Permalink
Browse files

Embedding phpGACL.

  • Loading branch information...
1 parent 0e5a758 commit 5bddd2af27e6a973b21b122556d8b0400bbfcc42 bradymiller committed Feb 7, 2009
Showing with 220 additions and 82 deletions.
  1. +34 −23 Documentation/README.phpgacl
  2. +13 −16 INSTALL
  3. +12 −20 acl_setup.php
  4. +1 −3 acl_upgrade.php
  5. +1 −1 interface/globals.php
  6. +1 −1 interface/main/backup.php
  7. +1 −1 interface/usergroup/adminacl.php
  8. +29 −7 library/acl.inc
  9. +128 −10 setup.php
View
57 Documentation/README.phpgacl
@@ -1,12 +1,41 @@
Hints for Using phpGACL with OpenEMR
by Rod Roark <rod at sunsetsystems dot com>
+Installation Instructions
-OpenEMR by default does not use or require phpGACL, though it is
-highly recommended. Setting it up takes some careful study, planning
-and a bit of time. If you don't have the time then you should hire
-an experienced person to set things up for you. Helpful installation
-and configuration instructions can be found on the wiki at the
+phpGACL access controls are embedded and installed by default in OpenEMR
+versions 2.9.0.3 or later. The administration of the access controls is
+within OpenEMR in the admin->acl menu. The library/acl.inc file can be
+easily modified to turn off phpGACL or to use an external version.
+
+
+Upgrading Instructions
+
+After you have upgraded to a new version of OpenEMR, you should
+run the acl_upgrade.php program using your web browser
+(e.g. http://openemr.location/acl_upgrade.php). This will ensure your
+phpGACL database contains all the required OpenEMR Access Control
+Objects.
+
+
+For Developers
+
+If you add a new Access Control Object to the OpenEMR codebase, then
+also add it to the following three sites:
+1. Header notes of the library/acl.inc file
+2. acl_setup.php file
+3. acl_upgrade.php file
+
+
+Miscellaneous Information (the below information is only applicable
+to OpenEMR versions less than 2.9.0.3 or to users who choose to
+install an external version of phpGACL)
+
+If you are using an OpenEMR version previous to 2.9.0.3, then phpGACL
+has not been automatically installed. Setting it up takes some careful
+study, planning and a bit of time. If you don't have the time then you
+should hire an experienced person to set things up for you. Helpful
+installation and configuration instructions can be found on the wiki at the
www.oemr.org site.
Alternatively, it's possible to set up your own access rules without
@@ -90,21 +119,3 @@ Then if "write" or "wsome" or "addonly" access applies, key in that
as the return value, otherwise a return value is not required. Then
click the Submit button to save that particular access rule. Repeat
until all your ACL rules are defined.
-
-
-Upgrading Instructions
-
-After you have upgraded to a new version of OpenEMR, you should
-consider running the acl_upgrade.php program using your web browser
-(e.g. http://openemr.location/acl_upgrade.php). This will ensure your
-phpGACL database contains all the required OpenEMR Access Control
-Objects.
-
-
-For Developers
-
-If you add a new Access Control Object to the OpenEMR codebase, then
-also add it to the following three sites:
-1. Header notes of the library/acl.inc file
-2. acl_setup.php file
-3. acl_upgrade.php file
View
29 INSTALL
@@ -118,9 +118,10 @@ something more secure (such as chmod 644) before actively using OpenEMR.
Should anything fail during step 3, you may have to remove the existing database
or tables before you can try again.
-Step 4 is very much like step 3, except the only thing taking place is the
-writing of SQL configuration to disk. Should it fail due to permissions or any
-other reason, you may click the reload button to try again.
+Step 4 is the writing of SQL configuration to disk and the
+installation/configuration of the phpGACL access controls. Should it display
+errors related to file writing priviledges you may click the back button to
+try again (after fixing file permission).
Once setup is completed, one last thing must be done before OpenEMR can be used.
The file openemr/interface/globals.php must be edited by hand to reflect the
@@ -160,16 +161,12 @@ and custom/faxcover.txt; it also requires the following utilities:
IV. Setting Up Access Control
-You can either choose to install phpGACL, which is very powerful access control
-software, or you can use the default OpenEMR access controls, which are very
-limited. If you choose to install phpGACL (see http://phpgacl.sourceforge.net/),
-recommend reading the phpGACL manual, the /openemr/Documentation/README.phpgacl
-file, and the online wiki at www.oemr.org for installation and configuration
-instructions. Also recommend reading the comments in /openemr/library/acl.inc
-and also modifying that file to point to your phpGACL installation directory.
-
-It is reasonable to first get a basic OpenEMR installation working and then add
-these extended access controls later.
+Since OpenEMR version 2.9.0.3, phpGACL access control software is installed
+and configured automatically during OpenEMR setup. This is very powerful
+access control software. To learn more about phpGACL
+(see http://phpgacl.sourceforge.net/), recommend reading the phpGACL manual,
+the /openemr/Documentation/README.phpgacl file, and the online wiki at
+www.oemr.org. Also recommend reading the comments in /openemr/library/acl.inc.
V. Upgrading
@@ -197,6 +194,6 @@ management (normally you should), run the sl_convert.php script
(e.g. http://openemr.location/sl_convert.php). Note this script may
run for several minutes or longer.
-If phpGACL is installed, then you should also upgrade your Access Controls
-by running the acl_upgrade.php program using your web browser
-(e.g. http://openemr.location/acl_upgrade.php).
+If phpGACL is installed (automatically installed since OpenEMR version 2.9.0.3),
+then you should upgrade your Access Controls by running the acl_upgrade.php
+program using your web browser (e.g. http://openemr.location/acl_upgrade.php).
View
32 acl_setup.php
@@ -6,9 +6,9 @@
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
- // This program may be run after phpGACL has been installed, and will
- // create the Access Control Objects and their sections as required
- // by OpenEMR. See openemr/library/acl.inc file for the list of
+ // This program is run by the OpenEMR setup.php script to install phpGACL
+ // and creates the Access Control Objects and their sections.
+ // See openemr/library/acl.inc file for the list of
// currently supported Access Control Objects(ACO), which this
// script will install. This script also creates several
// ARO groups, an "admin" ARO, and some reasonable ACL entries for
@@ -21,10 +21,10 @@
// Accounting
//
// Upgrade Howto
- // If you have previously installed phpGACL, and have since upgraded
- // to a new version of OpenEMR, then should consider upgrading
- // the phpGACL database with the acl_upgrade.php script to ensure
- // the database includes all the required Access Control Objects(ACO).
+ // When upgrading to a new version of OpenEMR, run the acl_upgrade.php
+ // script to update the phpGACL access controls. This is required to
+ // ensure the database includes all the required Access Control
+ // Objects(ACO).
//
include_once('library/acl.inc');
@@ -38,11 +38,8 @@
// Create the ACO sections. Every ACO must have a section.
//
if ($gacl->add_object_section('Accounting', 'acct', 10, 0, 'ACO') === FALSE) {
- die("<br>This is not working. Make sure you have:<br>" .
- "* Set the correct phpgacl database name, user and password in gacl.ini.php<br>" .
- "* Done the same in gacl.class.php<br>" .
- "* Run setup.php from the phpGACL distribution<br>" .
- "* Not already run this script successfully<br>");
+ echo "Unable to create the access controls for OpenEMR. You have likely already run this script (acl_setup.php) successfully.<br>Other possible problems include php-GACL configuration file errors (gacl.ini.php or gacl.class.php).<br>";
+ return;
}
$gacl->add_object_section('Administration', 'admin' , 10, 0, 'ACO');
$gacl->add_object_section('Encounters' , 'encounters' , 10, 0, 'ACO');
@@ -195,13 +192,8 @@
<link rel=STYLESHEET href="interface/themes/style_blue.css">
</head>
<body>
-<span class="title">OpenEMR ACL Setup</span>
-<br><br>
-<span class="text">
-
-All done!
-
-</span>
-
+<b>OpenEMR ACL Setup</b>
+<br>
+All done configuring and installing access controls (php-GACL)!
</body>
</html>
View
4 acl_upgrade.php
@@ -6,9 +6,7 @@
//
// This script will update the phpGACL database, which include
// Access Control Objects(ACO), Groups(ARO), and Access Control
-// Lists(ACL) created by the the acl_setup.php(2.8.1 onward)
-// program, to the most recent version.
-// (this assumes phpGACL has been previously installed)
+// Lists(ACL) to the most recent version.
// It will display whether each update already exist
// or if it was updated succesfully.
//
View
2 interface/globals.php
@@ -170,7 +170,7 @@
$v_major = '2';
$v_minor = '9';
$v_patch = '0';
-$tag = '.2'; // minor revision number, should be empty for production releases
+$tag = '.3'; // minor revision number, should be empty for production releases
// This name appears on the login page and in the title bar of most windows.
// It's nice to customize this to be the name of your clinic.
View
2 interface/main/backup.php
@@ -123,7 +123,7 @@
$cmd = "cd $webserver_root; tar --same-owner --ignore-failed-read -zcphf $BACKUP_DIR/openemr.tar.gz .";
}
if ($form_step == 5) {
- if (!empty($phpgacl_location)) {
+ if ((!empty($phpgacl_location)) && ($phpgacl_location != $GLOBALS['fileroot']."/gacl")) {
$form_status .= "Dumping phpGACL web directory tree ...<br />";
echo nl2br($form_status);
$cmd = "cd $phpgacl_location; tar --same-owner --ignore-failed-read -zcphf $BACKUP_DIR/phpgacl.tar.gz .";
View
2 interface/usergroup/adminacl.php
@@ -508,7 +508,7 @@ function generic_click(cthis) {
</head>
<body class="body_top">
- <span class='title'><?php xl('Access Control List Administration','e'); ?></span>
+ <span class='title'><?php xl('Access Control List Administration','e'); ?></span>&nbsp;<a href='../../gacl/admin/acl_admin.php' onclick='top.restoreSession()'><span class='back'>(Advanced)</span></a>
<br><br>
<div id='membership_edit'>
<span class=bold><input type='checkbox' id='membership_show'><?php xl('User Memberships','e'); ?></span>
View
36 library/acl.inc
@@ -1,10 +1,27 @@
<?php
- // If you have installed phpGACL (http://phpgacl.sourceforge.net/)
- // and have configured it for your site, then uncomment the following
- // statement and change it to point to the location where
- // gacl.class.php is intalled.
- //
- // $phpgacl_location = "/var/www/gacl";
+// php-GACL access controls are included in OpenEMR. The below
+// function will automatically create the path where gacl.class.php
+// can be found. Note that this path can be manually set below
+// for users who are using an external version of php-GACL.
+// Also note that php-GACL access controls can be turned off
+// below.
+ if (isset ($GLOBALS['fileroot'])) {
+ //normal use during OpenEMR
+ $phpgacl_location = $GLOBALS['fileroot'] . "/gacl";
+ }
+ else {
+ //special case during OpenEMR and php-GACL install/upgrade scripts,
+ //which are run from main OpenEMR directory.
+ $phpgacl_location = "gacl";
+ }
+//
+// If using an external version of php-GACL, then uncomment following
+// line and manually place the path below.
+//$phpgacl_location = "/var/www/gacl";
+//
+// If you want to turn off php-GACL, then uncomment the following line.
+//unset($phpgacl_location);
+//
// The following Access Control Objects (ACO) are currently supported.
// These are the "things to be protected":
@@ -291,7 +308,12 @@
$full_name = $first_name . " " . $middle_name . " " . $last_name;
}
else {
- $full_name = $first_name . " " . $last_name;
+ if ($last_name) {
+ $full_name = $first_name . " " . $last_name;
+ }
+ else {
+ $full_name = $first_name;
+ }
}
//If this is not the first group to be added, then will skip below
View
138 setup.php
@@ -12,6 +12,13 @@
$upgrade = 0;
$defhost = 'localhost';
$state = $_POST["state"];
+$gaclConfigFile1 = "gacl/gacl.ini.php";
+$gaclConfigFile2 = "gacl/gacl.class.php";
+$gaclWritableDirectory = "gacl/admin/templates_c";
+$gaclSetupScript1 = "./gacl/setup.php";
+$gaclSetupScript2 = "./acl_setup.php";
+$writableFileList = array($conffile, $gaclConfigFile1, $gaclConfigFile2);
+$writableDirList = array($gaclWritableDirectory);
include_once($conffile);
?>
@@ -70,9 +77,6 @@
There's much information and many extra tools bundled within the OpenEMR
installation directory. Please refer to openemr/Documentation.
<br>Many forms and other useful scripts can be found at openemr/contrib.
-<br>OpenEMR now comes with optional GACL support, a fine grained access control
-system. Please refer to openemr/Documentation/README.phpgacl for -easy-
-installation.
</p>
<p>
Reading openemr/includes/config.php and openemr/interface/globals.php is a good
@@ -325,6 +329,8 @@
<INPUT TYPE='HIDDEN' NAME='port' VALUE='$port'>
<INPUT TYPE='HIDDEN' NAME='login' VALUE='$login'>
<INPUT TYPE='HIDDEN' NAME='pass' VALUE='$pass'>
+<INPUT TYPE='HIDDEN' NAME='iuser' VALUE='$iuser'>
+<INPUT TYPE='HIDDEN' NAME='iuname' VALUE='$iuname'>
<br>\n
<INPUT TYPE='SUBMIT' VALUE='Continue'><br></FORM><br>\n";
@@ -333,14 +339,36 @@
case 4:
echo "<b>Step $state</b><br><br>\n";
-echo "Writing SQL Configuration to disk...\n";
+echo "Writing SQL Configuration to disk and configuring access controls (php-GACL)...<br><br>";
+
+//ensure required files and directories are writable before moving on
+$errorWritable = 0;
+foreach ($writableFileList as $tempFile) {
+ if (!(is_writable($tempFile))) {
+ echo "ERROR. Could not open config file '$tempFile' for writing.<br>";
+ echo "(ensure '$tempFile' is world-writeable, then go back in browser and try again).<br><br>";
+ flush();
+ $errorWritable = 1;
+ }
+}
+
+foreach ($writableDirList as $tempDir) {
+ if (!(is_writable($tempDir))) {
+ echo "ERROR. Could not open directory '$tempDir' for writing.<br>";
+ echo "(ensure '$tempDir' is world-writeable, then go back in browser and try again).<br><br>";
+ flush();
+ $errorWritable = 1;
+ }
+}
+if ($errorWritable) {
+ break;
+}
+
+//passed all file tests, now can write sql configuration and configure php-GACL
+
+echo "Writing SQL Configuration...<br>";
@touch($conffile); // php bug
$fd = @fopen($conffile, 'w');
-if ($fd == FALSE) {
- echo "ERROR. Could not open config file '$conffile' for writing.\n";
- flush();
- break;
-}
$string = "<?
// OpenEMR
// MySQL Config
@@ -388,7 +416,97 @@
}
fclose($fd);
-echo "OK<BR>\nPlease restore secure permissions on the 'library/sqlconf.php' file now.\n<br><FORM METHOD='POST'>\n
+echo "Successfully wrote SQL configuration.<BR>";
+echo "PLEASE restore secure permissions on the 'library/sqlconf.php' file.<br><br><br>";
+
+echo "Installing and Configuring Access Controls (php-GACL)<br>";
+
+//first, edit two gacl config files
+// edit gacl.ini.php
+$data = file($gaclConfigFile1) or die("Could not read ".$gaclConfigFile1." file.");
+$finalData = "";
+foreach ($data as $line) {
+ $isHit = 0;
+ if ((strpos($line,"db_host")) === false) {
+ }
+ else {
+ $isHit = 1;
+ $finalData .= "db_host = \"${host}\"\n";
+ }
+ if ((strpos($line,"db_user")) === false) {
+ }
+ else {
+ $isHit = 1;
+ $finalData .= "db_user = \"${login}\"\n";
+ }
+ if ((strpos($line,"db_password")) === false) {
+ }
+ else {
+ $isHit = 1;
+ $finalData .= "db_password = \"${pass}\"\n";
+ }
+ if ((strpos($line,"db_name")) === false) {
+ }
+ else {
+ $isHit = 1;
+ $finalData .= "db_name = \"${dbname}\"\n";
+ }
+ if (!$isHit) {
+ $finalData .= $line;
+ }
+}
+$fd = @fopen($gaclConfigFile1, 'w') or die("Could not open ".$gaclConfigFile1." file.");
+fwrite($fd, $finalData);
+fclose($fd);
+
+// edit gacl.class.php
+$data = file($gaclConfigFile2) or die("Could not read ".$gaclConfigFile2." file.");
+$finalData = "";
+foreach ($data as $line) {
+ $isHit = 0;
+ if ((strpos($line,"var \$_db_host = ")) === false) {
+ }
+ else {
+ $isHit = 1;
+ $finalData .= "var \$_db_host = '$host';\n";
+ }
+ if ((strpos($line,"var \$_db_user = ")) === false) {
+ }
+ else {
+ $isHit = 1;
+ $finalData .= "var \$_db_user = '$login';\n";
+ }
+ if ((strpos($line,"var \$_db_password = ")) === false) {
+ }
+ else {
+ $isHit = 1;
+ $finalData .= "var \$_db_password = '$pass';\n";
+ }
+ if ((strpos($line,"var \$_db_name = ")) === false) {
+ }
+ else {
+ $isHit = 1;
+ $finalData .= "var \$_db_name = '$dbname';\n";
+ }
+ if (!$isHit) {
+ $finalData .= $line;
+ }
+}
+$fd = @fopen($gaclConfigFile2, 'w') or die("Could not open ".$gaclConfigFile2." file.");
+fwrite($fd, $finalData);
+fclose($fd);
+
+//second, run gacl config scripts
+require $gaclSetupScript1;
+require $gaclSetupScript2;
+echo "<br>";
+
+//third, give the administrator user admin priviledges
+$groupArray = array("Administrators");
+set_user_aro($groupArray,$iuser,$iuname,"","");
+echo "Gave the '$iuser' user (password is 'pass') administrator access.<br>";
+
+echo "<br><FORM METHOD='POST'>\n
<INPUT TYPE='HIDDEN' NAME='state' VALUE='5'>\n
<br>\n
<INPUT TYPE='SUBMIT' VALUE='Continue'><br></FORM><br>\n";

0 comments on commit 5bddd2a

Please sign in to comment.