src/Controller/ApiController.php line 2462

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Event\HolidayEvent;
  6. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  7. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  8. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  9. use Symfony\Component\HttpFoundation\Request;
  10. use Symfony\Component\HttpFoundation\Response;
  11. use Symfony\Component\Routing\Annotation\Route;
  12. use Symfony\Component\Security\Core\User\UserInterface;
  13. use Pimcore\Model\Asset;
  14. use Pimcore\Model\DataObject;
  15. use Pimcore\Model\Document;
  16. use Pimcore\Model\Element\Tag;
  17. use Pimcore\Model\DataObject\Data\BlockElement;
  18. use Symfony\Component\Stopwatch\Stopwatch;
  19. use App\Form\ManageUserCreateType;
  20. use App\Form\ManageUserUpdateType;
  21. use App\Form\PasswordFormType;
  22. use App\Form\RegistrationFormHandler;
  23. use App\Model\Customer;
  24. use App\Model\TrycareMembership;
  25. use App\Services\CreateSubuserService;
  26. use App\Services\GeneralService;
  27. use App\Services\HeadOfficeService;
  28. use App\Services\PermissionService;
  29. use App\Services\ToolsService;
  30. use App\Services\NotificationService;
  31. use App\Services\EmployeeContractService;
  32. use App\Services\FreeTrialService;
  33. use App\Services\TrycareService;
  34. use App\Stripe\UserHandler;
  35. use Carbon\Carbon;
  36. use CustomerManagementFrameworkBundle\CustomerProvider\CustomerProviderInterface;
  37. use Error;
  38. use Pimcore\DataObject\Consent\Service;
  39. use Psr\Log\LoggerInterface;
  40. use Symfony\Component\HttpClient\Exception\InvalidArgumentException;
  41. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  42. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  43. use Symfony\Component\HttpKernel\Exception\PreconditionFailedHttpException;
  44. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  45. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  47. /**
  48.  * @Route("/api", name="api")
  49.  */
  50. class ApiController extends AbstractController
  51. {
  52.     /**
  53.      * @Route("/template-hub/templates/read", name="template-hub-read")
  54.      */
  55.     public function templateHubReadAction(Stopwatch $stopwatch)
  56.     {
  57.         if (!$this->isGranted('ROLE_USER')) {
  58.             throw new UnauthorizedHttpException('Not authorized.');
  59.         }
  61.         $listPublic = new DataObject\Templates\Listing();
  62.         $listPublic->load();
  63.         $listPublic $listPublic->getData();
  66.         $listCategories array_map(function ($template) {
  67.             return $template->getCategory();
  68.         }, $listPublic);
  69.         $listCategories array_unique($listCategories);
  71.         $templatesList = [];
  72.         foreach ($listCategories as $category) {
  74.             $list array_filter($listPublic, function ($item) use ($category) {
  75.                 return $item->getCategory() === $category;
  76.             });
  77.             $dataContent = [];
  78.             foreach ($list as $template) {
  79.                 /* if ($asset instanceof \Pimcore\Model\Asset\Document) {
  80.                     try {
  81.                     if (!$asset->getCustomSetting('document_page_count')) {
  82.                         $asset->processPageCount();
  83.                     }
  84.                     } catch (\Exception $e) {
  85.                     //do nothing
  86.                     }
  87.                 } */
  88.                 $coverPath $template->getCover()->getPath();
  89.                 $coverFilename $template->getCover()->getFilename();
  91.                 $dataContent[] = [
  92.                     'name' => $template->getTitle(),
  93.                     'id' => $template->getId(),
  94.                     "preview" => $coverPath $coverFilename,
  95.                     "linkDocument" => $template->getDocument()->getFullPath(),
  96.                     /* "linkPdf" => $template->getPdf()->getFullPath(), */
  97.                 ];
  98.             }
  100.             $templatesList[] = [
  101.                 "category" => $category,
  102.                 "data" => $dataContent
  103.             ];
  104.         }
  108.         $response = new Response();
  110.         $response->headers->set('Content-Type''application/json');
  111.         $response->headers->set('Access-Control-Allow-Origin''*');
  113.         $response->setContent(json_encode($templatesList));
  115.         return $response;
  116.     }
  118.     /**
  119.      * @Route("/head-office/assets/create", name="template-hub-assets-create", methods={"POST"})
  120.      * 
  121.      * @param Request $request
  122.      * @return Response
  123.      */
  124.     public function headOfficeAssetCreateAction(Request $request)
  125.     {
  126.         $loggedUser $this->getUser();
  127.         if (!$loggedUser) {
  128.             throw new UnauthorizedHttpException('Not authorized.');
  129.         }
  130.         $id $loggedUser->getId();
  131.         if ($request->getContent()) {
  132.             $data json_decode($request->getContent(), true);
  134.             $fileName $data['fileKey'];
  135.             $title $data['title'];
  136.             $description $data['description'];
  138.             $parentFolder DataObject::getByPath("/Head Office/Private/" $id);
  139.             if (!$parentFolder) {
  140.                 $parentFolder DataObject\Service::createFolderByPath("/Head Office/Private/" $id);
  141.             }
  143.             $newObject = new DataObject\HOFile();
  144.             $newObject->setKey($fileName);
  145.             $newObject->setParent($parentFolder);
  146.             $newObject->setTitle($title);
  147.             $newObject->setDescription($description);
  148.             $newObject->setPublished(true);
  149.             $newObject->save();
  151.             return new Response($newObject->getId());
  152.         }
  153.         return new Response(null);
  154.     }
  156.     /**
  157.      * @Route("/head-office/assets/read", name="template-hub-assets-read", methods={"GET"})
  158.      * 
  159.      * @param Request $request
  160.      * @return Response
  161.      */
  162.     public function headOfficeAssetReadAction(Request $request)
  163.     {
  164.         $loggedUser $this->getUser();
  165.         if (!$loggedUser) {
  166.             throw new UnauthorizedHttpException('Not authorized.');
  167.         }
  168.         $id $loggedUser->getId();
  170.         $parentFolder DataObject::getByPath("/Head Office/Private/" $id);
  172.         if ($parentFolder) {
  173.             $list = new DataObject\HOFile\Listing();
  174.             $list->setCondition("o_parentId = ?"$parentFolder->getId());
  175.             $list->load();
  176.             $list $list->getData();
  178.             $dataContent = [];
  179.             foreach ($list as $file) {
  180.                 $dataContent[] = [
  181.                     'title' => $file->getTitle(),
  182.                     'description' => $file->getDescription(),
  183.                     'id' => $file->getId(),
  184.                     'key' => $file->getKey()
  185.                 ];
  186.             };
  188.             return new Response(json_encode($dataContent));
  189.         }
  191.         return new Response(null);
  192.     }
  194.     /**
  195.      * @Route("/head-office/assets/delete", name="template-hub-assets-delete", methods={"POST"})
  196.      * 
  197.      * @param Request $request
  198.      * @return Response
  199.      */
  200.     public function headOfficeAssetDeleteAction(Request $request)
  201.     {
  202.         $loggedUser $this->getUser();
  203.         if (!$loggedUser) {
  204.             throw new UnauthorizedHttpException('Not authorized.');
  205.         }
  206.         $id $loggedUser->getId();
  208.         if ($request->getContent()) {
  209.             $data json_decode($request->getContent(), true);
  210.             $fileId $data['objectId'];
  212.             $object DataObject::getById($fileId);
  213.             $object->delete();
  215.             return new Response('File deleted');
  216.         }
  218.         return new Response(null);
  219.     }
  221.     /**
  222.      * @Route("/head-office/credentials/set-cognito", name="head-office-cognito", methods={"PATCH"})
  223.      * 
  224.      * @param Request $request
  225.      * @return Response
  226.      */
  227.     public function headOfficeSetVaultAction(Request $request)
  228.     {
  229.         $loggedUser $this->getUser();
  230.         if (!$loggedUser) {
  231.             throw new UnauthorizedHttpException('Not authorized.');
  232.         }
  233.         $id $loggedUser->getId();
  235.         if ($request->getContent()) {
  236.             $data json_decode($request->getContent(), true);
  237.             $cognito $data['cognitoConfirmed'];
  239.             $loggedUser->setCognitoConfirmed($cognito);
  240.             $loggedUser->save();
  242.             $response = new Response();
  243.             return $response->setContent(json_encode(['message' => 'OK']));
  244.         }
  246.         throw new BadRequestHttpException();
  247.     }
  249.     /**
  250.      * @Route("/head-office/credentials/set", name="head-office-credentials-set", methods={"PUT"}))
  251.      */
  252.     public function headOfficeSetCredentialsAction(Request $requestPermissionService $permissionProviderService $consentService)
  253.     {
  254.         $loggedUser $this->getUser();
  255.         if (!$loggedUser) {
  256.             throw new UnauthorizedHttpException('Not authorized.');
  257.         }
  259.         $data json_decode($request->getContent(), true);
  261.         $password $data['password'];
  262.         $cognito $data['cognito'];
  264.         $loggedUser->setPassword($password);
  265.         $loggedUser->setCognito($cognito);
  267.         $consentService->giveConsent($loggedUser"termsAndPolicy""Agreed with website's terms of use and privacy policy.");
  269.         try {
  270.             $loggedUser->save();
  272.             $response = new Response();
  273.             return $response->setContent(json_encode(['message' => 'OK']));
  274.         } catch (\Exception $e) {
  275.             throw new BadRequestHttpException($e);
  276.         }
  277.     }
  279.     /**
  280.      * @Route("/head-office/credentials/get", name="head-office-credentials", methods={"GET"}))
  281.      */
  282.     public function headOfficeCheckCredentialsAction(PermissionService $permissionProvider)
  283.     {
  284.         $loggedUser $this->getUser();
  285.         if (!$loggedUser) {
  286.             throw new UnauthorizedHttpException('Not authorized.');
  287.         }
  288.         $id $loggedUser->getId();
  290.         $role $loggedUser->getTypeOfUser();
  291.         $userData = [];
  293.         $cpdCycles = [];
  294.         foreach ($loggedUser->getCpdCycles() as $cycle) {
  295.             $cpdCycles[] = [
  296.                 'id' => $cycle->getId(),
  297.                 'startingDate' => $cycle->getStartDate(),
  298.                 'endDate' => $cycle->getEndDate(),
  299.                 'createdAt' => $cycle->getCreationDate(),
  300.                 'requiredHours' => $cycle->getRequiredHours()
  301.             ];
  302.         }
  304.         $permissions $permissionProvider->getPermissions($loggedUser);
  306.         $plans = [];
  307.         foreach ($loggedUser->getCpdPlans() as $cpdPlan) {
  308.             $plans[] = [
  309.                 'id' => $cpdPlan->getid(),
  310.                 'createdAt' => $cpdPlan->getCreationDate()
  311.             ];
  312.         }
  313.         $clinic $loggedUser->getClinic();
  314.         $clinicBranches = [];
  315.         foreach ($clinic->getBranches() as $branch) {
  316.             $clinicBranches[] = [
  317.                 'name' => $branch->getName(),
  318.                 'isMain' => $branch->getIsMain(),
  319.                 'id' => $branch->getId(),
  320.                 'isNew' => $branch->getIsNew()
  321.             ];
  322.         }
  324.         $role $loggedUser->getTypeOfUser();
  325.         $subscription $loggedUser->getSubscription();
  327.         $superuser $clinic->getSuperuser();
  328.         $includedSubs count($superuser->getIncludedSubscriptions());
  329.         if ($superuser->getSubscription()->getIsTrycareMembership()) {
  330.             $includedSubs TrycareMembership::getAdditionalSubscriptionsAmount($superuser->getSubscription()->getTrycareMemberId());
  331.         }
  333.         $userData = [
  334.             'id' => $id,
  335.             'role' => $loggedUser->getTypeOfUser(),
  336.             'cognito' => $loggedUser->getCognito(),
  337.             'email' => $loggedUser->getEmail(),
  338.             'clinicId' => $clinic->getName(),
  339.             'cognitoConfirmed' => $loggedUser->getCognitoConfirmed(),
  340.             'firstName' => $loggedUser->getFirstname(),
  341.             'lastName' => $loggedUser->getLastname(),
  342.             'displayName' => $loggedUser->getDisplayName(),
  343.             'profession' => $loggedUser->getProfession(),
  344.             'gdcNumber' => $loggedUser->getGdcNumber(),
  345.             'cpdCycles' => $cpdCycles,
  346.             'newAlert' => $loggedUser->getNewAlert(),
  347.             'permissions' => $permissions,
  348.             'licence' => [
  349.                 'endOfCycle' => $subscription->getExpiryDate(),
  350.                 'cancel' => $subscription->getCancelEndPeriod(),
  351.                 'cycleType' => $subscription->getBillingCycle(),
  352.                 'freeTrial' => $subscription->getIsFreeTrial(),
  353.                 'includedSubs' => $includedSubs
  354.             ],
  355.             'cpdPlans' => $plans,
  356.             'clinicBranches' => $clinicBranches,
  357.             'newsletter' => $loggedUser->getNewsletterActive(),
  358.             'isTrycareMembership' => $subscription->getIsTrycareMembership(),
  359.         ];
  361.         $response = new Response();
  363.         $response->headers->set('Content-Type''application/json');
  364.         $response->headers->set('Access-Control-Allow-Origin''*');
  366.         $response->setContent(json_encode($userData));
  368.         return $response;
  369.     }
  371.     /**
  372.      * @Route("/head-office/credentials/update", name="head-office-credentials-update", methods={"PUT"}))
  373.      */
  374.     public function headOfficeUpdateUserAction(Request $requestPermissionService $permissionProviderService $consentServiceUserHandler $userHandler)
  375.     {
  376.         $loggedUser $this->getUser();
  377.         if (!$loggedUser) {
  378.             throw new UnauthorizedHttpException('Not authorized.');
  379.         }
  381.         $content json_decode($request->getContent());
  383.         $form $this->createForm(ManageUserUpdateType::class);
  385.         $form->submit((array)$content);
  386.         if (!$form->isValid()) {
  387.             $errors = [];
  388.             foreach ($form->getErrors(deeptrueflattentrue) as $error) {
  389.                 $errors[] = $error->getMessage();
  390.             }
  392.             throw new BadRequestHttpException(json_encode($errors));
  393.         }
  395.         $data json_decode($request->getContent(), true);
  396.         if ($loggedUser->getTypeOfUser() === 'subuser' && $data['termsAndPolicy'] != true) {
  397.             throw new BadRequestHttpException('You must agree to our terms and policies.');
  398.         }
  400.         $clinic $loggedUser->getClinic();
  401.         //create main location
  402.         if (array_key_exists('firstLineAddress'$data)) {
  403.             $branch $userHandler->createBranch(['name' => $data['firstLineAddress'], 'isMain' => true], $clinic);
  404.             $clinic->setBranches([...$clinic->getBranches(), $branch]);
  405.         }
  408.         $loggedUser->setFirstname($data['firstname']);
  409.         $loggedUser->setLastname($data['lastname']);
  410.         $loggedUser->setProfession($data['profession']);
  411.         $loggedUser->setGdcNumber($data['gdcNumber']);
  412.         // $loggedUser->setPhone($data['contact']);
  413.         if (array_key_exists('termsAndPolicy'$data)) {
  414.             $consentService->giveConsent($loggedUser"termsAndPolicy""Agreed with website's terms of use and privacy policy.");
  415.         }
  416.         if (array_key_exists('dealsAndOffers'$data)) {
  417.             $consentMessage "Consent given for deals and offers";
  418.             $consentService->giveConsent($loggedUser"dealsAndOffers"$consentMessage);
  419.         }
  420.         if (array_key_exists('cognito'$data)) {
  421.             $loggedUser->setCognito($data['cognito']);
  422.         }
  423.         if (array_key_exists('displayName'$data)) {
  424.             $loggedUser->setDisplayName($data['displayName']);
  425.         }
  426.         if (array_key_exists('password'$data)) {
  427.             $loggedUser->setPassword($data['password']);
  428.         }
  430.         if ($loggedUser->getTypeOfUser() === 'superuser') {
  431.             if (array_key_exists('practiceName'$data)) {
  432.                 $clinic->setDisplayName($data['practiceName']);
  433.             }
  434.             if (array_key_exists('phone'$data)) {
  435.                 $clinic->setPhone($data['phone']);
  436.             }
  437.             $clinic->save();
  438.         }
  440.         try {
  441.             $loggedUser->save();
  443.             $response = new Response();
  444.             return $response->setContent(json_encode(['message' => 'OK']));
  445.         } catch (\Exception $e) {
  446.             throw new BadRequestHttpException($e);
  447.         }
  448.     }
  450.     /**
  451.      * @Route("/head-office/protocols/get", name="head-office-protocols-get", methods={"GET"}))
  452.      */
  453.     public function headOfficeGetProtocolsAction()
  454.     {
  455.         $loggedUser $this->getUser();
  456.         if (!$loggedUser) {
  457.             throw new UnauthorizedHttpException('Not authorized.');
  458.         }
  459.         $id $loggedUser->getId();
  461.         $protocols = [
  462.             'clinicalPractice',
  463.             'riskAssessments',
  464.             'decontaminationAndCleaning',
  465.             'wasteManagement',
  466.             'occupationalHazards',
  467.             'miscellaneous'
  468.         ];
  470.         $clinic $loggedUser->getClinic();
  472.         $clinicHealthSafetyProtocols = [];
  474.         foreach ($protocols as $protocol) {
  476.             $getter "get" ucwords($protocol);
  477.             $protocolDoc $clinic->$getter();
  479.             if (!empty($protocolDoc)) {
  480.                 $data = [];
  481.                 foreach ($protocolDoc as $doc) {
  482.                     $data[] = [
  483.                         'title' => $doc->getTitle(),
  484.                         'date' => $doc->getAddedDate(),
  485.                         'id' => $doc->getId(),
  486.                         'key' => $doc->getKey()
  487.                     ];
  488.                 }
  489.                 $clinicHealthSafetyProtocols[$protocol] = $data;
  490.             } else {
  491.                 $clinicHealthSafetyProtocols[$protocol] = null;
  492.             }
  493.         }
  495.         $response = new Response();
  497.         $response->headers->set('Content-Type''application/json');
  498.         $response->headers->set('Access-Control-Allow-Origin''*');
  500.         $response->setContent(json_encode($clinicHealthSafetyProtocols));
  502.         return $response;
  503.     }
  505.     /**
  506.      * @Route("/head-office/protocols/post", name="head-office-protocols-post", methods={"POST"})
  507.      * 
  508.      * @param Request $request
  509.      * @return Response
  510.      */
  511.     public function headOfficePostProtocolsAction(Request $requestPermissionService $permissionProvider)
  512.     {
  513.         $loggedUser $this->getUser();
  514.         if (!$loggedUser) {
  515.             throw new UnauthorizedHttpException('Not authorized.');
  516.         }
  518.         $permissionProvider->checkPermissions('teamHQ'$loggedUser);
  520.         if ($request->getContent()) {
  521.             $data json_decode($request->getContent(), true);
  523.             $fileName $data['fileKey'];
  524.             $title $data['title'];
  525.             $documentType $data['documentType'];
  527.             $clinic $loggedUser->getClinic();
  529.             $parentFolder DataObject::getByPath("/Companies/" $clinic->getName() . "/Protocol Documents");
  530.             if (!$parentFolder) {
  531.                 $parentFolder DataObject\Service::createFolderByPath("/Companies/" $clinic->getName() . "/Protocol Documents");
  532.             }
  534.             $currentDate date("d/m/Y");
  535.             $newObject = new DataObject\ProtocolDocument();
  536.             $newObject->setKey($fileName);
  537.             $newObject->setParent($parentFolder);
  538.             $newObject->setTitle($title);
  539.             $newObject->setAddedDate($currentDate);
  540.             $newObject->setPublished(true);
  541.             $newObject->save();
  543.             $getter "get" ucwords($documentType);
  544.             $setter "set" ucwords($documentType);
  546.             $currentDocs $clinic->$getter();
  547.             $clinic->$setter(array_merge($currentDocs, [$newObject]));
  548.             $clinic->save();
  550.             return new Response(json_encode($currentDocs));
  551.         }
  552.         return new Response(null);
  553.     }
  555.     /**
  556.      * @Route("/head-office/protocols/delete/{id}", name="head-office-protocols-delete", methods={"DELETE"})
  557.      * 
  558.      * @param Request $request
  559.      * @return Response
  560.      */
  561.     public function headOfficeProtocolsDeleteAction(Request $request$idPermissionService $permissionProvider)
  562.     {
  563.         $loggedUser $this->getUser();
  564.         if (!$loggedUser) {
  565.             throw new UnauthorizedHttpException('Not authorized.');
  566.         }
  568.         $permissionProvider->checkPermissions('teamHQ'$loggedUser);
  570.         $object DataObject::getById($id);
  572.         if ($object) {
  573.             $object->delete();
  575.             return new Response('File deleted');
  576.         }
  578.         throw new BadRequestHttpException();
  579.     }
  581.     public function filterForTags($tagIds)
  582.     {
  583.         $tagIds is_array($tagIds) ? $tagIds explode(','$tagIds);
  584.         $listing = new \Pimcore\Model\Asset\Listing();
  586.         if ($tagIds) {
  587.             $conditionParts = [];
  588.             foreach ($tagIds as $tagId) {
  589.                 $conditionParts[] = "id IN (SELECT cId FROM tags_assignment WHERE ctype = 'asset' AND tagid = " . (int) $tagId ")";
  590.             }
  593.             if (count($conditionParts) > 0) {
  594.                 $condition implode(" AND "$conditionParts);
  595.                 $listing->addConditionParam($condition);
  596.                 $listing->load();
  597.             }
  598.         }
  599.         return $listing;
  600.     }
  601.     /**
  602.      * @Route("/head-office/locker/", name="head-office-locker-get", methods={"GET"})
  603.      * 
  604.      * @param Request $request
  605.      * @return Response
  606.      */
  607.     public function headOfficeGetLockerAction()
  608.     {
  609.         $loggedUser $this->getUser();
  610.         if (!$loggedUser) {
  611.             throw new UnauthorizedHttpException('You must be logged in to use this service');
  612.         }
  614.         $clinic $loggedUser->getClinic();
  615.         $parentFolder DataObject::getByPath("/Companies/" $clinic->getName() . "/Locker");
  617.         $data = [];
  618.         if ($parentFolder) {
  619.             $list = new DataObject\LockerDocument\Listing();
  620.             $list->setCondition("o_parentId = ?"$parentFolder->getId());
  621.             $list->load();
  622.             $list $list->getData();
  624.             foreach ($list as $document) {
  625.                 $data[] = [
  626.                     'id' => $document->getId(),
  627.                     'key' => $document->getKey(),
  628.                     'title' => $document->getTitle(),
  629.                     'date' => $document->getAddedDate(),
  630.                     'documentKey' => $document->getDocumentKey(),
  631.                     'isPinned' => $document->getIsPinned(),
  632.                     'isMinutes' => $document->getIsMinutes()
  633.                 ];
  634.             }
  635.         }
  637.         return new Response(json_encode($data));
  638.     }
  640.     /**
  641.      * @Route("/head-office/locker/", name="head-office-locker-post", methods={"POST"})
  642.      * 
  643.      * @param Request $request
  644.      * @return Response
  645.      */
  646.     public function headOfficePostLockerAction(Request $requestPermissionService $permissionProviderNotificationService $notificationProvider)
  647.     {
  648.         $loggedUser $this->getUser();
  649.         if (!$loggedUser) {
  650.             throw new UnauthorizedHttpException('Not authorized.');
  651.         }
  653.         $permissionProvider->checkPermissions('teamHQ'$loggedUser);
  655.         if ($request->getContent()) {
  656.             $data json_decode($request->getContent(), true);
  658.             $clinic $loggedUser->getClinic();
  660.             $parentFolder DataObject::getByPath("/Companies/" $clinic->getName() . "/Locker");
  661.             if (!$parentFolder) {
  662.                 $parentFolder DataObject\Service::createFolderByPath("/Companies/" $clinic->getName() . "/Locker");
  663.             }
  665.             $title $data['title'];
  666.             $documentKey $data['documentKey'];
  667.             $key $data['documentKey'];
  668.             $isPinned $data['showHighlight'];
  669.             $isMinutes $data['isMinutes'];
  670.             $shouldNotify $data['showNotify'];
  671.             $currentDate date("d/m/Y");
  673.             $newObject = new DataObject\LockerDocument();
  674.             $newObject->setParent($parentFolder);
  675.             $newObject->setTitle($title);
  676.             $newObject->setAddedDate($currentDate);
  677.             $newObject->setDocumentKey($documentKey);
  678.             $newObject->setKey($key);
  679.             $newObject->setIsPinned($isPinned);
  680.             $newObject->setIsMinutes($isMinutes);
  682.             $newObject->setPublished(true);
  683.             $newObject->save();
  685.             if ($shouldNotify) {
  686.                 $superuser $loggedUser->getTypeOfUser() === 'superuser' $loggedUser $clinic->getSuperuser();
  687.                 $subusers $superuser->getSubusers();
  688.                 $allUsers = array(...$subusers$superuser);
  689.                 $message 'A new document "' $newObject->getTitle() . '" has been uploaded to the {%TeamHQ%}.';
  690.                 foreach ($allUsers as $user) {
  691.                     $notificationProvider->createNotification($user$message'team-lounge');
  692.                 }
  693.             }
  695.             $response = new Response();
  696.             return $response->setContent(json_encode(['message' => 'OK']));
  697.         }
  698.         return new Response(null);
  699.     }
  701.     /**
  702.      * @Route("/head-office/locker/{id}", name="head-office-locker-delete", methods={"DELETE"})
  703.      * 
  704.      * @param Request $request
  705.      * @return Response
  706.      */
  707.     public function headOfficeDeleteLockerAction(Request $request$idPermissionService $permissionProvider)
  708.     {
  709.         $loggedUser $this->getUser();
  710.         if (!$loggedUser) {
  711.             throw new UnauthorizedHttpException('Not authorized.');
  712.         }
  714.         $permissionProvider->checkPermissions('teamHQ'$loggedUser);
  716.         $practiceDocument DataObject::getById($id);
  718.         if (!is_null($practiceDocument)) {
  719.             $practiceDocument->delete();
  720.             return new Response('OK'Response::HTTP_OK);
  721.         }
  722.         throw new BadRequestHttpException();
  723.     }
  724.     /**
  725.      * @Route("/head-office/locker/unpin/{id}", name="head-office-locker-unpin", methods={"PUT"})
  726.      * 
  727.      * @param Request $request
  728.      * @return Response
  729.      */
  730.     public function headOfficeUnpinLockerAction(Request $request$idPermissionService $permissionProvider)
  731.     {
  732.         $loggedUser $this->getUser();
  733.         if (!$loggedUser) {
  734.             throw new UnauthorizedHttpException('Not authorized.');
  735.         }
  737.         $permissionProvider->checkPermissions('teamHQ'$loggedUser);
  739.         $practiceDocument DataObject::getById($id);
  741.         if (!is_null($practiceDocument)) {
  743.             $practiceDocument->setIsPinned(false);
  744.             $practiceDocument->save();
  746.             return new Response('OK'Response::HTTP_OK);
  747.         }
  748.         throw new BadRequestHttpException();
  749.     }
  751.     /**
  752.      * @Route("/head-office/locker/pin/{id}", name="head-office-locker-pin", methods={"PUT"})
  753.      * 
  754.      * @param Request $request
  755.      * @return Response
  756.      */
  757.     public function headOfficePinLockerAction(Request $request$idPermissionService $permissionProvider)
  758.     {
  759.         $loggedUser $this->getUser();
  760.         if (!$loggedUser) {
  761.             throw new UnauthorizedHttpException('Not authorized.');
  762.         }
  764.         $permissionProvider->checkPermissions('teamHQ'$loggedUser);
  766.         $practiceDocument DataObject::getById($id);
  768.         if (!is_null($practiceDocument)) {
  770.             $practiceDocument->setIsPinned(true);
  771.             $practiceDocument->save();
  773.             return new Response('OK'Response::HTTP_OK);
  774.         }
  775.         throw new BadRequestHttpException();
  776.     }
  778.     /**
  779.      * @Route("/head-office/team-message/", name="head-office-locker-teammessage-put", methods={"PUT"})
  780.      * 
  781.      * @param Request $request
  782.      * @return Response
  783.      */
  784.     public function headOfficePutTeamMessageAction(Request $requestPermissionService $permissionProvider)
  785.     {
  786.         $loggedUser $this->getUser();
  787.         if (!$loggedUser) {
  788.             throw new UnauthorizedHttpException('Not authorized.');
  789.         }
  791.         $permissionProvider->checkPermissions('teamHQ'$loggedUser);
  793.         if ($request->getContent()) {
  794.             $data json_decode($request->getContent(), true);
  795.             $id $loggedUser->getId();
  797.             $clinic $loggedUser->getClinic();
  799.             $customerMessageArea $data['customerMessageArea'];
  800.             $teamMessageArea $data['teamMessageArea'];
  802.             $clinic->setTeamMessageArea($teamMessageArea);
  803.             $clinic->setCustomerMessageArea($customerMessageArea);
  804.             $clinic->save();
  806.             return new Response('OK'Response::HTTP_OK);
  807.         }
  808.     }
  809.     /**
  810.      * @Route("/head-office/team-message/", name="head-office-teammessage-get", methods={"GET"})
  811.      * 
  812.      * @param Request $request
  813.      * @return Response
  814.      */
  815.     public function headOfficeGetTeamMessageAction(Request $request)
  816.     {
  817.         $loggedUser $this->getUser();
  818.         if (!$loggedUser) {
  819.             throw new UnauthorizedHttpException('Not authorized.');
  820.         }
  822.         $id $loggedUser->getId();
  824.         $clinic $loggedUser->getClinic();
  826.         $data = [
  827.             'customerMessage' => $clinic->getCustomerMessageArea(),
  828.             'teamMessage' => $clinic->getTeamMessageArea(),
  829.         ];
  831.         return new Response(json_encode(['messages' => $data]));
  832.     }
  834.     /**
  835.      * @Route("/head-office/our-team/document/request", name="our-team-create-request", methods={"POST"})
  836.      * 
  837.      * @param Request $request
  838.      * @return Response
  839.      */
  840.     public function headOfficeCreateDocumentRequestAction(Request $requestToolsService $toolsProvider)
  841.     {
  842.         $loggedUser $this->getUser();
  843.         if (!$loggedUser) {
  844.             throw new UnauthorizedHttpException('Not authorized.');
  845.         }
  847.         $data json_decode($request->getContent(), true);
  848.         $user DataObject\Customer::getByID($data['user']);
  849.         $toolsProvider->createUserTask($user$data['description'], 'userDocument');
  851.         return new Response('OK'Response::HTTP_OK);
  852.     }
  854.     /**
  855.      * @Route("/head-office/our-team/documents", name="our-team-upload-doc", methods={"POST"})
  856.      * 
  857.      * @param Request $request
  858.      * @return Response
  859.      */
  860.     public function headOfficeUploadDocumentAction(Request $requestHeadOfficeService $hoService)
  861.     {
  862.         $loggedUser $this->getUser();
  863.         if (!$loggedUser) {
  864.             throw new UnauthorizedHttpException('Not authorized.');
  865.         }
  867.         $data json_decode($request->getContent(), true);
  868.         if (empty($data['documentKey']) || empty($data['name']) || empty($data['ownerId'])) {
  869.             throw new BadRequestHttpException('File and name are required');
  870.         }
  871.         $owner DataObject\Customer::getById($data['ownerId']);
  873.         $hoService->createUserDocument($data$owner$loggedUser);
  875.         return new Response('OK'Response::HTTP_OK);
  876.     }
  878.     /**
  879.      * @Route("/head-office/our-team/documents/{id}", name="our-team-delete-doc", methods={"DELETE"})
  880.      * 
  881.      * @param Request $request
  882.      * @return Response
  883.      */
  884.     public function headOfficeDeleteDocumentAction($idRequest $requestHeadOfficeService $hoService)
  885.     {
  886.         $loggedUser $this->getUser();
  887.         if (!$loggedUser) {
  888.             throw new UnauthorizedHttpException('Not authorized.');
  889.         }
  891.         //check if is owner
  892.         $doc DataObject\UserDocument::getById($id);
  893.         if (!$doc || $doc->getOwner() !== $loggedUser) {
  894.             throw new NotFoundHttpException('Document not found');
  895.         }
  897.         $doc->delete();
  899.         return new Response('OK'Response::HTTP_OK);
  900.     }
  902.     /**
  903.      * This method retrieves users removed from a clinic from the dashboard, the criteria to identify such users is determined
  904.      * by active (false), clinic (still part of a clinic), no subscription and no parent user
  905.      * 
  906.      * @Route("/head-office/our-team/users/inactive", name="our-team-get-inactive-users", methods={"GET"})
  907.      * 
  908.      * @param Request $request
  909.      * @return Response
  910.      */
  911.     public function headOfficeGetInactiveUsersAction(GeneralService $generalProviderPermissionService $permissionProviderHeadOfficeService $hoService)
  912.     {
  913.         $loggedUser $this->getUser();
  914.         if (!$loggedUser) {
  915.             throw new UnauthorizedHttpException('Not authorized.');
  916.         }
  918.         $permissionProvider->checkPermissions('management'$loggedUser);
  919.         $clinic $loggedUser->getClinic();
  920.         $inactiveUsers $hoService->getInactiveClinicUsers($clinic);
  921.         $inactiveUsersData $generalProvider->getUsersData($inactiveUsers);
  923.         $response = new Response();
  924.         $response->setContent(json_encode(['users' => $inactiveUsersData]));
  925.         return $response;
  926.     }
  928.     /**
  929.      * @Route("/head-office/our-team/users/prorata/{contractId}", name="calculate-user-leave", methods={"GET"})
  930.      * 
  931.      * @param Request $request
  932.      * @return Response
  933.      */
  934.     public function headOfficeGetProRataUserAction(
  935.         $contractId,
  936.         HeadOfficeService $hoService,
  937.         PermissionService $permissionProvider,
  938.         Request $request
  939.     ) {
  940.         $loggedUser $this->getUser();
  941.         if (!$loggedUser) {
  942.             throw new UnauthorizedHttpException('Not authorized.');
  943.         }
  945.         $permissionProvider->checkPermissions('management'$loggedUser);
  946.         $contract DataObject\EmployeeContractDetails::getById($contractId);
  947.         if (!$contract) {
  948.             throw new BadRequestHttpException('Contract not valid');
  949.         }
  950.         $user $contract->getUser();
  951.         if (!$user) {
  952.             throw new BadRequestHttpException('User id not valid');
  953.         }
  954.         if ($user->getClinic() !== $loggedUser->getClinic()) {
  955.             throw new UnauthorizedHttpException('Not authorized');
  956.         }
  957.         $endDate $request->query->get('endDate');
  958.         if (!$endDate) {
  959.             throw new BadRequestHttpException('No end date provided');
  960.         }
  962.         $prorata $hoService->getTotalHolidaysProRata($contract$userCarbon::parse($endDate));
  964.         $response = new Response();
  966.         $response->headers->set('Content-Type''application/json');
  967.         $response->headers->set('Access-Control-Allow-Origin''*');
  969.         $data = [
  970.             'prorata' => $prorata
  971.         ];
  973.         $response->setContent(json_encode($data));
  975.         return $response;
  976.     }
  979.     /**
  980.      * @Route("/head-office/our-team/users/{userId}", name="our-team-get-user", methods={"GET"})
  981.      * 
  982.      * @param Request $request
  983.      * @return Response
  984.      */
  985.     public function headOfficeGetUserAction($userIdHeadOfficeService $hoServicePermissionService $permissionProvider)
  986.     {
  987.         $loggedUser $this->getUser();
  988.         if (!$loggedUser) {
  989.             throw new UnauthorizedHttpException('Not authorized.');
  990.         }
  992.         //TODO remove comments
  993.         //check permission if not getting own info
  994.         // if ($userId != $loggedUser->getId()) {
  995.         //     $permissionProvider->checkPermissions('management', $loggedUser);
  996.         // }
  998.         $user DataObject\Customer::getById($userId);
  1000.         $docs $hoService->getUserDocs($userId);
  1002.         $clinic $loggedUser->getClinic();
  1003.         $policy $hoService->getHolidayPolicyData($hoService->getHolidayPolicyByClinic($clinic));
  1005.         //TODO The contract should be the relevant contract for the period, not specifically the last
  1006.         $employeeContractDetails $hoService->getUserLastCreatedContract($user);
  1007.         $employeeContractDetailsData $employeeContractDetails
  1008.             $hoService->getEmployeeContractDetailsData($employeeContractDetails)
  1009.             : null;
  1010.         $workPeriods $employeeContractDetailsData $hoService->getContractWorkPeriods($employeeContractDetails) : [];
  1011.         $contracts $hoService->getUserContracts($user);
  1012.         $contractsData array_map(function ($contract) use ($hoService) {
  1013.             $data $hoService->getEmployeeContractDetailsData($contract);
  1014.             $data['workPeriods'] = $hoService->getContractWorkPeriods($contract);
  1015.             return $data;
  1016.         }, $contracts);
  1018.         $response = new Response();
  1020.         $response->headers->set('Content-Type''application/json');
  1021.         $response->headers->set('Access-Control-Allow-Origin''*');
  1023.         $data = [
  1024.             'id' => $userId,
  1025.             'documents' => $docs,
  1026.             /* 'clinic policy' => $policy, */
  1027.             'contractDetails' => $employeeContractDetailsData,
  1028.             'contracts' => $contractsData,
  1029.             'workPeriods' => $workPeriods,
  1030.             'amendments' => $hoService->getAmendmentsByUser($user),
  1031.             'holidayDetails' => $employeeContractDetailsData
  1032.                 $hoService->getUserHolidayDetails($user$hoService->getHolidayPolicyByClinic($user->getClinic())) : null //only retrieves when contract is set
  1033.         ];
  1035.         $response->setContent(json_encode($data));
  1037.         return $response;
  1038.     }
  1040.     /**
  1041.      * @Route("/head-office/our-team/users/{userId}/contracts", name="our-team-post-user", methods={"POST"})
  1042.      * 
  1043.      * @param Request $request
  1044.      * @return Response
  1045.      */
  1046.     public function headOfficePostUserAction(
  1047.         $userId,
  1048.         Request $request,
  1049.         HeadOfficeService $hoService,
  1050.         PermissionService $permissionProvider
  1051.     ) {
  1052.         $loggedUser $this->getUser();
  1053.         if (!$loggedUser) {
  1054.             throw new UnauthorizedHttpException('Not authorized.');
  1055.         }
  1057.         //check permission
  1058.         $permissionProvider->checkPermissions('management'$loggedUser);
  1060.         $user DataObject\Customer::getById($userId);
  1061.         if (!$user) {
  1062.             throw new BadRequestHttpException('User id not valid');
  1063.         }
  1064.         if ($user->getClinic() !== $loggedUser->getClinic()) {
  1065.             throw new UnauthorizedHttpException('Not authorized');
  1066.         }
  1068.         $payload json_decode($request->getContent(), true);
  1069.         $contracts $hoService->getUserContracts($user);
  1070.         
  1071.         $lastCreatedContract $hoService->getUserLastCreatedContract($user);
  1072.         $contract $lastCreatedContract;
  1073.         $today Carbon::now()->toDateString();
  1074.         $lastEffectiveDate $lastCreatedContract $lastCreatedContract->getEffectiveDate() : null;
  1075.         //if the last saved contract is today, we just update it, do not create a new contract
  1076.         if (!$lastEffectiveDate || $lastEffectiveDate->toDateString() != $today) {
  1077.             $contract $hoService->createEmployeeContractDetails($user);
  1078.         }
  1079.         if ($lastCreatedContract) {
  1080.             $payload['hiringDate'] = $lastCreatedContract->getHiringDate();
  1081.         } else {
  1082.             $payload['hiringDate'] = Carbon::parse($payload['hiringDate']);
  1083.         }
  1084.         $hoService->updateEmployeeContractDetails($payload$contract);
  1085.         $hoService->saveWorkPeriods($payload['workPeriods'], $contract);
  1087.         $response = new Response();
  1088.         $response->headers->set('Content-Type''application/json');
  1089.         $response->headers->set('Access-Control-Allow-Origin''*');
  1090.         return $response->setContent(json_encode(['id' => $contract->getId()]));
  1091.     }
  1093.     /**
  1094.      * @Route("/head-office/our-team/users/{userId}/contracts/{contractId}", name="our-team-put-user", methods={"PUT"})
  1095.      * 
  1096.      * @param Request $request
  1097.      * @return Response
  1098.      */
  1099.     public function headOfficePutUserAction($userId$contractIdRequest $requestHeadOfficeService $hoServicePermissionService $permissionProvider)
  1100.     {
  1101.         $loggedUser $this->getUser();
  1102.         if (!$loggedUser) {
  1103.             throw new UnauthorizedHttpException('Not authorized.');
  1104.         }
  1106.         //check permission
  1107.         $permissionProvider->checkPermissions('management'$loggedUser);
  1109.         $user DataObject\Customer::getById($userId);
  1110.         $contract DataObject\EmployeeContractDetails::getById($contractId);
  1111.         if (!$user || !$contract || $contract->getUser()->getId() != $user->getId()) {
  1112.             throw new BadRequestHttpException('Contract not found');
  1113.         }
  1114.         if ($user->getClinic() !== $loggedUser->getClinic()) {
  1115.             throw new UnauthorizedHttpException('Not authorized');
  1116.         }
  1118.         $payload json_decode($request->getContent(), true);
  1120.         if (isset($payload['workPeriods'])) {
  1121.             $hoService->saveWorkPeriods($payload['workPeriods'], $contract);
  1122.         }
  1123.         if (isset($payload['reportTo'])) {
  1124.             $hoService->updateContractReportTo($contract$payload['reportTo']);
  1125.             $contract->save();
  1126.         }
  1127.         if (!empty($payload['endDate'])) {
  1128.             $hoService->updateContractEndDate($contract$payload['endDate']);
  1129.         }
  1130.         
  1131.         return new Response('OK'Response::HTTP_OK);
  1132.     }
  1134.     /**
  1135.      * @Route("/head-office/our-team/users/history/{userId}", name="our-team-get-user-history", methods={"GET"})
  1136.      * 
  1137.      * @param Request $request
  1138.      * @return Response
  1139.      */
  1140.     public function headOfficeGetUserHolidayHistoryAction(
  1141.         $userId,
  1142.         HeadOfficeService $hoService,
  1143.         PermissionService $permissionProvider,
  1144.         Request $request
  1145.     ) {
  1146.         $loggedUser $this->getUser();
  1147.         if (!$loggedUser) {
  1148.             throw new UnauthorizedHttpException('Not authorized.');
  1149.         }
  1151.         //check permission if not getting own info
  1152.         if ($userId != $loggedUser->getId()) {
  1153.             $permissionProvider->checkPermissions('management'$loggedUser);
  1154.         }
  1156.         $user DataObject\Customer::getById($userId);
  1157.         if (!$user) {
  1158.             throw new BadRequestHttpException('User id not valid');
  1159.         }
  1160.         if ($user->getClinic() !== $loggedUser->getClinic()) {
  1161.             throw new UnauthorizedHttpException('Not authorized');
  1162.         }
  1164.         $yearAgo = (int)$request->query->get('year');
  1165.         if (!$yearAgo) {
  1166.             $yearAgo 1;
  1167.         }
  1169.         [$events$limit$yearAgo] = $hoService->getUserHolidaysEvents($user$yearAgo);
  1171.         $response = new Response();
  1173.         $response->headers->set('Content-Type''application/json');
  1174.         $response->headers->set('Access-Control-Allow-Origin''*');
  1176.         $response->setContent(json_encode(['history' => $events'limit' => $limit'year' => $yearAgo]));
  1178.         return $response;
  1179.     }
  1181.     /**
  1182.      * @Route("/head-office/our-team/policies", name="create-our-team-policies", methods={"POST"})
  1183.      * 
  1184.      * @param Request $request
  1185.      * @return Response
  1186.      */
  1187.     public function headOfficeCreatePolicyAction(Request $requestPermissionService $permissionProviderHeadOfficeService $hoService)
  1188.     {
  1189.         $loggedUser $this->getUser();
  1190.         if (!$loggedUser) {
  1191.             throw new UnauthorizedHttpException('Not authorized.');
  1192.         }
  1194.         //check permission
  1195.         $permissionProvider->checkPermissions('management'$loggedUser);
  1197.         $clinic $loggedUser->getClinic();
  1198.         $policy $hoService->createOrUpdateHolidayPolicy(json_decode($request->getContent(), true), $clinic);
  1199.         $clinic->setHolidayPolicy($policy);
  1200.         $clinic->save();
  1202.         return new Response('OK'Response::HTTP_OK);
  1203.     }
  1205.     /**
  1206.      * @Route("/head-office/our-team/policies", name="get-our-team-policies", methods={"GET"})
  1207.      * 
  1208.      * @param Request $request
  1209.      * @return Response
  1210.      */
  1211.     public function headOfficeGetPolicyAction(PermissionService $permissionProviderHeadOfficeService $hoService)
  1212.     {
  1213.         $loggedUser $this->getUser();
  1214.         if (!$loggedUser) {
  1215.             throw new UnauthorizedHttpException('Not authorized.');
  1216.         }
  1218.         $clinic $loggedUser->getClinic();
  1219.         $policy $hoService->getHolidayPolicyData($hoService->getHolidayPolicyByClinic($clinic));
  1220.         $response = new Response();
  1222.         $response->headers->set('Content-Type''application/json');
  1223.         $response->headers->set('Access-Control-Allow-Origin''*');
  1225.         $response->setContent(json_encode(['policy' => $policy]));
  1227.         return $response;
  1228.     }
  1230.     /**
  1231.      * @Route("/head-office/our-team/policies/{id}", name="update-our-team-policies", methods={"PUT"})
  1232.      * 
  1233.      * @param Request $request
  1234.      * @return Response
  1235.      */
  1236.     public function headOfficeUpdatePolicyAction($idRequest $requestPermissionService $permissionProviderHeadOfficeService $hoServiceGeneralService $generalProvider)
  1237.     {
  1238.         $loggedUser $this->getUser();
  1239.         if (!$loggedUser) {
  1240.             throw new UnauthorizedHttpException('Not authorized.');
  1241.         }
  1243.         //check permission
  1244.         $permissionProvider->checkPermissions('management'$loggedUser);
  1245.         $clinic $loggedUser->getClinic();
  1246.         //check ownership
  1247.         if ($hoService->getHolidayPolicyByClinic($clinic)->getId() != $id) {
  1248.             throw new UnauthorizedHttpException('Not allowed');
  1249.         }
  1251.         $policy $hoService->createOrUpdateHolidayPolicy(json_decode($request->getContent(), true), $clinic$id);
  1252.         $clinic->setHolidayPolicy($policy);
  1254.         return new Response('OK'Response::HTTP_OK);
  1255.     }
  1257.     /**
  1258.      * @Route("/head-office/our-team/holiday-enrollment", name="get-our-team-holiday-enrollment", methods={"GET"})
  1259.      * 
  1260.      * @param Request $request
  1261.      * @return Response
  1262.      */
  1263.     public function headOfficeGetEnrollmentsAction(PermissionService $permissionProviderHeadOfficeService $hoServiceGeneralService $generalProvider)
  1264.     {
  1265.         $loggedUser $this->getUser();
  1266.         if (!$loggedUser) {
  1267.             throw new UnauthorizedHttpException('Not authorized.');
  1268.         }
  1270.         //check permission
  1271.         $permissionProvider->checkPermissions('management'$loggedUser);
  1273.         $clinic $loggedUser->getClinic();
  1274.         $allsetUsers $hoService->getClinicHolidayEnrolledUsers($clinic);
  1276.         $data = [];
  1277.         foreach ($allsetUsers as $user) {
  1278.             $data[] = $generalProvider->getUserData($user);
  1279.         }
  1281.         $response = new Response();
  1283.         $response->headers->set('Content-Type''application/json');
  1284.         $response->headers->set('Access-Control-Allow-Origin''*');
  1286.         $response->setContent(json_encode(['users' => $data]));
  1288.         return $response;
  1289.     }
  1291.     /**
  1292.      * @Route("/head-office/our-team/amendments/{userId}", name="create-holiday-amendment", methods={"POST"})
  1293.      * 
  1294.      * @param Request $request
  1295.      * @return Response
  1296.      */
  1297.     public function headOfficeCreateAmendmentAction(
  1298.         $userId,
  1299.         Request $request,
  1300.         PermissionService $permissionProvider,
  1301.         HeadOfficeService $hoService,
  1302.         EventDispatcherInterface $dispatcher,
  1303.     ) {
  1304.         $loggedUser $this->getUser();
  1305.         if (!$loggedUser) {
  1306.             throw new UnauthorizedHttpException('Not authorized.');
  1307.         }
  1309.         //check permission
  1310.         $permissionProvider->checkPermissions('management'$loggedUser);
  1312.         $user DataObject\Customer::getById($userId);
  1313.         if (!$user) {
  1314.             throw new BadRequestHttpException('User id not valid');
  1315.         }
  1316.         if ($user->getClinic() !== $loggedUser->getClinic()) {
  1317.             throw new UnauthorizedHttpException('Not authorized');
  1318.         }
  1320.         $employeeContractDetails $hoService->getUserLastCreatedContract($user);
  1321.         if (!$employeeContractDetails) {
  1322.             throw new BadRequestHttpException('Employee contract is not set');
  1323.         }
  1325.         $payload json_decode($request->getContent(), true);
  1326.         $payload['adjustmentBase'] = $hoService->getHolidayPolicyByClinic($user->getClinic())->getHolidayEntitlementBase();
  1328.         $amendment $hoService->createHolidayAmendment($user$payload$loggedUser);
  1330.         $amendmentDetails $hoService->getAmendmentDetails($amendment);
  1331.         $msg $hoService->createHolidayMessage('amendmentCreated'$amendmentDetails);
  1332.         //create a new event to notify
  1333.         $event = new HolidayEvent([
  1334.             'recipients' => [$amendment->getEmployee()],
  1335.             'msg' => $msg,
  1336.             'id' => $userId
  1337.         ]);
  1338.         $dispatcher->dispatch($event'holiday.onAmendmentCreated');
  1340.         return new Response('OK'Response::HTTP_OK);
  1341.     }
  1343.     /**
  1344.      * @Route("/head-office/our-team/requests/{userId}", name="create-holiday-request", methods={"POST"})
  1345.      * 
  1346.      * @param Request $request
  1347.      * @return Response
  1348.      */
  1349.     public function headOfficeCreateHolidayRequestAction(
  1350.         $userId,
  1351.         Request $request,
  1352.         HeadOfficeService $hoService,
  1353.         EventDispatcherInterface $dispatcher,
  1354.     ) {
  1355.         $loggedUser $this->getUser();
  1356.         if (!$loggedUser) {
  1357.             throw new UnauthorizedHttpException('Not authorized.');
  1358.         }
  1360.         $user DataObject\Customer::getById($userId);
  1361.         if (!$user) {
  1362.             throw new UnauthorizedHttpException('User id not valid');
  1363.         }
  1364.         if ($user->getClinic() !== $loggedUser->getClinic()) {
  1365.             throw new UnauthorizedHttpException('Not authorized');
  1366.         }
  1368.         $policy $hoService->getHolidayPolicyByClinic($user->getClinic());
  1369.         $payload json_decode($request->getContent(), true);
  1370.         $type $payload['type'];
  1371.         //check if request includes a bank holiday
  1372.         $startDate Carbon::parse($payload['start']);
  1373.         $endDate $type === 'days' Carbon::parse($payload['end']) : $startDate->clone();
  1374.         $hours $payload['hours'];
  1375.         $intersectBankHolidays $hoService->getBankHolidaysFromInterval($startDate$endDate$policy->getApplicableBankHoliday());
  1376.         $processedRequests $hoService->separateRequestsByBankHolidays($intersectBankHolidays$startDate$endDate$type);
  1378.         $contract $hoService->getUserLastCreatedContract($user);
  1379.         $holidayEntitlementType $policy->getHolidayEntitlementBase();
  1380.         // if holiday entitlement is based in hours and type is period, should add hours to processed request
  1381.         if ($holidayEntitlementType === 'hours' && $type === 'period') {
  1382.             $processedRequests array_map(function ($req) use ($hours) {
  1383.                 $req['hours'] = $hours;
  1384.                 return $req;
  1385.             }, $processedRequests);
  1386.         }
  1388.         //check clinic policy to see if holidays cannot be negative
  1389.         if (!$policy->getHolidayCounterNegative() && $payload['category'] == 'holiday') {
  1390.             $exceedsAvailable $hoService->checkRequestsExceedAvailableHolidays($user$processedRequests);
  1391.             if ($exceedsAvailable) {
  1392.                 throw new BadRequestHttpException('Your request period exceeds holidays available.');
  1393.             }
  1394.         }
  1396.         foreach ($processedRequests as $processedRequest) {
  1397.             $data = [
  1398.                 'start' => $processedRequest['start'],
  1399.                 'end' => $processedRequest['end'],
  1400.                 'type' => $processedRequest['type'],
  1401.                 'description' => $payload['description'],
  1402.                 'category' => $payload['category'],
  1403.                 'period' => !empty($payload['category']) ? $payload['category'] : '',
  1404.                 'hours' => !empty($processedRequest['hours']) ? $processedRequest['hours'] : ''
  1405.             ];
  1406.             $request $hoService->createHolidayRequest($user$data$loggedUser);
  1407.             $requestDetails $hoService->getHolidayRequestDetails('requestCreated'$request$holidayEntitlementType === 'hours');
  1408.             $msg $hoService->createHolidayMessage('requestCreated'$requestDetails);
  1409.             //create a new event to notify
  1410.             $event = new HolidayEvent([
  1411.                 'recipients' => $contract->getReportTo(),
  1412.                 'msg' => $msg,
  1413.                 'id' => $userId
  1414.             ]);
  1415.             $dispatcher->dispatch($event'holiday.onRequestCreated');
  1416.         }
  1418.         return new Response('OK'Response::HTTP_OK);
  1419.     }
  1421.     /**
  1422.      * @Route("/head-office/our-team/requests/{id}", name="update-holiday-request", methods={"PUT"})
  1423.      * 
  1424.      * @param Request $request
  1425.      * @return Response
  1426.      */
  1427.     public function headOfficeUpdateRequestAction(
  1428.         $id,
  1429.         Request $request,
  1430.         HeadOfficeService $hoService,
  1431.         EventDispatcherInterface $dispatcher,
  1432.     ) {
  1433.         $loggedUser $this->getUser();
  1434.         if (!$loggedUser) {
  1435.             throw new UnauthorizedHttpException('Not authorized.');
  1436.         }
  1438.         $holidayRequest DataObject\HolidayRequest::getById($id);
  1439.         $employee $holidayRequest->getEmployee();
  1440.         $contract $hoService->getUserLastCreatedContract($employee);
  1441.         $reportedUsers $contract->getReportTo();
  1442.         //only users or the person who the user reports to are able to update
  1443.         if (!$holidayRequest || ($employee != $loggedUser && !in_array($loggedUser$reportedUsers))) {
  1444.             throw new BadRequestHttpException('Request not found');
  1445.         }
  1447.         $payload json_decode($request->getContent(), true);
  1449.         //approvals are only updated by reported user
  1450.         if (in_array($loggedUser$reportedUsers) && isset($payload['approved'])) {
  1451.             $status $payload['approved'] ? 'approved' 'rejected';
  1452.             $hoService->updateHolidayRequestStatus(
  1453.                 $holidayRequest,
  1454.                 $holidayRequest->getStatus(),
  1455.                 $status,
  1456.                 $loggedUser,
  1457.                 $payload['rejectReason']
  1458.             );
  1459.         }
  1460.         $holidayRequest->save();
  1462.         $eventType $holidayRequest->getStatus() === 'approved'
  1463.             'requestAccepted' : ($holidayRequest->getStatus() === 'rejected' 'requestRejected' null);
  1465.         if ($eventType) {
  1466.             $policy $hoService->getHolidayPolicyByClinic($employee->getClinic());
  1467.             $holidayEntitlementType $policy->getHolidayEntitlementBase();
  1468.             $requestDetails $hoService->getHolidayRequestDetails($eventType$holidayRequest$holidayEntitlementType === 'hours');
  1469.             $msg $hoService->createHolidayMessage($eventType$requestDetails);
  1470.             //create a new event to notify
  1471.             $event = new HolidayEvent([
  1472.                 'recipients' => [$holidayRequest->getEmployee()],
  1473.                 'msg' => $msg,
  1474.                 'id' => $employee->getId()
  1475.             ]);
  1476.             $dispatcher->dispatch($event'holiday.on' ucfirst($eventType));
  1477.         }
  1479.         return new Response('OK'Response::HTTP_OK);
  1480.     }
  1482.     /**
  1483.      * @Route("/head-office/our-team/requests/{id}", name="delete-holiday-request", methods={"DELETE"})
  1484.      * 
  1485.      * @param Request $request
  1486.      * @return Response
  1487.      */
  1488.     public function headOfficeDeleteRequestAction($id)
  1489.     {
  1490.         $loggedUser $this->getUser();
  1491.         if (!$loggedUser) {
  1492.             throw new UnauthorizedHttpException('Not authorized.');
  1493.         }
  1495.         $holidayRequest DataObject\HolidayRequest::getById($id);
  1496.         $employee $holidayRequest->getEmployee();
  1498.         //only owners can delete their own requests
  1499.         if (!$holidayRequest || $employee != $loggedUser) {
  1500.             throw new BadRequestHttpException('Request not found');
  1501.         }
  1503.         $today Carbon::now();
  1504.         $requestStart Carbon::parse($holidayRequest->getStart());
  1505.         if ($today->gt($requestStart)) {
  1506.             throw new BadRequestHttpException('It is a past request');
  1507.         }
  1509.         $holidayRequest->delete();
  1511.         return new Response('OK'Response::HTTP_OK);
  1512.     }
  1514.     /**
  1515.      * @Route("/head-office/our-team/requests", name="create-multiple-holiday-request", methods={"POST"})
  1516.      * 
  1517.      * @param Request $request
  1518.      * @return Response
  1519.      */
  1520.     public function headOfficeCreateMultipleHolidaysRequestAction(
  1521.         Request $request,
  1522.         HeadOfficeService $hoService,
  1523.         EventDispatcherInterface $dispatcher,
  1524.         PermissionService $permissionProvider
  1525.     ) {
  1526.         $loggedUser $this->getUser();
  1527.         if (!$loggedUser) {
  1528.             throw new UnauthorizedHttpException('Not authorized.');
  1529.         }
  1531.         $permissionProvider->checkPermissions('management'$loggedUser);
  1533.         $policy $hoService->getHolidayPolicyByClinic($loggedUser->getClinic());
  1534.         $payload json_decode($request->getContent(), true);
  1535.         $type "days";
  1536.         //check if request includes a bank holiday
  1537.         $startDate Carbon::parse($payload['start']);
  1538.         $endDate Carbon::parse($payload['end']);
  1540.         $intersectBankHolidays $hoService->getBankHolidaysFromInterval($startDate$endDate$policy->getApplicableBankHoliday());
  1541.         $processedRequests $hoService->separateRequestsByBankHolidays($intersectBankHolidays$startDate$endDate$type);
  1543.         foreach ($payload['users'] as $userId => $shouldCreate) {
  1544.             $user DataObject\Customer::getById($userId);
  1545.             if (!$shouldCreate || $user->getClinic() !== $loggedUser->getClinic()) {
  1546.                 continue;
  1547.             }
  1548.             $contract $hoService->getUserLastCreatedContract($user);
  1549.             $holidayEntitlementType $policy->getHolidayEntitlementBase();
  1550.             foreach ($processedRequests as $processedRequest) {
  1551.                 $data = [
  1552.                     'start' => $processedRequest['start'],
  1553.                     'end' => $processedRequest['end'],
  1554.                     'type' => $processedRequest['type'],
  1555.                     'description' => $payload['description'],
  1556.                     'category' => 'holiday'
  1557.                 ];
  1558.                 $request $hoService->createHolidayRequest($user$data$loggedUser);
  1559.                 $request->setStatus('approved'); //it's approved straight away
  1560.                 $request->save();
  1561.                 $requestDetails $hoService->getHolidayRequestDetails('requestCreated'$request$holidayEntitlementType === 'hours');
  1562.                 $msg $hoService->createHolidayMessage('requestCreated'$requestDetails);
  1563.                 //create a new event to notify
  1564.                 $event = new HolidayEvent([
  1565.                     'recipients' => $contract->getReportTo(),
  1566.                     'msg' => $msg,
  1567.                     'id' => $userId
  1568.                 ]);
  1569.                 $dispatcher->dispatch($event'holiday.onRequestCreated');
  1570.             }
  1571.         }
  1574.         return new Response('OK'Response::HTTP_OK);
  1575.     }
  1577.     /**
  1578.      * @Route("/head-office/our-team/leaves", name="get-clinic-leaves", methods={"GET"})
  1579.      * 
  1580.      * @param Request $request
  1581.      * @return Response
  1582.      */
  1583.     public function headOfficeClinicLeavesAction(HeadOfficeService $hoServicePermissionService $permissionProviderGeneralService $generalProvider)
  1584.     {
  1585.         $loggedUser $this->getUser();
  1586.         if (!$loggedUser) {
  1587.             throw new UnauthorizedHttpException('Not authorized.');
  1588.         }
  1590.         $teamUsers = [];
  1591.         if ($loggedUser->getTypeOfUser() == 'subuser') {
  1592.             $teamUsers = [$loggedUser];
  1593.         } else {
  1594.             $teamUsers $hoService->getReporteesByManager($loggedUser);
  1595.         }
  1596.         $policy $hoService->getHolidayPolicyByClinic($loggedUser->getClinic());
  1597.         $leaves $hoService->getReporteeLeaves($teamUsers$policy->getHolidayEntitlementBase());
  1599.         $response = new Response();
  1601.         $response->headers->set('Content-Type''application/json');
  1602.         $response->headers->set('Access-Control-Allow-Origin''*');
  1604.         $response->setContent(json_encode(['teamLeaves' => $leaves'reportees' => $generalProvider->getUsersData(array_unique($teamUsers))]));
  1606.         return $response;
  1607.     }
  1609.     /**
  1610.      * @Route("/head-office/our-team/bank-holidays", name="get-bank-holidays", methods={"GET"})
  1611.      * 
  1612.      * @param Request $request
  1613.      * @return Response
  1614.      */
  1615.     public function headOfficeGetBankHolidaysAction(HeadOfficeService $hoService)
  1616.     {
  1617.         $loggedUser $this->getUser();
  1618.         if (!$loggedUser) {
  1619.             throw new UnauthorizedHttpException('Not authorized.');
  1620.         }
  1622.         $bankHolidays $hoService->getBankHolidaysFromClinic($loggedUser->getClinic());
  1624.         $response = new Response();
  1626.         $response->headers->set('Content-Type''application/json');
  1627.         $response->headers->set('Access-Control-Allow-Origin''*');
  1629.         $response->setContent(json_encode(['bankHolidays' => $bankHolidays]));
  1631.         return $response;
  1632.     }
  1634.     /**
  1635.      * @Route("/head-office/our-team/leaver-wizard", name="create-leave", methods={"POST"})
  1636.      */
  1637.     public function createLeaveAction(Request $requestHeadOfficeService $hoServicePermissionService $permissionProvider)
  1638.     {
  1639.         $loggedUser $this->getUser();
  1640.         if (!$loggedUser) {
  1641.             throw new UnauthorizedHttpException('Not authorized.');
  1642.         }
  1644.         $permissionProvider->checkPermissions('management'$loggedUser);
  1646.         $payload json_decode($request->getContent(), true);
  1647.         //any validation
  1648.         $hoService->createLeaveWizardInfo($payload$loggedUser);
  1649.         return new Response('OK'Response::HTTP_OK);
  1650.     }
  1651.     
  1652.     /**
  1653.      * @Route("/head-office/our-team/leaver-wizard/{userId}", name="get-leave", methods={"GET"})
  1654.      */
  1655.     public function getLeaveAction($userIdRequest $requestHeadOfficeService $hoServicePermissionService $permissionProvider)
  1656.     {
  1657.         $loggedUser $this->getUser();
  1658.         if (!$loggedUser) {
  1659.             throw new UnauthorizedHttpException('Not authorized.');
  1660.         }
  1662.         //any validation
  1663.         $data $hoService->getLeavingWizardInfoByUserid($userId);
  1664.         $response = new Response();
  1666.         $response->headers->set('Content-Type''application/json');
  1667.         $response->headers->set('Access-Control-Allow-Origin''*');
  1669.         $response->setContent(json_encode(['leavingWizardInfo' => $data]));
  1671.         return $response;
  1672.     }
  1675.     /**
  1676.      * @Route("/education/courses", name="education-courses-read")
  1677.      */
  1678.     public function educationCourseReadAction()
  1679.     {
  1680.         $loggedUser $this->getUser();
  1681.         if (!$loggedUser) {
  1682.             throw new UnauthorizedHttpException('Not authorized.');
  1683.         }
  1685.         $entries = new DataObject\Course\Listing();
  1686.         $entries->load();
  1687.         $entries $entries->getData();
  1689.         $data = [];
  1690.         foreach ($entries as $course) {
  1691.             $modules = [];
  1692.             foreach ($course->getModules()->getItems() as $module) {
  1693.                 $units = [];
  1694.                 foreach ($module->getUnits() as $unit) {
  1695.                     $video $unit->getVideo();
  1696.                     /* $videoDuration = ($video && $video->getData()) ? $video->getData()->getCustomSettings()['embeddedMetaData']['Duration'] : ''; */
  1698.                     $units[] = [
  1699.                         'name' => $unit->getName(),
  1700.                         'id' => $unit->getId(),
  1701.                         'number' => $unit->getNumber(),
  1702.                         'quiz' => $unit->getHasQuiz(),
  1703.                         'description' => $unit->getDescription(),
  1704.                         'videoDuration' => ''
  1705.                     ];
  1706.                 }
  1707.                 $modules[] = [
  1708.                     'name' => $module->getName(),
  1709.                     'number' => $module->getNumber(),
  1710.                     'units' => $units
  1711.                 ];
  1712.             }
  1714.             $cardImage $course->getCardImage();
  1715.             $cardThumbnail = ($cardImage) ? $cardImage->getThumbnail('courseCard')->getPath() : null;
  1716.             $listImage $course->getListImage();
  1717.             $listThumbnail = ($listImage) ? $listImage->getThumbnail('newsList')->getPath() : null;
  1719.             $data[] = [
  1720.                 'name' => $course->getName(),
  1721.                 'id' => $course->getId(),
  1722.                 'provider' => $course->getProvider(),
  1723.                 'instructor' => $course->getInstructor(),
  1724.                 'cardImage' => $cardThumbnail,
  1725.                 'listImage' => $listThumbnail,
  1726.                 'modules' => $modules,
  1727.                 'description' => $course->getDescription()
  1729.             ];
  1730.         }
  1733.         $response = new Response();
  1735.         $response->headers->set('Content-Type''application/json');
  1736.         $response->headers->set('Access-Control-Allow-Origin''*');
  1738.         $response->setContent(json_encode($data));
  1740.         return $response;
  1741.     }
  1743.     /**
  1744.      * @Route("/education/courses/getting-started", name="education-courses-getting-started", methods={"GET"})
  1745.      */
  1746.     public function educationGettingStartedReadAction()
  1747.     {
  1748.         $loggedUser $this->getUser();
  1749.         if (!$loggedUser) {
  1750.             throw new UnauthorizedHttpException('Not authorized.');
  1751.         }
  1753.         $page DataObject\GettingStartedPageEducation::getById(2316);
  1754.         $data = [];
  1756.         $banner = [];
  1758.         $mainCourseLinks = [];
  1759.         foreach ($page->getCoursesLink() as $courseLink) {
  1760.             array_push($mainCourseLinks$courseLink->getId());
  1761.         };
  1763.         $banner['title'] = $page->getTitle();
  1764.         $banner['text'] = $page->getText();
  1765.         $banner['background'] = $page->getBackground()->getThumbnail('heroGrid')->getPath();
  1766.         $banner['newCourse'] = $page->getNewCourse();
  1767.         $banner['courseLink'] = $mainCourseLinks;
  1769.         $featuredCourses = [];
  1770.         foreach ($page->getFeaturedCourse() as $course) {
  1771.             $featuredCourses[] = [
  1772.                 'title' => $course['title']->getData(),
  1773.                 'text' => $course['text']->getData(),
  1774.                 'image' => $course['image']->getData()->getThumbnail('standardTeaser')->getPath(),
  1775.                 'link' => $course['courseLink']->getData()->getId(),
  1776.             ];
  1777.         }
  1779.         $data['banner'] = $banner;
  1780.         $data['featuredCourses'] = $featuredCourses;
  1782.         $response = new Response();
  1784.         $response->headers->set('Content-Type''application/json');
  1785.         $response->headers->set('Access-Control-Allow-Origin''*');
  1787.         $response->setContent(json_encode($data));
  1789.         return $response;
  1790.     }
  1792.     /**
  1793.      * @Route("/education/courses/{unitId}", name="education-read", methods={"GET"})
  1794.      */
  1795.     public function educationUnitReadAction($unitId)
  1796.     {
  1798.         $loggedUser $this->getUser();
  1799.         if (!$loggedUser) {
  1800.             throw new UnauthorizedHttpException('Not authorized.');
  1801.         }
  1803.         $unit DataObject\CourseUnit::getById($unitId);
  1805.         $quiz = [];
  1806.         if ($unit->getHasQuiz()) {
  1807.             if ($unit->getQuestions()) {
  1808.                 foreach ($unit->getQuestions()->getItems() as $question) {
  1809.                     $answers = [];
  1810.                     foreach ($question->getAnswer() as $answer) {
  1811.                         $answers[] = $answer['possibleAnswer']->getData();
  1812.                     }
  1813.                     $quiz[] = [
  1814.                         'question' => $question->getQuestion(),
  1815.                         'id' => $question->getIndex(),
  1816.                         'answers' => $answers
  1817.                     ];
  1818.                 }
  1819.             }
  1820.         } else {
  1821.             $quiz null;
  1822.         }
  1824.         $video $unit->getVideo();
  1826.         $videoPath = ($video) ? $video->getData()->getPath() : '';
  1827.         $videoName = ($video) ? $video->getData()->getFilename() : '';
  1828.         $data = [
  1829.             'name' => $unit->getName(),
  1830.             'id' => $unit->getId(),
  1831.             'number' => $unit->getNumber(),
  1832.             'quiz' => $quiz,
  1833.             'description' => $unit->getDescription(),
  1834.             'video' => $videoPath $videoName,
  1835.             'resources' => $unit->getResources()
  1836.         ];
  1838.         $response = new Response();
  1840.         $response->headers->set('Content-Type''application/json');
  1841.         $response->headers->set('Access-Control-Allow-Origin''*');
  1843.         $response->setContent(json_encode($data));
  1845.         return $response;
  1846.     }
  1849.     /**
  1850.      * @Route("/education/courses/{courseId}", name="add-my-course", methods={"POST"})
  1851.      */
  1852.     public function addMyCourseAction($courseIdRequest $request)
  1853.     {
  1854.         $loggedUser $this->getUser();
  1855.         if (!$loggedUser) {
  1856.             throw new UnauthorizedHttpException('Not authorized.');
  1857.         }
  1858.         $id $loggedUser->getId();
  1860.         $currentCourses $loggedUser->getMyCourses();
  1862.         if ($request->getContent()) {
  1863.             $data json_decode($request->getContent(), true);
  1864.             $courses $data['courses'];
  1867.             $coursesToAdd = [];
  1868.             foreach ($courses as $courseItem) {
  1869.                 $course DataObject\Course::getById($courseItem);
  1871.                 if (!$course) {
  1872.                     return new Response('Bad Request');
  1873.                 }
  1875.                 if (!in_array($course$currentCourses)) {
  1876.                     array_push($coursesToAdd$course);
  1877.                 }
  1878.             }
  1880.             $loggedUser->setMyCourses(array_merge($currentCourses$coursesToAdd));
  1881.         } else {
  1882.             $course DataObject\Course::getById($courseId);
  1884.             if (!$course) {
  1885.                 return new Response('Bad Request');
  1886.             }
  1888.             $loggedUser->setMyCourses(array_merge($currentCourses, [$course]));
  1889.         }
  1891.         $loggedUser->save();
  1893.         return new Response('OK'Response::HTTP_OK);
  1894.     }
  1897.     /**
  1898.      * @Route("/education/courses/{courseId}", name="remove-my-course", methods={"DELETE"})
  1899.      */
  1900.     public function removeMyCourseAction($courseIdRequest $request)
  1901.     {
  1902.         $loggedUser $this->getUser();
  1903.         if (!$loggedUser) {
  1904.             throw new UnauthorizedHttpException('Not authorized.');
  1905.         }
  1907.         $currentCourses $loggedUser->getMyCourses();
  1909.         if ($request->getContent()) {
  1910.             $data json_decode($request->getContent(), true);
  1911.             $courses $data['courses'];
  1913.             $currentCourses array_filter($currentCourses, function ($currentCourse) use ($courses) {
  1914.                 if (!in_array($currentCourse->getId(), $courses)) {
  1915.                     return true;
  1916.                 };
  1917.                 return false;
  1918.             });
  1920.             $loggedUser->setMyCourses(array_merge($currentCourses));
  1921.         } else {
  1922.             $course DataObject\Course::getById($courseId);
  1924.             if (!$course) {
  1925.                 return new Response('Bad Request');
  1926.             }
  1928.             $currentCourses array_filter($currentCourses, function ($course) use ($courseId) {
  1929.                 return ($course->getId() != $courseId);
  1930.             });
  1931.             $loggedUser->setMyCourses(array_merge($currentCourses));
  1932.         }
  1934.         $loggedUser->save();
  1936.         return new Response('OK'Response::HTTP_OK);
  1937.     }
  1939.     /**
  1940.      * @Route("/education/users", name="education-users-read")
  1941.      */
  1942.     public function educationUsersReadAction()
  1943.     {
  1944.         $loggedUser $this->getUser();
  1945.         if (!$loggedUser) {
  1946.             throw new UnauthorizedHttpException('Not authorized.');
  1947.         }
  1949.         $data = [];
  1950.         $modules = [];
  1951.         $courses $loggedUser->getMyCourses();
  1952.         $myCourses = [];
  1953.         foreach ($courses as $course) {
  1954.             $myCourses[] = [
  1955.                 'id' => $course->getId(),
  1956.             ];
  1957.         }
  1959.         $log = [];
  1960.         if ($loggedUser->getCourse()) {
  1961.             foreach ($loggedUser->getCourse()->getItems() as $course) {
  1963.                 $courseModule $course->getmodule();
  1964.                 $modules = [];
  1965.                 foreach ($courseModule as $module) {
  1966.                     $units = [];
  1967.                     foreach ($module['units']->getData() as $unit) {
  1968.                         $units[] = [
  1969.                             'id' => intval($unit[0]),
  1970.                             'number' => intval($unit[1]),
  1971.                             'quiz' => $unit[2],
  1972.                             'quizCompleted' => $unit[3],
  1973.                         ];
  1974.                     }
  1975.                     $modules[] = [
  1976.                         'number' => $module['moduleNumber']->getData(),
  1977.                         'units' => $units
  1978.                     ];
  1979.                 }
  1980.                 $log[] = [
  1981.                     'name' => $course->getName(),
  1982.                     'id' => $course->getCourseId(),
  1983.                     'modules' => $modules,
  1984.                 ];
  1985.             }
  1986.         }
  1987.         $data['log'] = $log;
  1988.         $data['myCourses'] = $myCourses;
  1990.         $response = new Response();
  1992.         $response->headers->set('Content-Type''application/json');
  1993.         $response->headers->set('Access-Control-Allow-Origin''*');
  1995.         $response->setContent(json_encode($data));
  1997.         return $response;
  1998.     }
  2000.     /**
  2001.      * @Route("/education/quiz/{unitId}", name="education-quiz-post", methods={"POST"})
  2002.      * 
  2003.      * @param Request $request
  2004.      * @return Response
  2005.      */
  2006.     public function educationQuizCheckAction(Request $request$unitId)
  2007.     {
  2008.         $loggedUser $this->getUser();
  2009.         if (!$loggedUser) {
  2010.             throw new UnauthorizedHttpException('Not authorized.');
  2011.         }
  2012.         $id $loggedUser->getId();
  2015.         if ($request->getContent()) {
  2016.             $data json_decode($request->getContent(), true);
  2017.             $answersEncoded $data['answers'];
  2018.             $answers json_decode($answersEncodedtrue);
  2020.             $unit DataObject\CourseUnit::getById($unitId);
  2021.             $questions $unit->getQuestions()->getItems();
  2023.             $correctAnswers 0;
  2024.             foreach ($questions as $question) {
  2025.                 /*  $correctAnswers[] = [
  2026.                     'qIndex'=> $question->getIndex(),
  2027.                     'currAnswer'=>$answers['0']
  2028.                 ]; */
  2029.                 $correct preg_replace('/\s+/'''$question->getRightAnswer());
  2030.                 $answer preg_replace('/\s+/'''$answers[strval($question->getIndex())]);
  2032.                 if ($answer === $correct) {
  2033.                     $correctAnswers++;
  2034.                 }
  2035.             }
  2037.             $response = new Response();
  2039.             $response->headers->set('Content-Type''application/json');
  2040.             $response->headers->set('Access-Control-Allow-Origin''*');
  2042.             $response->setContent($correctAnswers);
  2044.             return $response;
  2045.         }
  2047.         return new Response(null);
  2048.     }
  2051.     /**
  2052.      * @Route("/education/users/{unitId}", name="education-users-post", methods={"POST"})
  2053.      * 
  2054.      * @param Request $request
  2055.      * @return Response
  2056.      */
  2057.     public function educationUsersPostAction(Request $request$unitId)
  2058.     {
  2059.         $loggedUser $this->getUser();
  2060.         if (!$loggedUser) {
  2061.             throw new UnauthorizedHttpException('Not authorized.');
  2062.         }
  2063.         $id $loggedUser->getId();
  2065.         if ($request->getContent()) {
  2066.             $data json_decode($request->getContent(), true);
  2067.             $courseName $data['courseName'];
  2068.             $courseId $data['courseId'];
  2069.             $moduleNumber $data['moduleNumber'];
  2070.             $completedQuiz $data['completedQuiz'];
  2072.             $unit DataObject\CourseUnit::getById($unitId);
  2074.             $courseLog $loggedUser->getCourse();
  2075.             $hasQuiz = !empty($unit->getQuestions());
  2076.             $moduleQuiz $unit->getModuleQuiz();
  2078.             if (!is_null($courseLog)) {
  2079.                 $courseLog $loggedUser->getCourse()->getItems();
  2080.                 $currentCourse array_filter($courseLog, function ($course) use ($courseId) {
  2081.                     return ($course->getCourseId() == $courseId);
  2082.                 });
  2084.                 if (!empty($currentCourse)) {
  2085.                     $courseIndex key($currentCourse);
  2086.                     $modules $currentCourse[$courseIndex]->getModule();
  2087.                     $currentModule array_filter($modules, function ($module) use ($moduleNumber) {
  2088.                         return ($module['moduleNumber']->getData() == $moduleNumber);
  2089.                     });
  2091.                     if (!empty($currentModule)) {
  2092.                         $moduleIndex key($currentModule);
  2093.                         $currentUnits $currentModule[$moduleIndex]['units']->getData();
  2095.                         if ($completedQuiz == true) {
  2096.                             if ($moduleQuiz) {
  2097.                                 $currentModule[$moduleIndex]['units']->setData([...$currentUnits, [$unit->getId(), $unit->getNumber(), $hasQuiztrue]]);
  2098.                                 $loggedUser->save();
  2100.                                 return new Response('OK'Response::HTTP_OK);
  2101.                             }
  2102.                         }
  2104.                         $currentModule[$moduleIndex]['units']->setData([...$currentUnits, [$unit->getId(), $unit->getNumber(), $hasQuizboolval($completedQuiz)]]);
  2105.                         $loggedUser->save();
  2106.                     } else {
  2108.                         $blockData = [
  2109.                             "moduleNumber" => new BlockElement('moduleNumber''numeric'$moduleNumber),
  2110.                             "units" => new BlockElement('units''table', [[$unit->getId(), $unit->getNumber(), $hasQuiz$moduleQuiz boolval($moduleQuiz) : boolval($completedQuiz)]])
  2111.                         ];
  2112.                         $currentCourse[0]->setModule(array_merge($modules, [$blockData]));
  2113.                         $loggedUser->save();
  2114.                     }
  2115.                 } else {
  2116.                     $newCourse = new DataObject\Fieldcollection\Data\CourseUserLog();
  2117.                     $newCourse->setName($courseName);
  2118.                     $newCourse->setCourseId($courseId);
  2119.                     $blockData = [
  2120.                         "moduleNumber" => new BlockElement('moduleNumber''numeric'$moduleNumber),
  2121.                         "units" => new BlockElement('units''table', [[$unit->getId(), $unit->getNumber(), $hasQuiz$moduleQuiz boolval($moduleQuiz) : boolval($completedQuiz)]])
  2122.                     ];
  2123.                     $newCourse->setModule([$blockData]);
  2124.                     $loggedUser->getCourse()->setItems(array_merge($courseLog, [$newCourse]));
  2125.                     $loggedUser->save();
  2126.                 }
  2127.             } else {
  2128.                 $newCourse = new DataObject\Fieldcollection\Data\CourseUserLog();
  2129.                 $newCourse->setName($courseName);
  2130.                 $newCourse->setCourseId($courseId);
  2131.                 $blockData = [
  2132.                     "moduleNumber" => new BlockElement('moduleNumber''numeric'$moduleNumber),
  2133.                     "units" => new BlockElement('units''table', [[$unit->getId(), $unit->getNumber(), $hasQuiz$moduleQuiz boolval($moduleQuiz) : boolval($completedQuiz)]])
  2134.                 ];
  2135.                 $newCourse->setModule([$blockData]);
  2136.                 $courses = new DataObject\Fieldcollection();
  2137.                 $courses->add($newCourse);
  2138.                 $loggedUser->setCourse($courses);
  2139.                 $loggedUser->save();
  2140.             }
  2142.             return new Response('OK'Response::HTTP_OK);
  2143.         }
  2145.         return new Response(null);
  2146.     }
  2148.     /**
  2149.      * @Route("/dashboard/credentials", name="dashboard-credentials-get", methods={"GET"})
  2150.      */
  2151.     public function dashboardGetCredentialsAction(GeneralService $generalProviderPermissionService $permissionProvider)
  2152.     {
  2153.         $loggedUser $this->getUser();
  2154.         if (!$loggedUser) {
  2155.             throw new UnauthorizedHttpException('Not authorized.');
  2156.         }
  2158.         $permissionProvider->checkPermissions('management'$loggedUser);
  2160.         $super $permissionProvider->getSuperuser($loggedUser);
  2162.         $allUsers $super->getSubusers();
  2163.         if ($loggedUser->getTypeOfUser() !== 'superuser') {
  2164.             $allUsers array_merge($allUsers, [$loggedUser->getClinic()->getSuperuser()]);
  2165.         }
  2166.         $users $generalProvider->getUsersData($allUsers);
  2168.         $subscriptionsData $this->filterIncludedSubscriptions($super);
  2170.         $includedSubsTotal count($subscriptionsData['includedSubs']);
  2171.         $includedSubsNotUsed count($subscriptionsData['includedSubs']) - count($subscriptionsData['includedSubsNotUsed']);
  2173.         if ($super->getSubscription()->getIsTrycareMembership()) {
  2174.             $includedSubsTotal TrycareMembership::getAdditionalSubscriptionsAmount($super->getSubscription()->getTrycareMemberId());
  2175.             $includedSubsNotUsed $includedSubsTotal count($subscriptionsData['includedSubs']);
  2176.         }
  2179.         $userData = [];
  2180.         $userData = [
  2181.             'subusers' => $users,
  2182.             'role' => $loggedUser->getTypeOfUser(),
  2183.             'includedSubTotal' => $includedSubsTotal,
  2184.             'includedSubUsed' => $includedSubsNotUsed
  2185.         ];
  2187.         $response = new Response();
  2189.         $response->headers->set('Content-Type''application/json');
  2190.         $response->headers->set('Access-Control-Allow-Origin''*');
  2192.         $response->setContent(json_encode($userData));
  2194.         return $response;
  2195.     }
  2197.     /**
  2198.      * @Route("/dashboard/credentials", name="dashboard-credentials-change", methods={"PUT"})
  2199.      */
  2200.     public function dashboardUpdateCredentialsAction(Request $request)
  2201.     {
  2202.         $loggedUser $this->getUser();
  2203.         if (!$loggedUser) {
  2204.             throw new UnauthorizedHttpException('Not authorized.');
  2205.         }
  2207.         $content json_decode($request->getContent());
  2209.         $form $this->createForm(PasswordFormType::class);
  2211.         $form->submit((array)$content);
  2213.         if (!$form->isValid()) {
  2214.             $errors = [];
  2215.             foreach ($form->getErrors(deeptrueflattentrue) as $error) {
  2216.                 $propertyName $error->getOrigin()->getName();
  2217.                 $errors[] = $error->getMessage();
  2218.             }
  2220.             throw new BadRequestHttpException(json_encode($errors));
  2221.         }
  2223.         $plainPass $form->getData()['password'];
  2225.         $loggedUser->setPassword($plainPass);
  2226.         $loggedUser->save();
  2228.         return new Response(json_encode($plainPass), Response::HTTP_OK);
  2229.     }
  2231.     public function filterIncludedSubscriptions($loggedUser)
  2232.     {
  2233.         $includedSubscriptions $loggedUser->getIncludedSubscriptions();
  2235.         $includedSubsNotUsed = [];
  2237.         foreach ($includedSubscriptions as $sub) {
  2238.             $user $sub->getUser();
  2239.             if (empty($user)) {
  2240.                 $includedSubsNotUsed[] = $sub;
  2241.             }
  2242.         }
  2244.         return [
  2245.             'includedSubs' => $includedSubscriptions,
  2246.             'includedSubsNotUsed' => $includedSubsNotUsed
  2247.         ];
  2248.     }
  2250.     /**
  2251.      * @Route("/dashboard/user", name="dashboard-user-create", methods={"POST"})
  2252.      */
  2253.     public function dashboardCreateUserAction(Request $requestUserHandler $userHandlerPermissionService $permissionProvider)
  2254.     {
  2255.         $loggedUser $this->getUser();
  2256.         if (!$loggedUser) {
  2257.             throw new UnauthorizedHttpException('Not authorized.');
  2258.         }
  2260.         $permissionProvider->checkPermissions('management'$loggedUser);
  2262.         $clinic $loggedUser->getClinic();
  2263.         if (is_null($clinic)) {
  2264.             throw new BadRequestHttpException('No clinic ID registered.');
  2265.         }
  2267.         $superuser $clinic->getSuperuser();
  2269.         $content json_decode($request->getContent());
  2271.         $form $this->createForm(ManageUserCreateType::class);
  2273.         $form->submit((array)$content);
  2275.         if (!$form->isValid()) {
  2276.             $errors = [];
  2277.             foreach ($form->getErrors(deeptrueflattentrue) as $error) {
  2278.                 $errors[] = $error->getMessage();
  2279.             }
  2281.             throw new BadRequestHttpException(json_encode($errors));
  2282.         }
  2284.         $payload json_decode($request->getContent(), true);
  2286.         $response = new Response();
  2288.         $stripeResponse $userHandler->addOneExtraLicence($superuser$payload);
  2290.         return $response->setContent(json_encode($stripeResponse));
  2291.     }
  2293.     /**
  2294.      * @Route("/dashboard/users", name="dashboard-users-create", methods={"POST"})
  2295.      */
  2296.     public function dashboardCreateUsersAction(
  2297.         Request $request,
  2298.         UserHandler $userHandler,
  2299.         PermissionService $permissionProvider,
  2300.         FreeTrialService $freeTrialService,
  2301.         TrycareService $trycareService
  2302.     ) {
  2303.         $loggedUser $this->getUser();
  2304.         if (!$loggedUser) {
  2305.             throw new UnauthorizedHttpException('Not authorized.');
  2306.         }
  2308.         $permissionProvider->checkPermissions('manager'$loggedUser);
  2310.         $clinic $loggedUser->getClinic();
  2311.         if (is_null($clinic)) {
  2312.             throw new BadRequestHttpException('No clinic ID registered.');
  2313.         }
  2315.         $data json_decode($request->getContent());
  2316.         $userBlocks $data->userBlocks;
  2318.         foreach ($userBlocks as $block) {
  2319.             $form $this->createForm(ManageUserCreateType::class);
  2320.             $userHandler->validateUsersInputs($block$form);
  2321.         }
  2323.         $superuser $clinic->getSuperuser();
  2325.         $includedSubsResult = [];
  2326.         $stripeResponse = [];
  2327.         $response = new Response();
  2329.         //if superuser is free trial. create new included subs for additional users.
  2330.         if ($superuser->getSubscription()->getIsFreeTrial()) {
  2331.             $freeTrialService->createFreeTrialSubusers($userBlocks$superuser);
  2332.             $includedSubsResult = ['status' => 'OK'];
  2333.             return $response->setContent(json_encode(['stripe' => $stripeResponse'included' => $includedSubsResult]));
  2334.         }
  2336.         $isTrycareSubscription $superuser->getSubscription()->getIsTrycareMembership();
  2337.         // is trycare sub, we need to check if users to add do not exceed available add subs
  2338.         if ($isTrycareSubscription) {
  2339.             $maxSubs TrycareMembership::getAdditionalSubscriptionsAmount($superuser->getSubscription()->getTrycareMemberId());
  2340.             $subsInUse $superuser->getIncludedSubscriptions();
  2341.             if (count($subsInUse) >= $maxSubs) {
  2342.                 throw new BadRequestHttpException('No aditional user subscriptions available. Please contact support.');
  2343.             }
  2344.             $trycareService->createTrycareSubusers($userBlocks$superuser);
  2345.             $includedSubsResult = ['status' => 'OK'];
  2346.             return $response->setContent(json_encode(['stripe' => $stripeResponse'included' => $includedSubsResult]));
  2347.         }
  2350.         $emptyIncludedSubscriptions array_values($userHandler->getFreeIncludedSubscriptions($superuser));
  2352.         if (count($emptyIncludedSubscriptions) > 0) {
  2353.             $includedUserBlocks array_splice($userBlocks0count($emptyIncludedSubscriptions));
  2354.             $customers $userHandler->createSubusersFromBlocks($includedUserBlocks$superuser);
  2356.             foreach ($customers as $index => $customer) {
  2357.                 $customerId $customer->getId();
  2358.                 $userHandler->attachCustomerToSubscription(
  2359.                     $emptyIncludedSubscriptions[$index],
  2360.                     $customer,
  2361.                     ' is being attached a customer',
  2362.                     "customer ID: $customerId"
  2363.                 );
  2364.             }
  2366.             $superuser->setSubusers([...$superuser->getSubusers(), ...$customers]);
  2367.             $superuser->save();
  2369.             $includedSubsResult = ['status' => 'OK'];
  2370.         }
  2371.         //if there are still users in the block means that the number of included subscriptions available wasn't enough
  2372.         if (count($userBlocks) > && !$isTrycareSubscription) {
  2373.             $stripeResponse $userHandler->addExtraLicences($superusercount($userBlocks), $userBlocks);
  2374.         }
  2376.         return $response->setContent(json_encode(['stripe' => $stripeResponse'included' => $includedSubsResult]));
  2377.     }
  2379.     /**
  2380.      * @Route("/dashboard/user/{id}", name="dashboard-users-delete", methods={"DELETE"})
  2381.      */
  2382.     public function dashboardDeleteUserAction($idRequest $requestCustomerProviderInterface $customerProviderPermissionService $permissionProviderUserHandler $userHandler)
  2383.     {
  2384.         $loggedUser $this->getUser();
  2385.         if (!$loggedUser) {
  2386.             throw new UnauthorizedHttpException('Not authorized.');
  2387.         }
  2389.         $permissionProvider->checkPermissions('management'$loggedUser);
  2391.         $user $customerProvider->getById($id);
  2393.         if ($user->getTypeOfUser() === 'superuser') {
  2394.             throw new BadRequestHttpException('Superusers cannot be deleted');
  2395.         }
  2397.         $userClinic $user->getClinic();
  2399.         $loggedUserClinic $loggedUser->getClinic();
  2400.         if (is_null($userClinic) || is_null($loggedUserClinic)) {
  2401.             throw new BadRequestHttpException('No clinic ID registered.');
  2402.         }
  2403.         if ($userClinic->getId() !== $loggedUserClinic->getId()) {
  2404.             throw new BadRequestHttpException('You can only unsubscribe a user from your practice.');
  2405.         }
  2407.         $superuser $userClinic->getSuperuser();
  2409.         $userHandler->handleSubuserRemoval($user$superuser);
  2411.         $response = new Response();
  2412.         return $response->setContent(json_encode(['message' => 'OK']));
  2413.     }
  2415.     /**
  2416.      * @Route("/dashboard/user/{id}", name="dashboard-users-update", methods={"PUT"})
  2417.      */
  2418.     public function dashboardUpdateUserAction($idRequest $requestCustomerProviderInterface $customerProviderPermissionService $permissionProvider)
  2419.     {
  2420.         $loggedUser $this->getUser();
  2421.         if (!$loggedUser) {
  2422.             throw new UnauthorizedHttpException('Not authorized.');
  2423.         }
  2425.         $permissionProvider->checkPermissions('management'$loggedUser);
  2427.         try {
  2428.             $customer $customerProvider->getById($id);
  2430.             if ($customer->getTypeOfUser() === 'superuser' && $loggedUser->getTypeOfUser() !== 'superuser') {
  2431.                 throw new AccessDeniedHttpException('You have no authorization.');
  2432.             }
  2434.             $payload json_decode($request->getContent(), true);
  2435.             $displayName $payload['displayName'];
  2436.             $customer->setDisplayName($displayName);
  2438.             $permissions $payload['permissions'];
  2440.             $isManager $payload['manager'];
  2441.             $editHSAllowed $permissions['headOffice']['editHS'];
  2442.             $editTeamHQAllowed $permissions['headOffice']['editTeamHQ'];
  2443.             $placeOrderAllowed $permissions['store']['placeOrder'];
  2445.             $customer->setTypeOfUser($isManager 'manager' 'subuser');
  2446.             $customer->setEditHSAllowed($editHSAllowed true false);
  2447.             $customer->setEditTeamHQAllowed($editTeamHQAllowed true false);
  2448.             $customer->setPlaceOrderAllowed($placeOrderAllowed true false);
  2450.             $customer->save();
  2452.             $response = new Response();
  2453.             return $response->setContent(json_encode(['message' => 'OK']));
  2454.         } catch (\Exception $e) {
  2455.             throw new BadRequestHttpException($e->getMessage());
  2456.         }
  2457.     }
  2459.     /**
  2460.      * @Route("/practice/users", name="get-users-practice", methods={"GET"})
  2461.      */
  2462.     public function getPracticeUsersAction(GeneralService $generalProvider)
  2463.     {
  2464.         $loggedUser $this->getUser();
  2465.         if (!$loggedUser) {
  2466.             throw new UnauthorizedHttpException('Not authorized.');
  2467.         }
  2469.         $clinic $loggedUser->getClinic();
  2471.         $users $generalProvider->getActiveUsersByClinic($clinic);
  2473.         $data = [];
  2474.         foreach ($users as $user) {
  2475.             $userData = [
  2476.                 'id' => $user->getId(),
  2477.                 'firstName' => $user->getFirstname(),
  2478.                 'lastName' => $user->getLastname(),
  2479.                 'displayName' => $user->getDisplayName(),
  2480.                 'email' => $user->getEmail(),
  2481.                 'createdAt' => $user->getCreationDate(),
  2482.             ];
  2483.             array_push($data$userData);
  2484.         }
  2486.         $response = new Response();
  2488.         $response->headers->set('Content-Type''application/json');
  2489.         $response->headers->set('Access-Control-Allow-Origin''*');
  2491.         $response->setContent(json_encode(['users' => $data]));
  2493.         return $response;
  2494.     }
  2496.     /**
  2497.      * @Route("/report/error", name="report-error", methods={"POST"})
  2498.      */
  2499.     public function reportErrorAction(Request $request)
  2500.     {
  2501.         $payload json_decode($request->getContent(), true);
  2502.         $error $payload['error'];
  2504.         \Pimcore\Log\Simple::log('front-end-report'$error);
  2506.         $response = new Response();
  2507.         return $response->setContent(json_encode(['message' => 'OK']));
  2508.     }
  2510.     /**
  2511.      * @Route("/help/{uid}", name="get-help", methods={"GET"})
  2512.      */
  2513.     public function getHelpAction($uidRequest $request)
  2514.     {
  2515.         $help DataObject\Help::getByUid($uid1);
  2517.         if (!$help) {
  2518.             throw new InvalidArgumentException('Invalid UID');
  2519.         }
  2521.         $data = [
  2522.             'title' => $help->getTitle(),
  2523.             'content' => $help->getContent()
  2524.         ];
  2526.         $response = new Response();
  2528.         $response->headers->set('Content-Type''application/json');
  2529.         $response->headers->set('Access-Control-Allow-Origin''*');
  2531.         $response->setContent(json_encode($data));
  2533.         return $response;
  2534.     }
  2535. }