Do not return appointments of a different user to the another provide…

…r or secretary on the default calendar screen.
alextselegidis · Apr 15, 2023 · 75b2473 · 75b2473
1 parent c7a304c
commit 75b2473
Showing 1 changed file with 56 additions and 0 deletions.
diff --git a/application/controllers/Calendar.php b/application/controllers/Calendar.php
@@ -671,6 +671,62 @@ public function get_calendar_appointments()
                 $unavailability['provider'] = $this->providers_model->find($unavailability['id_users_provider']);
             }
 
+            unset($appointment);
+
+            $user_id = session('user_id');
+
+            $role_slug = session('role_slug');
+
+            // If the current user is a provider he must only see his own appointments.
+            if ($role_slug === DB_SLUG_PROVIDER)
+            {
+                foreach ($response['appointments'] as $index => $appointment)
+                {
+                    if ((int)$appointment['id_users_provider'] !== (int)$user_id)
+                    {
+                        unset($response['appointments'][$index]);
+                    }
+                }
+
+                $response['appointments'] = array_values($response['appointments']);
+
+                foreach ($response['unavailabilities'] as $index => $unavailability)
+                {
+                    if ((int)$unavailability['id_users_provider'] !== (int)$user_id)
+                    {
+                        unset($response['unavailabilities'][$index]);
+                    }
+                }
+
+                $response['unavailabilities'] = array_values($response['unavailabilities']);
+            }
+
+            // If the current user is a secretary he must only see the appointments of his providers.
+            if ($role_slug === DB_SLUG_SECRETARY)
+            {
+                $providers = $this->secretaries_model->find($user_id)['providers'];
+
+                foreach ($response['appointments'] as $index => $appointment)
+                {
+                    if ( ! in_array((int)$appointment['id_users_provider'], $providers))
+                    {
+                        unset($response['appointments'][$index]);
+                    }
+                }
+
+                $response['appointments'] = array_values($response['appointments']);
+
+                foreach ($response['unavailabilities'] as $index => $unavailability)
+                {
+                    if ( ! in_array((int)$unavailability['id_users_provider'], $providers))
+                    {
+                        unset($response['unavailabilities'][$index]);
+                    }
+                }
+
+                $response['unavailabilities'] = array_values($response['unavailabilities']);
+            }
+
             json_response($response);
         }
         catch (Throwable $e)