From ba3227e11ccfeea23fa5fa6f4174e230fcb49a82 Mon Sep 17 00:00:00 2001 From: alext Date: Sun, 29 Jul 2018 15:59:18 +0200 Subject: [PATCH] Providers and secretaries shall not be able to see appointments of other providers (#512). --- CHANGELOG.md | 3 ++- src/application/controllers/Backend.php | 12 ++++++++++++ src/application/views/backend/customers.php | 1 + src/assets/js/backend_customers_helper.js | 8 ++++++++ 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93dd100a..82836036 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - #485: Make REST API search check with "q" parameter case insensitive. - #489: REST API response headers must use the Content-Type application/json value. - #500: Performance optimization in backend calendar page, after the user clicks the insert appointment button. - +- #512: Only show appointments of the currently logged in provider. + ## [1.3.1] ### Added diff --git a/src/application/controllers/Backend.php b/src/application/controllers/Backend.php index fc0c33a2..71ee1319 100755 --- a/src/application/controllers/Backend.php +++ b/src/application/controllers/Backend.php @@ -122,6 +122,7 @@ class Backend extends CI_Controller { $this->load->model('providers_model'); $this->load->model('customers_model'); + $this->load->model('secretaries_model'); $this->load->model('services_model'); $this->load->model('settings_model'); $this->load->model('user_model'); @@ -135,6 +136,17 @@ class Backend extends CI_Controller { $view['customers'] = $this->customers_model->get_batch(); $view['available_providers'] = $this->providers_model->get_available_providers(); $view['available_services'] = $this->services_model->get_available_services(); + + if ($this->session->userdata('role_slug') === DB_SLUG_SECRETARY) + { + $secretary = $this->secretaries_model->get_row($this->session->userdata('user_id')); + $view['secretary_providers'] = $secretary['providers']; + } + else + { + $view['secretary_providers'] = []; + } + $this->set_user_data($view); $this->load->view('backend/header', $view); diff --git a/src/application/views/backend/customers.php b/src/application/views/backend/customers.php index 67a92728..a73be762 100755 --- a/src/application/views/backend/customers.php +++ b/src/application/views/backend/customers.php @@ -6,6 +6,7 @@ csrfToken : security->get_csrf_hash()) ?>, availableProviders : , availableServices : , + secretaryProviders : , dateFormat : , timeFormat : , baseUrl : , diff --git a/src/assets/js/backend_customers_helper.js b/src/assets/js/backend_customers_helper.js index 01941af8..de232155 100644 --- a/src/assets/js/backend_customers_helper.js +++ b/src/assets/js/backend_customers_helper.js @@ -317,6 +317,14 @@ $('#customer-appointments').empty(); $.each(customer.appointments, function (index, appointment) { + if (GlobalVariables.user.role_slug === Backend.DB_SLUG_PROVIDER && parseInt(appointment.id_users_provider) !== GlobalVariables.user.id) { + return true; // continue + } + + if (GlobalVariables.user.role_slug === Backend.DB_SLUG_SECRETARY && GlobalVariables.secretaryProviders.indexOf(appointment.id_users_provider) === -1) { + return true; // continue + } + var start = GeneralFunctions.formatDate(Date.parse(appointment.start_datetime), GlobalVariables.dateFormat, true); var end = GeneralFunctions.formatDate(Date.parse(appointment.end_datetime), GlobalVariables.dateFormat, true); var html =