Providers should not be able to create appointments for other providers in the backend calendar page. #510

This commit is contained in:
alext 2018-07-29 16:08:41 +02:00
parent ba3227e11c
commit b3b1815c8d
2 changed files with 9 additions and 0 deletions

View file

@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- #485: Make REST API search check with "q" parameter case insensitive.
- #489: REST API response headers must use the Content-Type application/json value.
- #500: Performance optimization in backend calendar page, after the user clicks the insert appointment button.
- #510: Providers should not be able to create appointments for other providers in the backend calendar page.
- #512: Only show appointments of the currently logged in provider.
## [1.3.1]

View file

@ -299,6 +299,14 @@ window.BackendCalendarAppointmentsModal = window.BackendCalendarAppointmentsModa
// Update the providers select box.
$.each(GlobalVariables.availableProviders, function (indexProvider, provider) {
$.each(provider.services, function (indexService, serviceId) {
if (GlobalVariables.user.role_slug === Backend.DB_SLUG_PROVIDER && parseInt(provider.id) !== GlobalVariables.user.id) {
return true; // continue
}
if (GlobalVariables.user.role_slug === Backend.DB_SLUG_SECRETARY && GlobalVariables.secretaryProviders.indexOf(provider.id) === -1) {
return true; // continue
}
// If the current provider is able to provide the selected service, add him to the listbox.
if (serviceId == sid) {
var optionHtml = '<option value="' + provider.id + '">'