mirror of
https://github.com/alextselegidis/easyappointments.git
synced 2024-12-22 22:52:35 +03:00
Corrected Google_sync library loading and made permissions check before returning the table view calendar events.
This commit is contained in:
parent
f4e4b3eb61
commit
bc1b82b7da
2 changed files with 37 additions and 2 deletions
|
@ -183,7 +183,7 @@ class Appointments extends CI_Controller {
|
|||
if ($google_sync == TRUE) {
|
||||
$google_token = json_decode($this->providers_model
|
||||
->get_setting('google_token', $provider['id']));
|
||||
$this->load->library('Google_Sync');
|
||||
$this->load->library('Google_sync');
|
||||
$this->google_sync->refresh_token($google_token->refresh_token);
|
||||
$this->google_sync->delete_appointment($provider, $appointment['id_google_calendar']);
|
||||
}
|
||||
|
|
|
@ -87,6 +87,41 @@ class Backend_api extends CI_Controller {
|
|||
$appointment['customer'] = $this->customers_model->get_row($appointment['id_users_customer']);
|
||||
}
|
||||
|
||||
$userId = $this->session->userdata('user_id');
|
||||
$roleSlug = $this->session->userdata('role_slug');
|
||||
|
||||
// If the current user is a provider he must only see his own appointments.
|
||||
if ($roleSlug === DB_SLUG_PROVIDER) {
|
||||
foreach($response['appointments'] as $index => $appointment) {
|
||||
if ((int)$appointment['id_users_provider'] !== (int)$userId) {
|
||||
unset($response['appointments'][$index]);
|
||||
}
|
||||
}
|
||||
|
||||
foreach($response['unavailabilities'] as $index => $unavailability) {
|
||||
if ((int)$unavailability['id_users_provider'] !== (int)$userId) {
|
||||
unset($response['unavailabilities'][$index]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// If the current user is a secretary he must only see the appointments of his providers.
|
||||
if ($roleSlug === DB_SLUG_SECRETARY) {
|
||||
$this->load->model('secretaries_model');
|
||||
$providers = $this->secretaries_model->get_row($userId)['providers'];
|
||||
foreach($response['appointments'] as $index => $appointment) {
|
||||
if (!in_array((int)$appointment['id_users_provider'], $providers)) {
|
||||
unset($response['appointments'][$index]);
|
||||
}
|
||||
}
|
||||
|
||||
foreach($response['unavailabilities'] as $index => $unavailability) {
|
||||
if (!in_array((int)$unavailability['id_users_provider'], $providers)) {
|
||||
unset($response['unavailabilities'][$index]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$this->output->set_output(json_encode($response));
|
||||
} catch(Exception $exc) {
|
||||
$this->output->set_output(json_encode([
|
||||
|
@ -234,7 +269,7 @@ class Backend_api extends CI_Controller {
|
|||
$google_token = json_decode($this->providers_model->get_setting('google_token',
|
||||
$appointment['id_users_provider']));
|
||||
|
||||
$this->load->library('Google_Sync');
|
||||
$this->load->library('Google_sync');
|
||||
$this->google_sync->refresh_token($google_token->refresh_token);
|
||||
|
||||
if ($appointment['id_google_calendar'] == NULL) {
|
||||
|
|
Loading…
Reference in a new issue