customer'])) - { - $appointment['id_users_customer'] = $customer['id'] ?? $customer_data['id']; - } - - $appointment['id'] = $this->appointments_model->save($appointment); - } - - if (empty($appointment['id'])) - { - throw new RuntimeException('The appointment ID is not available.'); - } - - $appointment = $this->appointments_model->find($appointment['id']); - $provider = $this->providers_model->find($appointment['id_users_provider']); - $customer = $this->customers_model->find($appointment['id_users_customer']); - $service = $this->services_model->find($appointment['id_services']); - - $settings = [ - 'company_name' => setting('company_name'), - 'company_link' => setting('company_link'), - 'company_email' => setting('company_email'), - 'date_format' => setting('date_format'), - 'time_format' => setting('time_format') - ]; - - $this->synchronization->sync_appointment_saved($appointment, $service, $provider, $customer, $settings, $manage_mode); - - $this->notifications->notify_appointment_saved($appointment, $service, $provider, $customer, $settings, $manage_mode); - - json_response([ - 'success' => TRUE, - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('calendar/save_appointment'); } /** * Delete appointment from the database. - * - * This method deletes an existing appointment from the database. Once this action is finished it cannot be undone. - * Notification emails are send to both provider and customer and the delete action is executed to the Google - * Calendar account of the provider, if the "google_sync" setting is enabled. */ public function ajax_delete_appointment() { - try - { - if (cannot('delete', PRIV_APPOINTMENTS)) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $appointment_id = request('appointment_id'); - - if (empty($appointment_id)) - { - throw new Exception('No appointment id provided.'); - } - - // Store appointment data for later use in this method. - $appointment = $this->appointments_model->find($appointment_id); - $provider = $this->providers_model->find($appointment['id_users_provider']); - $customer = $this->customers_model->find($appointment['id_users_customer']); - $service = $this->services_model->find($appointment['id_services']); - - $settings = [ - 'company_name' => setting('company_name'), - 'company_email' => setting('company_email'), - 'company_link' => setting('company_link'), - 'date_format' => setting('date_format'), - 'time_format' => setting('time_format') - ]; - - // Delete appointment record from the database. - $this->appointments_model->delete($appointment_id); - - $this->notifications->notify_appointment_deleted($appointment, $service, $provider, $customer, $settings); - - $this->synchronization->sync_appointment_deleted($appointment, $provider); - - json_response([ - 'success' => TRUE, - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('calendar/delete_appointment'); } /** * Disable a providers sync setting. - * - * This method deletes the "google_sync" and "google_token" settings from the database. - * - * After that the provider's appointments will be no longer synced with Google Calendar. */ public function ajax_disable_provider_sync() { - try - { - $provider_id = request('provider_id'); - - if ( ! $provider_id) - { - throw new Exception('Provider id not specified.'); - } - - $user_id = session('user_id'); - - if ( - $this->permissions[PRIV_USERS]['edit'] === FALSE - && (int)$user_id !== (int)$provider_id) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $this->providers_model->set_setting($provider_id, 'google_sync', FALSE); - - $this->providers_model->set_setting($provider_id, 'google_token', NULL); - - $this->appointments_model->clear_google_sync_ids($provider_id); - - json_response([ - 'success' => TRUE, - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('google/disable_provider_sync'); } /** @@ -420,124 +83,15 @@ class Backend_api extends EA_Controller { */ public function ajax_filter_customers() { - try - { - if ($this->permissions[PRIV_CUSTOMERS]['view'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $key = $this->db->escape_str(request('key')); - - $key = strtoupper($key); - - $where = - '(first_name LIKE upper("%' . $key . '%") OR ' . - 'last_name LIKE upper("%' . $key . '%") OR ' . - 'email LIKE upper("%' . $key . '%") OR ' . - 'phone_number LIKE upper("%' . $key . '%") OR ' . - 'address LIKE upper("%' . $key . '%") OR ' . - 'city LIKE upper("%' . $key . '%") OR ' . - 'zip_code LIKE upper("%' . $key . '%") OR ' . - 'notes LIKE upper("%' . $key . '%"))'; - - $order_by = 'first_name ASC, last_name ASC'; - - $limit = request('limit'); - - if ($limit === NULL) - { - $limit = 1000; - } - - $customers = $this->customers_model->get($where, $limit, NULL, $order_by); - - foreach ($customers as &$customer) - { - $appointments = $this->appointments_model->get(['id_users_customer' => $customer['id']]); - - foreach ($appointments as &$appointment) - { - $this->appointments_model->load($appointment, [ - 'service', - 'provider', - ]); - } - - $customer['appointments'] = $appointments; - } - - json_response($customers); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('customers/search'); } /** - * Insert of update unavailable time period to database. + * Insert or update an unavailability. */ public function ajax_save_unavailable() { - try - { - // Check privileges - $unavailable = json_decode(request('unavailable'), TRUE); - - $required_permissions = ( ! isset($unavailable['id'])) - ? $this->permissions[PRIV_APPOINTMENTS]['add'] - : $this->permissions[PRIV_APPOINTMENTS]['edit']; - - if ( ! $required_permissions) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $provider = $this->providers_model->find($unavailable['id_users_provider']); - - // Add appointment - $unavailable['id'] = $this->unavailabilities_model->save($unavailable); - - $unavailable = $this->unavailabilities_model->find($unavailable['id']); // fetch all inserted data - - // Google Sync - try - { - $google_sync = $this->providers_model->get_setting($unavailable['id_users_provider'], 'google_sync'); - - if ($google_sync) - { - $google_token = json_decode($this->providers_model->get_setting($unavailable['id_users_provider'], 'google_token')); - - $this->google_sync->refresh_token($google_token->refresh_token); - - if ($unavailable['id_google_calendar'] == NULL) - { - $google_event = $this->google_sync->add_unavailable($provider, $unavailable); - $unavailable['id_google_calendar'] = $google_event->id; - $this->unavailabilities_model->save($unavailable); - } - else - { - $this->google_sync->update_unavailable($provider, $unavailable); - } - } - } - catch (Throwable $e) - { - $warnings[] = $e; - } - - json_response([ - 'success' => TRUE, - 'warnings' => $warnings ?? [] - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('calendar/save_unavailability'); } /** @@ -545,49 +99,7 @@ class Backend_api extends EA_Controller { */ public function ajax_delete_unavailable() { - try - { - if ($this->permissions[PRIV_APPOINTMENTS]['delete'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $unavailable_id = request('unavailable_id'); - - $unavailable = $this->appointments_model->find($unavailable_id); - - $provider = $this->providers_model->find($unavailable['id_users_provider']); - - $this->appointments_model->delete($unavailable['id']); - - // Google Sync - try - { - $google_sync = $this->providers_model->get_setting($provider['id'], 'google_sync'); - - if ($google_sync == TRUE) - { - $google_token = json_decode($this->providers_model->get_setting($provider['id'], 'google_token')); - - $this->google_sync->refresh_token($google_token->refresh_token); - - $this->google_sync->delete_unavailable($provider, $unavailable['id_google_calendar']); - } - } - catch (Throwable $e) - { - $warnings[] = $e; - } - - json_response([ - 'success' => TRUE, - 'warnings' => $warnings ?? [] - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('calendar/delete_unavailability'); } /** @@ -595,31 +107,7 @@ class Backend_api extends EA_Controller { */ public function ajax_save_working_plan_exception() { - try - { - $required_permissions = $this->permissions[PRIV_USERS]['edit']; - - if ( ! $required_permissions) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $date = request('date'); - - $working_plan_exception = request('working_plan_exception'); - - $provider_id = request('provider_id'); - - $this->providers_model->save_working_plan_exception($provider_id, $date, $working_plan_exception); - - json_response([ - 'success' => TRUE, - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('calendar/save_working_plan_exception'); } /** @@ -627,29 +115,7 @@ class Backend_api extends EA_Controller { */ public function ajax_delete_working_plan_exception() { - try - { - $required_permissions = $this->permissions[PRIV_USERS]['edit']; - - if ( ! $required_permissions) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $date = request('date'); - - $provider_id = request('provider_id'); - - $this->providers_model->delete_working_plan_exception($provider_id, $date); - - json_response([ - 'success' => TRUE - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('calendar/delete_working_plan_exception'); } /** @@ -657,30 +123,7 @@ class Backend_api extends EA_Controller { */ public function ajax_save_customer() { - try - { - $customer = json_decode(request('customer'), TRUE); - - $required_permissions = ( ! isset($customer['id'])) - ? $this->permissions[PRIV_CUSTOMERS]['add'] - : $this->permissions[PRIV_CUSTOMERS]['edit']; - - if ( ! $required_permissions) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $customer_id = $this->customers_model->save($customer); - - json_response([ - 'success' => TRUE, - 'id' => $customer_id - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('customers/create'); // or "customers/update" } /** @@ -688,21 +131,7 @@ class Backend_api extends EA_Controller { */ public function ajax_delete_customer() { - try - { - if ($this->permissions[PRIV_CUSTOMERS]['delete'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $this->customers_model->delete(request('customer_id')); - - response(); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('customers/destroy'); } /** @@ -710,30 +139,7 @@ class Backend_api extends EA_Controller { */ public function ajax_save_service() { - try - { - $service = json_decode(request('service'), TRUE); - - $required_permissions = ( ! isset($service['id'])) - ? $this->permissions[PRIV_SERVICES]['add'] - : $this->permissions[PRIV_SERVICES]['edit']; - - if ( ! $required_permissions) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $service_id = $this->services_model->save($service); - - json_response([ - 'success' => TRUE, - 'id' => $service_id - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('services/create'); // or "services/update" } /** @@ -741,25 +147,7 @@ class Backend_api extends EA_Controller { */ public function ajax_delete_service() { - try - { - if ($this->permissions[PRIV_SERVICES]['delete'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $service_id = request('service_id'); - - $this->services_model->delete($service_id); - - json_response([ - 'success' => TRUE, - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('services/destroy'); } /** @@ -767,28 +155,7 @@ class Backend_api extends EA_Controller { */ public function ajax_filter_services() { - try - { - if ($this->permissions[PRIV_SERVICES]['view'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $key = $this->db->escape_str(request('key')); - - $where = - '(name LIKE "%' . $key . '%" OR duration LIKE "%' . $key . '%" OR ' . - 'price LIKE "%' . $key . '%" OR currency LIKE "%' . $key . '%" OR ' . - 'description LIKE "%' . $key . '%")'; - - $services = $this->services_model->get($where); - - json_response($services); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('services/search'); } /** @@ -796,30 +163,7 @@ class Backend_api extends EA_Controller { */ public function ajax_save_service_category() { - try - { - $category = json_decode(request('category'), TRUE); - - $required_permissions = ( ! isset($category['id'])) - ? $this->permissions[PRIV_SERVICES]['add'] - : $this->permissions[PRIV_SERVICES]['edit']; - - if ( ! $required_permissions) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $category_id = $this->categories_model->save($category); - - json_response([ - 'success' => TRUE, - 'id' => $category_id - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('categories/create'); // or "categories/update" } /** @@ -827,25 +171,7 @@ class Backend_api extends EA_Controller { */ public function ajax_delete_service_category() { - try - { - if ($this->permissions[PRIV_SERVICES]['delete'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $service_category_id = request('category_id'); - - $this->categories_model->delete($service_category_id); - - json_response([ - 'success' => TRUE - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('categories/destroy'); } /** @@ -853,25 +179,7 @@ class Backend_api extends EA_Controller { */ public function ajax_filter_service_categories() { - try - { - if ($this->permissions[PRIV_SERVICES]['view'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $key = $this->db->escape_str(request('key')); - - $where = '(name LIKE "%' . $key . '%" OR description LIKE "%' . $key . '%")'; - - $service_categories = $this->categories_model->get($where); - - json_response($service_categories); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('categories/search'); } /** @@ -879,30 +187,7 @@ class Backend_api extends EA_Controller { */ public function ajax_filter_admins() { - try - { - if ($this->permissions[PRIV_USERS]['view'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $key = $this->db->escape_str(request('key')); - - $where = - '(first_name LIKE "%' . $key . '%" OR last_name LIKE "%' . $key . '%" ' . - 'OR email LIKE "%' . $key . '%" OR mobile_number LIKE "%' . $key . '%" ' . - 'OR phone_number LIKE "%' . $key . '%" OR address LIKE "%' . $key . '%" ' . - 'OR city LIKE "%' . $key . '%" OR state LIKE "%' . $key . '%" ' . - 'OR zip_code LIKE "%' . $key . '%" OR notes LIKE "%' . $key . '%")'; - - $admins = $this->admins_model->get($where); - - json_response($admins); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('admins/search'); } /** @@ -910,29 +195,7 @@ class Backend_api extends EA_Controller { */ public function ajax_save_admin() { - try - { - $admin = json_decode(request('admin'), TRUE); - - $required_permissions = ( ! isset($admin['id'])) - ? $this->permissions[PRIV_USERS]['add'] - : $this->permissions[PRIV_USERS]['edit']; - if ( ! $required_permissions) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $admin_id = $this->admins_model->save($admin); - - json_response([ - 'success' => TRUE, - 'id' => $admin_id - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('admins/create'); // or "admins/update" } /** @@ -940,25 +203,7 @@ class Backend_api extends EA_Controller { */ public function ajax_delete_admin() { - try - { - if ($this->permissions[PRIV_USERS]['delete'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $admin_id = request('admin_id'); - - $this->admins_model->delete($admin_id); - - json_response([ - 'success' => TRUE - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('admins/destroy'); } /** @@ -966,30 +211,7 @@ class Backend_api extends EA_Controller { */ public function ajax_filter_providers() { - try - { - if ($this->permissions[PRIV_USERS]['view'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $key = $this->db->escape_str(request('key')); - - $where = - '(first_name LIKE "%' . $key . '%" OR last_name LIKE "%' . $key . '%" ' . - 'OR email LIKE "%' . $key . '%" OR mobile_number LIKE "%' . $key . '%" ' . - 'OR phone_number LIKE "%' . $key . '%" OR address LIKE "%' . $key . '%" ' . - 'OR city LIKE "%' . $key . '%" OR state LIKE "%' . $key . '%" ' . - 'OR zip_code LIKE "%' . $key . '%" OR notes LIKE "%' . $key . '%")'; - - $providers = $this->providers_model->get($where); - - json_response($providers); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('providers/search'); } /** @@ -997,35 +219,7 @@ class Backend_api extends EA_Controller { */ public function ajax_save_provider() { - try - { - $provider = json_decode(request('provider'), TRUE); - - $required_permissions = ( ! isset($provider['id'])) - ? $this->permissions[PRIV_USERS]['add'] - : $this->permissions[PRIV_USERS]['edit']; - - if ( ! $required_permissions) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - if (empty($provider['settings']['working_plan'])) - { - $provider['settings']['working_plan'] = setting('company_working_plan'); - } - - $provider_id = $this->providers_model->save($provider); - - json_response([ - 'success' => TRUE, - 'id' => $provider_id - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('providers/create'); // or "providers/update" } /** @@ -1033,25 +227,7 @@ class Backend_api extends EA_Controller { */ public function ajax_delete_provider() { - try - { - if ($this->permissions[PRIV_USERS]['delete'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $provider_id = request('provider_id'); - - $this->providers_model->delete($provider_id); - - json_response([ - 'success' => TRUE - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('providers/destroy'); } /** @@ -1059,30 +235,7 @@ class Backend_api extends EA_Controller { */ public function ajax_filter_secretaries() { - try - { - if ($this->permissions[PRIV_USERS]['view'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $key = $this->db->escape_str(request('key')); - - $where = - '(first_name LIKE "%' . $key . '%" OR last_name LIKE "%' . $key . '%" ' . - 'OR email LIKE "%' . $key . '%" OR mobile_number LIKE "%' . $key . '%" ' . - 'OR phone_number LIKE "%' . $key . '%" OR address LIKE "%' . $key . '%" ' . - 'OR city LIKE "%' . $key . '%" OR state LIKE "%' . $key . '%" ' . - 'OR zip_code LIKE "%' . $key . '%" OR notes LIKE "%' . $key . '%")'; - - $secretaries = $this->secretaries_model->get($where); - - json_response($secretaries); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('secretaries/search'); } /** @@ -1090,29 +243,7 @@ class Backend_api extends EA_Controller { */ public function ajax_save_secretary() { - try - { - $secretary = json_decode(request('secretary'), TRUE); - - $required_permissions = ( ! isset($secretary['id'])) - ? $this->permissions[PRIV_USERS]['add'] - : $this->permissions[PRIV_USERS]['edit']; - if ( ! $required_permissions) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $secretary_id = $this->secretaries_model->save($secretary); - - json_response([ - 'success' => TRUE, - 'id' => $secretary_id - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('secretaries/create'); // or "secretaries/update" } /** @@ -1120,25 +251,7 @@ class Backend_api extends EA_Controller { */ public function ajax_delete_secretary() { - try - { - if ($this->permissions[PRIV_USERS]['delete'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $secretary_id = request('secretary_id'); - - $this->secretaries_model->delete($secretary_id); - - json_response([ - 'success' => TRUE - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('secretaries/destroy'); } /** @@ -1146,79 +259,7 @@ class Backend_api extends EA_Controller { */ public function ajax_save_settings() { - try - { - $type = request('type'); - - if ($type == SETTINGS_SYSTEM) - { - if ($this->permissions[PRIV_SYSTEM_SETTINGS]['edit'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $settings = json_decode(request('settings', FALSE), TRUE); - - // Check if phone number settings are valid. - - $phone_number_required = FALSE; - - $phone_number_shown = FALSE; - - foreach ($settings as $setting) - { - if ($setting['name'] === 'require_phone_number') - { - $phone_number_required = $setting['value']; - } - - if ($setting['name'] === 'show_phone_number') - { - $phone_number_shown = $setting['value']; - } - } - - if ($phone_number_required && ! $phone_number_shown) - { - throw new RuntimeException('You cannot hide the phone number in the booking form while it\'s also required!'); - } - - foreach ($settings as $setting) - { - $existing_setting = $this->settings_model->query()->where('name', $setting['name'])->get()->row_array(); - - if ( ! empty($existing_setting)) - { - $setting['id'] = $existing_setting['id']; - } - - $this->settings_model->save($setting); - } - } - else if ($type == SETTINGS_USER) - { - if ($this->permissions[PRIV_USER_SETTINGS]['edit'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $settings = json_decode(request('settings'), TRUE); - - $this->users_model->save($settings); - - session([ - 'user_email' => $settings['email'], - 'username' => $settings['settings']['username'], - 'timezone' => $settings['timezone'], - ]); - } - - response(); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('general_settings/save'); // or "business_settings/save", "booking_settings/save", "legal_settings/save" } /** @@ -1226,142 +267,31 @@ class Backend_api extends EA_Controller { */ public function ajax_validate_username() { - try - { - // We will only use the function in the admins_model because it is sufficient for the rest user types for - // now (providers, secretaries). - - $username = request('username'); - - $user_id = request('user_id'); - - $is_valid = $this->admins_model->validate_username($username, $user_id); - - json_response([ - 'is_valid' => $is_valid, - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('account/validate_username'); } /** * Change system language for current user. - * - * The language setting is stored in session data and retrieved every time the user visits any of the system pages. */ public function ajax_change_language() { - try - { - // Check if language exists in the available languages. - $found = FALSE; - - foreach (config('available_languages') as $lang) - { - if ($lang == request('language')) - { - $found = TRUE; - break; - } - } - - if ( ! $found) - { - throw new Exception('Translations for the given language does not exist (' . request('language') . ').'); - } - - $language = request('language'); - - session(['language' => $language]); - - config(['language' => $language]); - - json_response([ - 'success' => TRUE - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('account/change_language'); } /** * This method will return a list of the available Google Calendars. - * - * The user will need to select a specific calendar from this list to sync his appointments with. Google access must - * be already granted for the specific provider. */ public function ajax_get_google_calendars() { - try - { - if ( ! request('provider_id')) - { - throw new Exception('Provider id is required in order to fetch the google calendars.'); - } - - // Check if selected provider has sync enabled. - $provider_id = request('provider_id'); - - $google_sync = $this->providers_model->get_setting($provider_id, 'google_sync'); - - if ( ! $google_sync) - { - json_response([ - 'success' => FALSE - ]); - - return; - } - - $google_token = json_decode($this->providers_model->get_setting($provider_id, 'google_token')); - - $this->google_sync->refresh_token($google_token->refresh_token); - - $calendars = $this->google_sync->get_google_calendars(); - - json_response($calendars); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('google/get_google_calendars'); } /** * Select a specific google calendar for a provider. - * - * All the appointments will be synced with this particular calendar. */ public function ajax_select_google_calendar() { - try - { - $provider_id = request('provider_id'); - - $user_id = session('user_id'); - - if ($this->permissions[PRIV_USERS]['edit'] == FALSE && (int)$user_id !== (int)$provider_id) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $calendar_id = request('calendar_id'); - - $this->providers_model->set_setting($provider_id, 'google_calendar', $calendar_id); - - json_response([ - 'success' => TRUE - ]); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('google/select_google_calendar'); } /** @@ -1369,27 +299,6 @@ class Backend_api extends EA_Controller { */ public function ajax_apply_global_working_plan() { - try - { - if ($this->permissions[PRIV_SYSTEM_SETTINGS]['edit'] == FALSE) - { - throw new Exception('You do not have the required permissions for this task.'); - } - - $working_plan = request('working_plan'); - - $providers = $this->providers_model->get(); - - foreach ($providers as $provider) - { - $this->providers_model->set_setting($provider['id'], 'working_plan', $working_plan); - } - - response(); - } - catch (Throwable $e) - { - json_exception($e); - } + redirect('business_settings/apply_global_working_plan'); } }