diff --git a/application/controllers/Account.php b/application/controllers/Account.php index c13e953c..806e3d69 100644 --- a/application/controllers/Account.php +++ b/application/controllers/Account.php @@ -20,6 +20,24 @@ */ class Account extends EA_Controller { + public array $allowed_user_fields = [ + 'id', + 'first_name', + 'last_name', + 'email', + 'mobile_number', + 'phone_number', + 'address', + 'city', + 'state', + 'zip_code', + 'notes', + 'timezone', + 'language', + 'settings', + ]; + public array $allowed_user_setting_fields = ['username', 'password', 'notifications', 'calendar_view']; + /** * Account constructor. */ @@ -90,24 +108,9 @@ class Account extends EA_Controller $account['id'] = session('user_id'); - $this->users_model->only($account, [ - 'id', - 'first_name', - 'last_name', - 'email', - 'mobile_number', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'notes', - 'timezone', - 'language', - 'settings', - ]); + $this->users_model->only($account, $this->allowed_user_fields); - $this->users_model->only($account['settings'], ['username', 'password', 'notifications', 'calendar_view']); + $this->users_model->only($account['settings'], $this->allowed_user_setting_fields); if (empty($account['password'])) { unset($account['password']); diff --git a/application/controllers/Admins.php b/application/controllers/Admins.php index de3c5219..b00b67ad 100644 --- a/application/controllers/Admins.php +++ b/application/controllers/Admins.php @@ -20,6 +20,25 @@ */ class Admins extends EA_Controller { + public array $allowed_admin_fields = [ + 'id', + 'first_name', + 'last_name', + 'email', + 'mobile_number', + 'phone_number', + 'address', + 'city', + 'state', + 'zip_code', + 'notes', + 'timezone', + 'language', + 'settings', + ]; + + public array $allowed_admin_setting_fields = ['username', 'password', 'notifications', 'calendar_view']; + /** * Admins constructor. */ @@ -115,23 +134,9 @@ class Admins extends EA_Controller $admin = request('admin'); - $this->admins_model->only($admin, [ - 'first_name', - 'last_name', - 'email', - 'mobile_number', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'notes', - 'timezone', - 'language', - 'settings', - ]); + $this->admins_model->only($admin, $this->allowed_admin_fields); - $this->admins_model->only($admin['settings'], ['username', 'password', 'notifications', 'calendar_view']); + $this->admins_model->only($admin['settings'], $this->allowed_admin_setting_fields); $admin_id = $this->admins_model->save($admin); @@ -180,24 +185,9 @@ class Admins extends EA_Controller $admin = request('admin'); - $this->admins_model->only($admin, [ - 'id', - 'first_name', - 'last_name', - 'email', - 'mobile_number', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'notes', - 'timezone', - 'language', - 'settings', - ]); + $this->admins_model->only($admin, $this->allowed_admin_fields); - $this->admins_model->only($admin['settings'], ['username', 'password', 'notifications', 'calendar_view']); + $this->admins_model->only($admin['settings'], $this->allowed_admin_setting_fields); $admin_id = $this->admins_model->save($admin); diff --git a/application/controllers/Appointments.php b/application/controllers/Appointments.php index 3376a734..684f3eed 100644 --- a/application/controllers/Appointments.php +++ b/application/controllers/Appointments.php @@ -23,6 +23,19 @@ */ class Appointments extends EA_Controller { + public array $allowed_appointment_fields = [ + 'id', + 'start_datetime', + 'end_datetime', + 'location', + 'notes', + 'color', + 'is_unavailability', + 'id_users_provider', + 'id_users_customer', + 'id_services', + ]; + /** * Appointments constructor. */ @@ -88,17 +101,7 @@ class Appointments extends EA_Controller $appointment = json_decode(request('appointment'), true); - $this->appointments_model->only($appointment, [ - 'start_datetime', - 'end_datetime', - 'location', - 'notes', - 'color', - 'is_unavailability', - 'id_users_provider', - 'id_users_customer', - 'id_services', - ]); + $this->appointments_model->only($appointment, $this->allowed_appointment_fields); $appointment_id = $this->appointments_model->save($appointment); @@ -147,18 +150,7 @@ class Appointments extends EA_Controller $appointment = json_decode(request('appointment'), true); - $this->appointments_model->only($appointment, [ - 'id', - 'start_datetime', - 'end_datetime', - 'location', - 'notes', - 'color', - 'is_unavailability', - 'id_users_provider', - 'id_users_customer', - 'id_services', - ]); + $this->appointments_model->only($appointment, $this->allowed_appointment_fields); $appointment_id = $this->appointments_model->save($appointment); diff --git a/application/controllers/Blocked_periods.php b/application/controllers/Blocked_periods.php index 570afa7c..9c0ca605 100644 --- a/application/controllers/Blocked_periods.php +++ b/application/controllers/Blocked_periods.php @@ -20,6 +20,8 @@ */ class Blocked_periods extends EA_Controller { + public array $allowed_blocked_period_fields = ['id', 'name', 'start_datetime', 'end_datetime', 'notes']; + /** * Blocked_periods constructor. */ @@ -116,7 +118,7 @@ class Blocked_periods extends EA_Controller $blocked_period = request('blocked_period'); - $this->blocked_periods_model->only($blocked_period, ['name', 'start_datetime', 'end_datetime', 'notes']); + $this->blocked_periods_model->only($blocked_period, $this->allowed_blocked_period_fields); $blocked_period_id = $this->blocked_periods_model->save($blocked_period); @@ -165,13 +167,7 @@ class Blocked_periods extends EA_Controller $blocked_period = request('blocked_period'); - $this->blocked_periods_model->only($blocked_period, [ - 'id', - 'name', - 'start_datetime', - 'end_datetime', - 'notes', - ]); + $this->blocked_periods_model->only($blocked_period, $this->allowed_blocked_period_fields); $blocked_period_id = $this->blocked_periods_model->save($blocked_period); diff --git a/application/controllers/Booking.php b/application/controllers/Booking.php index 45f1a345..14ee81e4 100755 --- a/application/controllers/Booking.php +++ b/application/controllers/Booking.php @@ -23,6 +23,39 @@ */ class Booking extends EA_Controller { + public array $allowed_customer_fields = [ + 'id', + 'first_name', + 'last_name', + 'email', + 'phone_number', + 'address', + 'city', + 'state', + 'zip_code', + 'timezone', + 'language', + 'custom_field_1', + 'custom_field_2', + 'custom_field_3', + 'custom_field_4', + 'custom_field_5', + ]; + public mixed $allowed_provider_fields = ['id', 'first_name', 'last_name', 'services', 'timezone']; + public array $allowed_appointment_fields = [ + 'id', + 'start_datetime', + 'end_datetime', + 'location', + 'notes', + 'color', + 'status', + 'is_unavailability', + 'id_users_provider', + 'id_users_customer', + 'id_services', + ]; + /** * Booking constructor. */ @@ -105,13 +138,7 @@ class Booking extends EA_Controller foreach ($available_providers as &$available_provider) { // Only expose the required provider data. - $this->providers_model->only($available_provider, [ - 'id', - 'first_name', - 'last_name', - 'services', - 'timezone', - ]); + $this->providers_model->only($available_provider, $this->allowed_provider_fields); } $date_format = setting('date_format'); @@ -394,24 +421,7 @@ class Booking extends EA_Controller // Save customer language (the language which is used to render the booking page). $customer['language'] = session('language') ?? config('language'); - $this->customers_model->only($customer, [ - 'id', - 'first_name', - 'last_name', - 'email', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'timezone', - 'language', - 'custom_field_1', - 'custom_field_2', - 'custom_field_3', - 'custom_field_4', - 'custom_field_5', - ]); + $this->customers_model->only($customer, $this->allowed_customer_fields); $customer_id = $this->customers_model->save($customer); $customer = $this->customers_model->find($customer_id); @@ -424,19 +434,7 @@ class Booking extends EA_Controller $appointment_status_options = json_decode($appointment_status_options_json, true) ?? []; $appointment['status'] = $appointment_status_options[0] ?? null; - $this->appointments_model->only($appointment, [ - 'id', - 'start_datetime', - 'end_datetime', - 'location', - 'notes', - 'color', - 'status', - 'is_unavailability', - 'id_users_provider', - 'id_users_customer', - 'id_services', - ]); + $this->appointments_model->only($appointment, $this->allowed_appointment_fields); $appointment_id = $this->appointments_model->save($appointment); $appointment = $this->appointments_model->find($appointment_id); diff --git a/application/controllers/Booking_settings.php b/application/controllers/Booking_settings.php index 15c5f88b..df5df30e 100644 --- a/application/controllers/Booking_settings.php +++ b/application/controllers/Booking_settings.php @@ -20,6 +20,8 @@ */ class Booking_settings extends EA_Controller { + public array $allowed_setting_fields = ['id', 'name', 'value']; + /** * Booking_settings constructor. */ @@ -100,7 +102,7 @@ class Booking_settings extends EA_Controller $setting['id'] = $existing_setting['id']; } - $this->settings_model->only($setting, ['id', 'name', 'value']); + $this->settings_model->only($setting, $this->allowed_setting_fields); $this->settings_model->save($setting); } diff --git a/application/controllers/Calendar.php b/application/controllers/Calendar.php index f915e825..3a57c96a 100644 --- a/application/controllers/Calendar.php +++ b/application/controllers/Calendar.php @@ -20,6 +20,39 @@ */ class Calendar extends EA_Controller { + public array $allowed_customer_fields = [ + 'id', + 'first_name', + 'last_name', + 'email', + 'phone_number', + 'address', + 'city', + 'state', + 'zip_code', + 'timezone', + 'language', + 'notes', + 'custom_field_1', + 'custom_field_2', + 'custom_field_3', + 'custom_field_4', + 'custom_field_5', + ]; + public array $allowed_appointment_fields = [ + 'id', + 'start_datetime', + 'end_datetime', + 'location', + 'notes', + 'color', + 'status', + 'is_unavailability', + 'id_users_provider', + 'id_users_customer', + 'id_services', + ]; + /** * Calendar constructor. */ @@ -196,25 +229,7 @@ class Calendar extends EA_Controller throw new RuntimeException('You do not have the required permissions for this task.'); } - $this->customers_model->only($customer, [ - 'id', - 'first_name', - 'last_name', - 'email', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'timezone', - 'language', - 'notes', - 'custom_field_1', - 'custom_field_2', - 'custom_field_3', - 'custom_field_4', - 'custom_field_5', - ]); + $this->customers_model->only($customer, $this->allowed_customer_fields); $customer['id'] = $this->customers_model->save($customer); } @@ -243,19 +258,7 @@ class Calendar extends EA_Controller $this->synchronization->remove_appointment_on_provider_change($appointment['id']); } - $this->appointments_model->only($appointment, [ - 'id', - 'start_datetime', - 'end_datetime', - 'location', - 'notes', - 'color', - 'status', - 'is_unavailability', - 'id_users_provider', - 'id_users_customer', - 'id_services', - ]); + $this->appointments_model->only($appointment, $this->allowed_appointment_fields); $appointment['id'] = $this->appointments_model->save($appointment); } diff --git a/application/controllers/Customers.php b/application/controllers/Customers.php index d229d703..70b02ffd 100644 --- a/application/controllers/Customers.php +++ b/application/controllers/Customers.php @@ -20,6 +20,26 @@ */ class Customers extends EA_Controller { + public array $allowed_customer_fields = [ + 'id', + 'first_name', + 'last_name', + 'email', + 'phone_number', + 'address', + 'city', + 'state', + 'zip_code', + 'notes', + 'timezone', + 'language', + 'custom_field_1', + 'custom_field_2', + 'custom_field_3', + 'custom_field_4', + 'custom_field_5', + ]; + /** * Customers constructor. */ @@ -195,24 +215,7 @@ class Customers extends EA_Controller $customer = request('customer'); - $this->customers_model->only($customer, [ - 'first_name', - 'last_name', - 'email', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'notes', - 'timezone', - 'language', - 'custom_field_1', - 'custom_field_2', - 'custom_field_3', - 'custom_field_4', - 'custom_field_5', - ]); + $this->customers_model->only($customer, $this->allowed_customer_fields); $customer_id = $this->customers_model->save($customer); @@ -247,25 +250,7 @@ class Customers extends EA_Controller abort(403, 'Forbidden'); } - $this->customers_model->only($customer, [ - 'id', - 'first_name', - 'last_name', - 'email', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'notes', - 'timezone', - 'language', - 'custom_field_1', - 'custom_field_2', - 'custom_field_3', - 'custom_field_4', - 'custom_field_5', - ]); + $this->customers_model->only($customer, $this->allowed_customer_fields); $customer_id = $this->customers_model->save($customer); diff --git a/application/controllers/Providers.php b/application/controllers/Providers.php index a2c23819..8dd66b91 100644 --- a/application/controllers/Providers.php +++ b/application/controllers/Providers.php @@ -20,6 +20,38 @@ */ class Providers extends EA_Controller { + public array $allowed_provider_fields = [ + 'id', + 'first_name', + 'last_name', + 'email', + 'alt_number', + 'phone_number', + 'address', + 'city', + 'state', + 'zip_code', + 'notes', + 'timezone', + 'language', + 'is_private', + 'id_roles', + 'settings', + 'services', + ]; + public array $allowed_provider_setting_fields = [ + 'username', + 'password', + 'working_plan', + 'working_plan_exceptions', + 'notifications', + 'calendar_view', + ]; + public array $allowed_service_fields = ['id', 'name']; + public array $optional_provider_fields = [ + 'services' => [], + ]; + /** * Providers constructor. */ @@ -63,7 +95,7 @@ class Providers extends EA_Controller $services = $this->services_model->get(); foreach ($services as &$service) { - $this->services_model->only($service, ['id', 'name']); + $this->services_model->only($service, $this->allowed_service_fields); } script_vars([ @@ -128,37 +160,11 @@ class Providers extends EA_Controller $provider = request('provider'); - $this->providers_model->only($provider, [ - 'first_name', - 'last_name', - 'email', - 'alt_number', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'notes', - 'timezone', - 'language', - 'is_private', - 'id_roles', - 'settings', - 'services', - ]); + $this->providers_model->only($provider, $this->allowed_provider_fields); - $this->providers_model->only($provider['settings'], [ - 'username', - 'password', - 'working_plan', - 'working_plan_exceptions', - 'notifications', - 'calendar_view', - ]); + $this->providers_model->only($provider['settings'], $this->allowed_provider_setting_fields); - $this->providers_model->optional($provider, [ - 'services' => [], - ]); + $this->providers_model->optional($provider, $this->optional_provider_fields); $provider_id = $this->providers_model->save($provider); @@ -207,38 +213,11 @@ class Providers extends EA_Controller $provider = request('provider'); - $this->providers_model->only($provider, [ - 'id', - 'first_name', - 'last_name', - 'email', - 'alt_number', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'notes', - 'timezone', - 'language', - 'is_private', - 'id_roles', - 'settings', - 'services', - ]); + $this->providers_model->only($provider, $this->allowed_provider_fields); - $this->providers_model->only($provider['settings'], [ - 'username', - 'password', - 'working_plan', - 'working_plan_exceptions', - 'notifications', - 'calendar_view', - ]); + $this->providers_model->only($provider['settings'], $this->allowed_provider_setting_fields); - $this->providers_model->optional($provider, [ - 'services' => [], - ]); + $this->providers_model->optional($provider, $this->optional_provider_fields); $provider_id = $this->providers_model->save($provider); diff --git a/application/controllers/Secretaries.php b/application/controllers/Secretaries.php index d0edacb6..8efa840a 100644 --- a/application/controllers/Secretaries.php +++ b/application/controllers/Secretaries.php @@ -20,6 +20,31 @@ */ class Secretaries extends EA_Controller { + public array $allowed_provider_fields = ['id', 'first_name', 'last_name']; + public array $allowed_secretary_fields = [ + 'id', + 'first_name', + 'last_name', + 'email', + 'alt_number', + 'phone_number', + 'address', + 'city', + 'state', + 'zip_code', + 'notes', + 'timezone', + 'language', + 'is_private', + 'id_roles', + 'settings', + 'providers', + ]; + public array $allowed_secretary_setting_fields = ['username', 'password', 'notifications', 'calendar_view']; + public array $optional_secretary_fields = [ + 'providers' => [], + ]; + /** * Secretaries constructor. */ @@ -63,7 +88,7 @@ class Secretaries extends EA_Controller $providers = $this->providers_model->get(); foreach ($providers as &$provider) { - $this->providers_model->only($provider, ['id', 'first_name', 'last_name']); + $this->providers_model->only($provider, $this->allowed_provider_fields); } script_vars([ @@ -124,35 +149,11 @@ class Secretaries extends EA_Controller $secretary = request('secretary'); - $this->secretaries_model->only($secretary, [ - 'first_name', - 'last_name', - 'email', - 'alt_number', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'notes', - 'timezone', - 'language', - 'is_private', - 'id_roles', - 'settings', - 'providers', - ]); + $this->secretaries_model->only($secretary, $this->allowed_secretary_fields); - $this->secretaries_model->only($secretary['settings'], [ - 'username', - 'password', - 'notifications', - 'calendar_view', - ]); + $this->secretaries_model->only($secretary['settings'], $this->allowed_secretary_setting_fields); - $this->secretaries_model->optional($secretary, [ - 'providers' => [], - ]); + $this->secretaries_model->optional($secretary, $this->optional_secretary_fields); $secretary_id = $this->secretaries_model->save($secretary); @@ -201,36 +202,11 @@ class Secretaries extends EA_Controller $secretary = request('secretary'); - $this->secretaries_model->only($secretary, [ - 'id', - 'first_name', - 'last_name', - 'email', - 'alt_number', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'notes', - 'timezone', - 'language', - 'is_private', - 'id_roles', - 'settings', - 'providers', - ]); + $this->secretaries_model->only($secretary, $this->allowed_secretary_fields); - $this->secretaries_model->only($secretary['settings'], [ - 'username', - 'password', - 'notifications', - 'calendar_view', - ]); + $this->secretaries_model->only($secretary['settings'], $this->allowed_secretary_setting_fields); - $this->secretaries_model->optional($secretary, [ - 'providers' => [], - ]); + $this->secretaries_model->optional($secretary, $this->optional_secretary_fields); $secretary_id = $this->secretaries_model->save($secretary); diff --git a/application/controllers/Service_categories.php b/application/controllers/Service_categories.php index fd831cd2..e49980de 100644 --- a/application/controllers/Service_categories.php +++ b/application/controllers/Service_categories.php @@ -20,6 +20,8 @@ */ class Service_categories extends EA_Controller { + public array $allowed_service_category_fields = ['id', 'name', 'description']; + /** * Service-categories constructor. */ @@ -113,7 +115,7 @@ class Service_categories extends EA_Controller $service_category = request('service_category'); - $this->service_categories_model->only($service_category, ['name', 'description']); + $this->service_categories_model->only($service_category, $this->allowed_service_category_fields); $service_category_id = $this->service_categories_model->save($service_category); @@ -162,7 +164,7 @@ class Service_categories extends EA_Controller $service_category = request('service_category'); - $this->service_categories_model->only($service_category, ['id', 'name', 'description']); + $this->service_categories_model->only($service_category, $this->allowed_service_category_fields); $service_category_id = $this->service_categories_model->save($service_category); diff --git a/application/controllers/Services.php b/application/controllers/Services.php index c67a6514..da365b16 100644 --- a/application/controllers/Services.php +++ b/application/controllers/Services.php @@ -20,6 +20,24 @@ */ class Services extends EA_Controller { + public array $allowed_service_fields = [ + 'id', + 'name', + 'duration', + 'price', + 'currency', + 'description', + 'color', + 'location', + 'availabilities_type', + 'attendants_number', + 'is_private', + 'id_service_categories', + ]; + public array $optional_service_fields = [ + 'id_service_categories' => null, + ]; + /** * Services constructor. */ @@ -114,23 +132,9 @@ class Services extends EA_Controller $service = request('service'); - $this->services_model->only($service, [ - 'name', - 'duration', - 'price', - 'currency', - 'description', - 'color', - 'location', - 'availabilities_type', - 'attendants_number', - 'is_private', - 'id_service_categories', - ]); + $this->services_model->only($service, $this->allowed_service_fields); - $this->services_model->optional($service, [ - 'id_service_categories' => null, - ]); + $this->services_model->optional($service, $this->optional_service_fields); $service_id = $this->services_model->save($service); @@ -179,24 +183,9 @@ class Services extends EA_Controller $service = request('service'); - $this->services_model->only($service, [ - 'id', - 'name', - 'duration', - 'price', - 'currency', - 'description', - 'color', - 'location', - 'availabilities_type', - 'attendants_number', - 'is_private', - 'id_service_categories', - ]); + $this->services_model->only($service, $this->allowed_service_fields); - $this->services_model->optional($service, [ - 'id_service_categories' => null, - ]); + $this->services_model->optional($service, $this->optional_service_fields); $service_id = $this->services_model->save($service); diff --git a/application/controllers/Unavailabilities.php b/application/controllers/Unavailabilities.php index 347eee6c..326c7eab 100644 --- a/application/controllers/Unavailabilities.php +++ b/application/controllers/Unavailabilities.php @@ -20,6 +20,16 @@ */ class Unavailabilities extends EA_Controller { + public array $allowed_unavailability_fields = [ + 'id', + 'start_datetime', + 'end_datetime', + 'location', + 'notes', + 'is_unavailability', + 'id_users_provider', + ]; + /** * Unavailabilities constructor. */ @@ -73,19 +83,7 @@ class Unavailabilities extends EA_Controller $unavailability = request('unavailability'); - $this->unavailabilities_model->only($unavailability, [ - 'first_name', - 'last_name', - 'email', - 'phone_number', - 'address', - 'city', - 'state', - 'zip_code', - 'notes', - 'timezone', - 'language', - ]); + $this->unavailabilities_model->only($unavailability, $this->allowed_unavailability_fields); $unavailability_id = $this->unavailabilities_model->save($unavailability); @@ -138,6 +136,8 @@ class Unavailabilities extends EA_Controller $unavailability = request('unavailability'); + $this->unavailabilities_model->only($unavailability, $this->allowed_unavailability_fields); + $unavailability_id = $this->unavailabilities_model->save($unavailability); $unavailability = $this->unavailabilities_model->find($unavailability_id); diff --git a/application/controllers/Webhooks.php b/application/controllers/Webhooks.php index ba03c63d..36383c46 100644 --- a/application/controllers/Webhooks.php +++ b/application/controllers/Webhooks.php @@ -20,6 +20,8 @@ */ class Webhooks extends EA_Controller { + public array $allowed_webhook_fields = ['id', 'name', 'url', 'actions', 'secret_token', 'is_ssl_verified', 'notes']; + /** * Webhooks constructor. */ @@ -132,14 +134,7 @@ class Webhooks extends EA_Controller $webhook = request('webhook'); - $this->webhooks_model->only($webhook, [ - 'name', - 'url', - 'actions', - 'secret_token', - 'is_ssl_verified', - 'notes', - ]); + $this->webhooks_model->only($webhook, $this->allowed_webhook_fields); $webhook_id = $this->webhooks_model->save($webhook); @@ -164,15 +159,7 @@ class Webhooks extends EA_Controller $webhook = request('webhook'); - $this->webhooks_model->only($webhook, [ - 'id', - 'name', - 'url', - 'actions', - 'secret_token', - 'is_ssl_verified', - 'notes', - ]); + $this->webhooks_model->only($webhook, $this->allowed_webhook_fields); $webhook_id = $this->webhooks_model->save($webhook);