mirrors/easyappointments
1
0
Fork 1
mirror of https://github.com/alextselegidis/easyappointments.git synced 2024-11-13 03:23:18 +03:00
Code Issues Projects Releases Packages Wiki Activity

Correct permissions for the customers controller

Browse source
This commit is contained in:
Alex Tselegidis 2022-05-10 14:26:43 +02:00
parent 75542d48c0
commit 98bf660aa2
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
application/controllers/Customers.php
View file

@ -28,6 +28,7 @@ class Customers extends EA_Controller {
$this->load->model('appointments_model'); $this->load->model('appointments_model');
$this->load->model('customers_model'); $this->load->model('customers_model');
$this->load->model('secretaries_model');
$this->load->model('roles_model'); $this->load->model('roles_model');
$this->load->library('accounts'); $this->load->library('accounts');
@ -46,7 +47,7 @@ class Customers extends EA_Controller {
$user_id = session('user_id'); $user_id = session('user_id');
if (cannot('view', PRIV_USERS)) if (cannot('view', PRIV_CUSTOMERS))
{ {
if ($user_id) if ($user_id)
{ {
@ -115,7 +116,7 @@ class Customers extends EA_Controller {
{ {
try try
{ {
if (cannot('view', PRIV_USERS)) if (cannot('view', PRIV_CUSTOMERS))
{ {
abort(403, 'Forbidden'); abort(403, 'Forbidden');
} }
@ -160,7 +161,7 @@ class Customers extends EA_Controller {
{ {
try try
{ {
if (cannot('add', PRIV_USERS)) if (cannot('add', PRIV_CUSTOMERS))
{ {
abort(403, 'Forbidden'); abort(403, 'Forbidden');
} }
@ -187,7 +188,7 @@ class Customers extends EA_Controller {
{ {
try try
{ {
if (cannot('edit', PRIV_USERS)) if (cannot('edit', PRIV_CUSTOMERS))
{ {
abort(403, 'Forbidden'); abort(403, 'Forbidden');
} }
@ -214,7 +215,7 @@ class Customers extends EA_Controller {
{ {
try try
{ {
if (cannot('delete', PRIV_USERS)) if (cannot('delete', PRIV_CUSTOMERS))
{ {
abort(403, 'Forbidden'); abort(403, 'Forbidden');
} }
@ -240,7 +241,7 @@ class Customers extends EA_Controller {
{ {
try try
{ {
if (cannot('view', PRIV_USERS)) if (cannot('view', PRIV_CUSTOMERS))
{ {
abort(403, 'Forbidden'); abort(403, 'Forbidden');
} }