Providers and secretaries shall not be able to see appointments of other providers (#512).

2024-11-22 07:52:29 +03:00 · 2018-07-29 15:59:18 +02:00 · 2018-07-29 15:59:18 +02:00 · ba3227e11c
commit ba3227e11c
parent 3fd0c2834b
4 changed files with 23 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - #485: Make REST API search check with "q" parameter case insensitive. 
 - #489: REST API response headers must use the Content-Type application/json value.
 - #500: Performance optimization in backend calendar page, after the user clicks the insert appointment button.
+- #512: Only show appointments of the currently logged in provider.

 ## [1.3.1]

--- a/src/application/controllers/Backend.php
+++ b/src/application/controllers/Backend.php
@ -122,6 +122,7 @@ class Backend extends CI_Controller {

        $this->load->model('providers_model');
        $this->load->model('customers_model');
+        $this->load->model('secretaries_model');
        $this->load->model('services_model');
        $this->load->model('settings_model');
        $this->load->model('user_model');
@ -135,6 +136,17 @@ class Backend extends CI_Controller {
        $view['customers'] = $this->customers_model->get_batch();
        $view['available_providers'] = $this->providers_model->get_available_providers();
        $view['available_services'] = $this->services_model->get_available_services();
+
+        if ($this->session->userdata('role_slug') === DB_SLUG_SECRETARY)
+        {
+            $secretary = $this->secretaries_model->get_row($this->session->userdata('user_id'));
+            $view['secretary_providers'] = $secretary['providers'];
+        }
+        else
+        {
+            $view['secretary_providers'] = [];
+        }
+
        $this->set_user_data($view);

        $this->load->view('backend/header', $view);
--- a/src/application/views/backend/customers.php
+++ b/src/application/views/backend/customers.php
@ -6,6 +6,7 @@
        csrfToken          : <?= json_encode($this->security->get_csrf_hash()) ?>,
        availableProviders : <?= json_encode($available_providers) ?>,
        availableServices  : <?= json_encode($available_services) ?>,
+        secretaryProviders : <?= json_encode($secretary_providers) ?>,
        dateFormat         : <?= json_encode($date_format) ?>,
        timeFormat         : <?= json_encode($time_format) ?>,
        baseUrl            : <?= json_encode($base_url) ?>,
--- a/src/assets/js/backend_customers_helper.js
+++ b/src/assets/js/backend_customers_helper.js
@ -317,6 +317,14 @@

        $('#customer-appointments').empty();
        $.each(customer.appointments, function (index, appointment) {
+            if (GlobalVariables.user.role_slug === Backend.DB_SLUG_PROVIDER && parseInt(appointment.id_users_provider) !== GlobalVariables.user.id) {
+                return true; // continue
+            }
+
+            if (GlobalVariables.user.role_slug === Backend.DB_SLUG_SECRETARY && GlobalVariables.secretaryProviders.indexOf(appointment.id_users_provider) === -1) {
+                return true; // continue
+            }
+
            var start = GeneralFunctions.formatDate(Date.parse(appointment.start_datetime), GlobalVariables.dateFormat, true);
            var end = GeneralFunctions.formatDate(Date.parse(appointment.end_datetime), GlobalVariables.dateFormat, true);
            var html =