Providers and secretaries shall not be able to see appointments of other providers (#512).

This commit is contained in:
alext 2018-07-29 15:59:18 +02:00
parent 3fd0c2834b
commit ba3227e11c
4 changed files with 23 additions and 1 deletions

View file

@ -14,7 +14,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- #485: Make REST API search check with "q" parameter case insensitive.
- #489: REST API response headers must use the Content-Type application/json value.
- #500: Performance optimization in backend calendar page, after the user clicks the insert appointment button.
- #512: Only show appointments of the currently logged in provider.
## [1.3.1]
### Added

View file

@ -122,6 +122,7 @@ class Backend extends CI_Controller {
$this->load->model('providers_model');
$this->load->model('customers_model');
$this->load->model('secretaries_model');
$this->load->model('services_model');
$this->load->model('settings_model');
$this->load->model('user_model');
@ -135,6 +136,17 @@ class Backend extends CI_Controller {
$view['customers'] = $this->customers_model->get_batch();
$view['available_providers'] = $this->providers_model->get_available_providers();
$view['available_services'] = $this->services_model->get_available_services();
if ($this->session->userdata('role_slug') === DB_SLUG_SECRETARY)
{
$secretary = $this->secretaries_model->get_row($this->session->userdata('user_id'));
$view['secretary_providers'] = $secretary['providers'];
}
else
{
$view['secretary_providers'] = [];
}
$this->set_user_data($view);
$this->load->view('backend/header', $view);

View file

@ -6,6 +6,7 @@
csrfToken : <?= json_encode($this->security->get_csrf_hash()) ?>,
availableProviders : <?= json_encode($available_providers) ?>,
availableServices : <?= json_encode($available_services) ?>,
secretaryProviders : <?= json_encode($secretary_providers) ?>,
dateFormat : <?= json_encode($date_format) ?>,
timeFormat : <?= json_encode($time_format) ?>,
baseUrl : <?= json_encode($base_url) ?>,

View file

@ -317,6 +317,14 @@
$('#customer-appointments').empty();
$.each(customer.appointments, function (index, appointment) {
if (GlobalVariables.user.role_slug === Backend.DB_SLUG_PROVIDER && parseInt(appointment.id_users_provider) !== GlobalVariables.user.id) {
return true; // continue
}
if (GlobalVariables.user.role_slug === Backend.DB_SLUG_SECRETARY && GlobalVariables.secretaryProviders.indexOf(appointment.id_users_provider) === -1) {
return true; // continue
}
var start = GeneralFunctions.formatDate(Date.parse(appointment.start_datetime), GlobalVariables.dateFormat, true);
var end = GeneralFunctions.formatDate(Date.parse(appointment.end_datetime), GlobalVariables.dateFormat, true);
var html =