diff --git a/application/controllers/Calendar.php b/application/controllers/Calendar.php index f130a46232..694631c2db 100644 --- a/application/controllers/Calendar.php +++ b/application/controllers/Calendar.php @@ -671,6 +671,62 @@ public function get_calendar_appointments() $unavailability['provider'] = $this->providers_model->find($unavailability['id_users_provider']); } + unset($appointment); + + $user_id = session('user_id'); + + $role_slug = session('role_slug'); + + // If the current user is a provider he must only see his own appointments. + if ($role_slug === DB_SLUG_PROVIDER) + { + foreach ($response['appointments'] as $index => $appointment) + { + if ((int)$appointment['id_users_provider'] !== (int)$user_id) + { + unset($response['appointments'][$index]); + } + } + + $response['appointments'] = array_values($response['appointments']); + + foreach ($response['unavailabilities'] as $index => $unavailability) + { + if ((int)$unavailability['id_users_provider'] !== (int)$user_id) + { + unset($response['unavailabilities'][$index]); + } + } + + $response['unavailabilities'] = array_values($response['unavailabilities']); + } + + // If the current user is a secretary he must only see the appointments of his providers. + if ($role_slug === DB_SLUG_SECRETARY) + { + $providers = $this->secretaries_model->find($user_id)['providers']; + + foreach ($response['appointments'] as $index => $appointment) + { + if ( ! in_array((int)$appointment['id_users_provider'], $providers)) + { + unset($response['appointments'][$index]); + } + } + + $response['appointments'] = array_values($response['appointments']); + + foreach ($response['unavailabilities'] as $index => $unavailability) + { + if ( ! in_array((int)$unavailability['id_users_provider'], $providers)) + { + unset($response['unavailabilities'][$index]); + } + } + + $response['unavailabilities'] = array_values($response['unavailabilities']); + } + json_response($response); } catch (Throwable $e)