mirror of
https://github.com/alextselegidis/easyappointments.git
synced 2024-11-24 08:53:05 +03:00
Create the Permissions library with the "has_customer_access" method
This commit is contained in:
parent
2e21b05545
commit
df0105c65a
2 changed files with 93 additions and 0 deletions
|
@ -61,6 +61,7 @@
|
|||
* @property Ics_file $ics_file
|
||||
* @property Instance $instance
|
||||
* @property Notifications $notifications
|
||||
* @property Permissions $permissions
|
||||
* @property Synchronization $synchronization
|
||||
* @property Timezones $timezones
|
||||
*/
|
||||
|
|
92
application/libraries/Permissions.php
Normal file
92
application/libraries/Permissions.php
Normal file
|
@ -0,0 +1,92 @@
|
|||
<?php defined('BASEPATH') or exit('No direct script access allowed');
|
||||
|
||||
/* ----------------------------------------------------------------------------
|
||||
* Easy!Appointments - Online Appointment Scheduler
|
||||
*
|
||||
* @package EasyAppointments
|
||||
* @author A.Tselegidis <alextselegidis@gmail.com>
|
||||
* @copyright Copyright (c) Alex Tselegidis
|
||||
* @license https://opensource.org/licenses/GPL-3.0 - GPLv3
|
||||
* @link https://easyappointments.org
|
||||
* @since v1.5.0
|
||||
* ---------------------------------------------------------------------------- */
|
||||
|
||||
|
||||
/**
|
||||
* Permissions library.
|
||||
*
|
||||
* Handles permission related functionality.
|
||||
*
|
||||
* @package Libraries
|
||||
*/
|
||||
class Permissions {
|
||||
/**
|
||||
* @var EA_Controller
|
||||
*/
|
||||
protected $CI;
|
||||
|
||||
/**
|
||||
* Permissions constructor.
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
$this->CI =& get_instance();
|
||||
|
||||
$this->CI->load->model('appointments_model');
|
||||
$this->CI->load->model('roles_model');
|
||||
$this->CI->load->model('secretaries_model');
|
||||
$this->CI->load->model('users_model');
|
||||
|
||||
$this->CI->load->library('timezones');
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a user is allowed to manage the provided customer.
|
||||
*
|
||||
* The "limit_customer_access" setting changes the access permissions to customer entries. In order for a provider
|
||||
* or a secretary to be able to make changes to a customer, they will first need to at least have a single
|
||||
* appointment with them.
|
||||
*
|
||||
* @param int $user_id
|
||||
* @param int $customer_id
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function has_customer_access(int $user_id, int $customer_id): bool
|
||||
{
|
||||
$role_id = $this->CI->users_model->value($user_id, 'id_roles');
|
||||
|
||||
$role_slug = $this->CI->roles_model->value($role_id, 'slug');
|
||||
|
||||
$limit_customer_access = setting('limit_customer_access');
|
||||
|
||||
if ($role_slug === DB_SLUG_ADMIN)
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
if ($role_slug === DB_SLUG_PROVIDER && $limit_customer_access)
|
||||
{
|
||||
return $this->CI->appointments_model->query()->where(['id_users_provider' => $user_id, 'id_users_customer' => $customer_id])->get()->num_rows() > 0;
|
||||
}
|
||||
|
||||
if ($role_slug === DB_SLUG_SECRETARY && $limit_customer_access)
|
||||
{
|
||||
$secretary = $this->CI->secretaries_model->find($user_id);
|
||||
|
||||
foreach ($secretary['providers'] as $secretary_provider_id)
|
||||
{
|
||||
$has_appointments_with_customer = $this->CI->appointments_model->query()->where(['id_users_provider' => $secretary_provider_id, 'id_users_customer' => $customer_id])->get()->num_rows() > 0;
|
||||
|
||||
if ($has_appointments_with_customer)
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue