From 2a3673f7e2c55daf521f206791fd9051892e88b0 Mon Sep 17 00:00:00 2001 From: lorisadmin Date: Tue, 17 Dec 2019 10:45:36 -0500 Subject: [PATCH] [Dashboard/Study Progression -- View recruitment per site] Restricting users to see statistics only from sites they have access to. --- .../ajax/get_recruitment_line_data.php | 28 +++++++++++++++---- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/modules/dashboard/ajax/get_recruitment_line_data.php b/modules/dashboard/ajax/get_recruitment_line_data.php index 7920f81035c..78a5db1fb05 100644 --- a/modules/dashboard/ajax/get_recruitment_line_data.php +++ b/modules/dashboard/ajax/get_recruitment_line_data.php @@ -15,23 +15,41 @@ header("content-type:application/json"); ini_set('default_charset', 'utf-8'); -$DB = Database::singleton(); +$DB = Database::singleton(); +$currentUser = \User::singleton(); +$site = array(); +$list_of_sites = array(); + +//TODO: Create a permission specific to statistics +if ($currentUser->hasPermission('access_all_profiles')) { + $list_of_sites = \Utility::getSiteList(); +} else { + $site_id_arr = $currentUser->getCenterIDs(); + foreach ($site_id_arr as $key => $val) { + $site[$key] = &Site::singleton($val); + $list_of_sites[$val] = $site[$key]->getCenterName(); + } +} + +$sitesString = implode(",", array_keys($list_of_sites)); $recruitmentData = array(); $recruitmentStartDate = $DB->pselectOne( - "SELECT MIN(Date_registered) FROM candidate", + "SELECT MIN(Date_registered) + FROM candidate + WHERE RegistrationCenterID IN (" . $sitesString . ")", array() ); $recruitmentEndDate = $DB->pselectOne( - "SELECT MAX(Date_registered) FROM candidate", + "SELECT MAX(Date_registered) + FROM candidate + WHERE RegistrationCenterID IN (" . $sitesString . ")", array() ); $recruitmentData['labels'] = createChartLabels($recruitmentStartDate, $recruitmentEndDate); -$list_of_sites = Utility::getAssociativeSiteList(true, false); - foreach ($list_of_sites as $siteID => $siteName) { $recruitmentData['datasets'][] = array( "name" => $siteName,