Wednesday, March 9, 2022

[FIXED] How to make sure every event only can be view by role_id (only super admin can see all the list) in codeigniter?

      ,      No comments   

Issue

My data can be seen in this image from CodeIgniter event list.

this one is event controller

this one is event model

I want to make sure every event only can be viewed by role id. I tried to change the controller Event.php:

public function index($school_id = null, $id = null, $role_id=null) {
     
        check_permission(VIEW);

        

        $this->data['events'] = $this->event->get_event_list($school_id, $role_id);
        $this->data['roles'] = $this->event->get_list('roles', array('status' => 1), '', '', 'id','ASC');
        $this->data['filter_school_id'] = $school_id;
        $this->data['schools'] = $this->schools;
       
        $this->data['list'] = TRUE;
        $this->layout->title($this->lang->line('manage_event') . ' | ' . SMS);
        $this->layout->view('event/index', $this->data);
    }

I also try to change the event_model.php:

public function get_event_list($school_id = null, $role_id=null) {
        
        $this->db->select('E.*, S.school_name, R.name');
        $this->db->from('events AS E');
        $this->db->join('roles AS R', 'R.id = E.role_id', 'left');
        $this->db->join('schools AS S', 'S.id = E.school_id', 'left');
        
        if($this->session->userdata('role_id') != SUPER_ADMIN){
            $this->db->where('E.school_id', $this->session->userdata('school_id'));
            $this->db->where('R.role_id', $this->session->userdata('role_id'));
        }
        
        if($this->session->userdata('role_id') == SUPER_ADMIN && $school_id){
            $this->db->where('E.school_id', $school_id);
        }
        $this->db->where('S.status', 1);
        $this->db->order_by('E.id', 'DESC');
        
        return $this->db->get()->result();
        
    }

Solution

I already know how to do it so I just change a few on coding on event model:

 public function get_event_list($school_id = null, $role_id ){
  
    $this->db->select('E.*, S.school_name, R.name');
    $this->db->from('events AS E');
    $this->db->join('roles AS R', 'R.id = E.role_id', 'left');
    $this->db->join('schools AS S', 'S.id = E.school_id', 'left');
    
    if($this->session->userdata('role_id') != SUPER_ADMIN){
        $this->db->where('E.school_id', $this->session->userdata('school_id'));
        $this->db->where('E.role_id', $this->session->userdata('role_id'));
        
    }
    
    if($this->session->userdata('role_id') == SUPER_ADMIN && $school_id){
        $this->db->where('E.school_id', $school_id);
    }
    $this->db->where('S.status', 1);
    $this->db->order_by('E.id', 'DESC');
    
    return $this->db->get()->result();

And this one is for event controller:

public function index($school_id = null, $id = null, $role_id=null) {

    check_permission(VIEW);

    $this->data['school'] = array();
    $school_id = $this->session->userdata('school_id');
    $class_id = $this->session->userdata('class_id');
    $role_id = $this->session->userdata('role_id');
    

    $this->data['events'] = $this->event->get_event_list($school_id, $role_id);
    $this->data['roles'] = $this->event->get_list('roles', array('status' => 1,), '', '', 'id', 'ASC');
    $this->data['filter_school_id'] = $school_id;
    $this->data['schools'] = $this->schools;
   
    $this->data['list'] = TRUE;
    $this->layout->title($this->lang->line('manage_event') . ' | ' . SMS);
    $this->layout->view('event/index', $this->data);
}


Answered By - Najwa Ismail

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...