easyappointments/application/libraries/Permissions.php

96 lines
2.9 KiB
PHP

<?php defined('BASEPATH') or exit('No direct script access allowed');
/* ----------------------------------------------------------------------------
* Easy!Appointments - Online Appointment Scheduler
*
* @package EasyAppointments
* @author A.Tselegidis <alextselegidis@gmail.com>
* @copyright Copyright (c) Alex Tselegidis
* @license https://opensource.org/licenses/GPL-3.0 - GPLv3
* @link https://easyappointments.org
* @since v1.5.0
* ---------------------------------------------------------------------------- */
/**
* Permissions library.
*
* Handles permission related functionality.
*
* @package Libraries
*/
class Permissions
{
/**
* @var EA_Controller|CI_Controller
*/
protected EA_Controller|CI_Controller $CI;
/**
* Permissions constructor.
*/
public function __construct()
{
$this->CI = &get_instance();
$this->CI->load->model('appointments_model');
$this->CI->load->model('roles_model');
$this->CI->load->model('secretaries_model');
$this->CI->load->model('users_model');
$this->CI->load->library('timezones');
}
/**
* Check if a user is allowed to manage the provided customer.
*
* The "limit_customer_access" setting changes the access permissions to customer entries. In order for a provider
* or a secretary to be able to make changes to a customer, they will first need to at least have a single
* appointment with them.
*
* @param int $user_id
* @param int $customer_id
*
* @return bool
*/
public function has_customer_access(int $user_id, int $customer_id): bool
{
$role_id = $this->CI->users_model->value($user_id, 'id_roles');
$role_slug = $this->CI->roles_model->value($role_id, 'slug');
$limit_customer_access = setting('limit_customer_access');
if ($role_slug === DB_SLUG_ADMIN || !$limit_customer_access) {
return true;
}
if ($role_slug === DB_SLUG_PROVIDER) {
return $this->CI->appointments_model
->query()
->where(['id_users_provider' => $user_id, 'id_users_customer' => $customer_id])
->get()
->num_rows() > 0;
}
if ($role_slug === DB_SLUG_SECRETARY) {
$secretary = $this->CI->secretaries_model->find($user_id);
foreach ($secretary['providers'] as $secretary_provider_id) {
$has_appointments_with_customer =
$this->CI->appointments_model
->query()
->where(['id_users_provider' => $secretary_provider_id, 'id_users_customer' => $customer_id])
->get()
->num_rows() > 0;
if ($has_appointments_with_customer) {
return true;
}
}
return false;
}
return false;
}
}