0
I am trying to do a validation for the user: doctor do not have access to the value of the query and other users have access to the value of the query, I manage to do not appear to the doctor, so that’s catching all users of the system.
function MostraHistoricoPaciente(data, modal, datatype) {
if(modal) {
$('#modal-historico').modal();
}
if(datatype == 'json') {
$('#datas-historico').html('');
$('#content-historico').html('');
$('.panel-body').html('');
$('#content-dados').html(
'<br><div class="row">' +
'<div class="col-md-3"><strong>Nome:</strong> ' + data[0].dados_paciente[0].nome + '</div>' +
'<div class="col-md-2"><strong>Profissão:</strong> ' + data[0].dados_paciente[0].profissao + '</div>' +
'<div class="col-md-2"><strong>Data Nasc:</strong> ' + data[0].dados_paciente[0].data_nasc + '</div>' +
'<div class="col-md-2"><strong>Idade:</strong> ' + data[0].dados_paciente[0].idade + '</div>' +
'<div class="col-md-2"><strong>Sexo:</strong> ' + data[0].dados_paciente[0].sexo + '</div>' +
'<div class="col-md-2"><strong>Estado Civil:</strong> ' + data[0].dados_paciente[0].estado_civil + '</div>' +
'</div>' +
'<div class="row"><br>' +
'<div class="col-md-12"><div class="label label-default">Contato</div><hr></div><br><br>' +
'<div class="col-md-2"><strong>Tel:</strong> ' + data[0].dados_paciente[0].tel + '</div>' +
'<div class="col-md-2"><strong>Cel:</strong> ' + data[0].dados_paciente[0].cel + '</div>' +
'<div class="col-md-3"><strong>E-mail:</strong> ' + data[0].dados_paciente[0].email + '</div>' +
'</div>' +
'<div class="row"><br>' +
'<div class="col-md-12"><div class="label label-default">Endereço</div><hr></div><br><br>' +
'<div class="col-md-3"><strong>Rua:</strong> ' + data[0].dados_paciente[0].logradouro + ' ' + data[0].dados_paciente[0].numero + '</div>' +
'<div class="col-md-3"><strong>Bairro:</strong> ' + data[0].dados_paciente[0].bairro + '</div>' +
'<div class="col-md-3"><strong>Cidade:</strong> ' + data[0].dados_paciente[0].cidade + '/' + data[0].dados_paciente[0].uf + '</div>' +
'<div class="col-md-3"><strong>CEP:</strong> ' + data[0].dados_paciente[0].cep + '</div>' +
'</div>'
);
// Aqui
function renderValueTotal() {
if($users.privilegy === 3 || $users.privilegy === 4 ) {
return '<div class="col-md-3"><strong>Valor:</strong> ' +
lcssafira.app.formatReal(data[0].caixa[0].valor_total, true);
}
return '';
var valueTotal = renderValueTotal($privilegy);
if(typeof data[0].caixa !== 'undefined') {
$('#content-dados').append(
'<div class="row"><br>' +
'<div class="col-md-12"><div class="label label-default">Pagamento</div><hr></div><br><br>' +
'<div class="col-md-3"><strong>Forma Pagamento:</strong> ' + data[0].caixa[0].forma_pgto + '</div>' +
renderValueTotal +
'<div>'
);
}
}
if(typeof data[0].exame !== 'undefined') {
$('.panel-body').html(data[0].exame[0].modelo);
}
$.each(data, function(index, val) {
icon = '<span class="material-icons">event_available</span>';
if(typeof val.data_cadastro !== 'undefined') {
$('#datas-historico').append('<span class="btn btn-raised btn-sm btn-data-diagnostico" data-id-paciente="'
+ val.id_pessoa + '" data-date="' + val.data_cadastro + '">'
+ icon + '<span class="data-cadastro">'
+ val.data_cadastro + '</span></span>');
}
});
}
else {
$('#content-historico').html(data);
}
}
Only with this code you posted would it reproduce the problem? You’ll get better answers if you give people code they can use to reproduce the problem
– user60252
normally, and I say 'normally' because there are people who prefer to risk and reinvent wheels... all validation treatment, display, permission, should be done on the server side, by the backend, it is in it that validations, Sessions, permissions are manipulated, JS as client-side, even if it does not appear on the screen if you need to treat or hide the value, it will be in the code visible to a user little more experiencer.
– Michel Simões
yes I agree with you about the validation,this code was already like this when I picked it up and now it will be a little complicated to fix it,.
– Michel Spirlandeli