Skip to content

Commit 75b2473

Browse files
Do not return appointments of a different user to the another provider or secretary on the default calendar screen.
1 parent c7a304c commit 75b2473

File tree

1 file changed

+56
-0
lines changed

1 file changed

+56
-0
lines changed

Diff for: application/controllers/Calendar.php

+56
Original file line numberDiff line numberDiff line change
@@ -671,6 +671,62 @@ public function get_calendar_appointments()
671671
$unavailability['provider'] = $this->providers_model->find($unavailability['id_users_provider']);
672672
}
673673

674+
unset($appointment);
675+
676+
$user_id = session('user_id');
677+
678+
$role_slug = session('role_slug');
679+
680+
// If the current user is a provider he must only see his own appointments.
681+
if ($role_slug === DB_SLUG_PROVIDER)
682+
{
683+
foreach ($response['appointments'] as $index => $appointment)
684+
{
685+
if ((int)$appointment['id_users_provider'] !== (int)$user_id)
686+
{
687+
unset($response['appointments'][$index]);
688+
}
689+
}
690+
691+
$response['appointments'] = array_values($response['appointments']);
692+
693+
foreach ($response['unavailabilities'] as $index => $unavailability)
694+
{
695+
if ((int)$unavailability['id_users_provider'] !== (int)$user_id)
696+
{
697+
unset($response['unavailabilities'][$index]);
698+
}
699+
}
700+
701+
$response['unavailabilities'] = array_values($response['unavailabilities']);
702+
}
703+
704+
// If the current user is a secretary he must only see the appointments of his providers.
705+
if ($role_slug === DB_SLUG_SECRETARY)
706+
{
707+
$providers = $this->secretaries_model->find($user_id)['providers'];
708+
709+
foreach ($response['appointments'] as $index => $appointment)
710+
{
711+
if ( ! in_array((int)$appointment['id_users_provider'], $providers))
712+
{
713+
unset($response['appointments'][$index]);
714+
}
715+
}
716+
717+
$response['appointments'] = array_values($response['appointments']);
718+
719+
foreach ($response['unavailabilities'] as $index => $unavailability)
720+
{
721+
if ( ! in_array((int)$unavailability['id_users_provider'], $providers))
722+
{
723+
unset($response['unavailabilities'][$index]);
724+
}
725+
}
726+
727+
$response['unavailabilities'] = array_values($response['unavailabilities']);
728+
}
729+
674730
json_response($response);
675731
}
676732
catch (Throwable $e)

0 commit comments

Comments
 (0)