/** * Show admin notice about purchase code and license. */ public function showAdminNotice() { if (AB_Utils::isCurrentUserAdmin() && !get_user_meta(get_current_user_id(), 'ab_dismiss_admin_notice', true) && get_option('ab_envato_purchase_code') == '' && time() > get_option('ab_installation_time') + 604800) { $this->render('admin_notice'); } }
</span>) <?php } else { ?> <?php _e('Profile', 'bookly'); ?> <?php } ?> </h3> </div> <div class="panel-body"> <div class="row"> <div id="ab-staff" class="ab-left-bar col-md-3 col-sm-3 col-xs-12 col-lg-3"<?php if (!AB_Utils::isCurrentUserAdmin()) { ?> style="display: none" <?php } ?> > <ul id="ab-staff-list"> <?php if ($staff_members) { ?> <?php foreach ($staff_members as $staff) { ?> <li class="ab-staff-member" id="ab-list-staff-<?php echo $staff['id']; ?>
/** * Extend parent method to control access on staff member level. * * @param string $action * @return bool */ protected function hasAccess($action) { if (parent::hasAccess($action)) { if (!AB_Utils::isCurrentUserAdmin()) { $staff = new AB_Staff(); switch ($action) { case 'executeEditStaff': case 'executeDeleteStaffAvatar': case 'executeStaffServices': case 'executeStaffSchedule': case 'executeStaffHolidays': $staff->load($this->getParameter('id')); break; case 'executeStaffServicesUpdate': case 'executeStaffHolidaysUpdate': $staff->load($this->getParameter('staff_id')); break; case 'executeStaffScheduleHandleBreak': $staffScheduleItem = new AB_StaffScheduleItem(); $staffScheduleItem->load($this->getParameter('staff_schedule_item_id')); $staff->load($staffScheduleItem->get('staff_id')); break; case 'executeDeleteStaffScheduleBreak': $break = new AB_ScheduleItemBreak(); $break->load($this->getParameter('id')); $staffScheduleItem = new AB_StaffScheduleItem(); $staffScheduleItem->load($break->get('staff_schedule_item_id')); $staff->load($staffScheduleItem->get('staff_id')); break; case 'executeStaffScheduleUpdate': if ($this->hasParameter('days')) { foreach ($this->getParameter('days') as $id => $day_index) { $staffScheduleItem = new AB_StaffScheduleItem(); $staffScheduleItem->load($id); $staff = new AB_Staff(); $staff->load($staffScheduleItem->get('staff_id')); if ($staff->get('wp_user_id') != get_current_user_id()) { return false; } } } break; default: return false; } return $staff->get('wp_user_id') == get_current_user_id(); } return true; } return false; }
/** * Get data needed for appointment form initialisation. */ public function executeGetDataForAppointmentForm() { $result = array('staff' => array(), 'customers' => array(), 'custom_fields' => array(), 'time' => array(), 'time_interval' => get_option('ab_settings_time_slot_length') * 60); // Staff list. $staff_members = AB_Utils::isCurrentUserAdmin() ? AB_Staff::query()->sortBy('position')->find() : AB_Staff::query()->where('wp_user_id', get_current_user_id())->find(); /** @var AB_Staff $staff_member */ foreach ($staff_members as $staff_member) { $services = array(); foreach ($staff_member->getStaffServices() as $staff_service) { $services[] = array('id' => $staff_service->service->get('id'), 'title' => sprintf('%s (%s)', $staff_service->service->get('title'), AB_Service::durationToString($staff_service->service->get('duration'))), 'duration' => $staff_service->service->get('duration'), 'capacity' => $staff_service->get('capacity')); } $result['staff'][] = array('id' => $staff_member->get('id'), 'full_name' => $staff_member->get('full_name'), 'services' => $services); } // Customers list. foreach (AB_Customer::query()->sortBy('name')->find() as $customer) { $name = $customer->get('name'); if ($customer->get('email') != '' || $customer->get('phone') != '') { $name .= ' (' . trim($customer->get('email') . ', ' . $customer->get('phone'), ', ') . ')'; } $result['customers'][] = array('id' => $customer->get('id'), 'name' => $name, 'custom_fields' => array(), 'number_of_persons' => 1); } // Time list. $ts_length = AB_BookingConfiguration::getTimeSlotLength(); $time_start = AB_StaffScheduleItem::WORKING_START_TIME; $time_end = AB_StaffScheduleItem::WORKING_END_TIME; // Run the loop. while ($time_start <= $time_end) { $result['time'][] = array('value' => AB_DateTimeUtils::buildTimeString($time_start, false), 'title' => AB_DateTimeUtils::formatTime($time_start)); $time_start += $ts_length; } wp_send_json($result); }
/** * Check if the current user has access to the action. * * Default access (if is not set with annotation for the controller or action) is "admin" * Access type: * "admin" - check if the current user is super admin * "user" - check if the current user is authenticated * "anonymous" - anonymous user * * @param string $action * @return bool */ protected function hasAccess($action) { $permissions = $this->getPermissions(); $security = isset($permissions[$action]) ? $permissions[$action] : null; if (is_null($security)) { // Check if controller class has permission $security = isset($permissions['_this']) ? $permissions['_this'] : null; if (is_null($security)) { $security = 'admin'; } } switch ($security) { case 'admin': return AB_Utils::isCurrentUserAdmin(); case 'user': return is_user_logged_in(); case 'anonymous': return true; } return false; }