Skip to content
Permalink
Browse files Browse the repository at this point in the history
bug fixes b1 (#5280)
  • Loading branch information
bradymiller committed May 4, 2022
1 parent 512afc0 commit 871ae51
Show file tree
Hide file tree
Showing 46 changed files with 349 additions and 56 deletions.
9 changes: 9 additions & 0 deletions controllers/C_Document.class.php
Expand Up @@ -16,6 +16,7 @@
use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Crypto\CryptoGen;
use OpenEMR\Common\Csrf\CsrfUtils;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Services\FacilityService;
use OpenEMR\Services\PatientService;

Expand Down Expand Up @@ -1063,9 +1064,17 @@ public function list_action($patient_id = "")
$cur_pid = isset($_GET['patient_id']) ? filter_input(INPUT_GET, 'patient_id') : '';
$used_msg = xl('Current patient unavailable here. Use Patient Documents');
if ($cur_pid == '00') {
if (!AclMain::aclCheckCore('patients', 'docs', '', ['write', 'addonly'])) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Documents")]);
exit;
}
$cur_pid = '0';
$is_new = 1;
}
if (!AclMain::aclCheckCore('patients', 'docs')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Documents")]);
exit;
}
$this->assign('is_new', $is_new);
$this->assign('place_hld', $place_hld);
$this->assign('cur_pid', $cur_pid);
Expand Down
8 changes: 8 additions & 0 deletions controllers/C_PracticeSettings.class.php
@@ -1,5 +1,8 @@
<?php

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Twig\TwigContainer;

class C_PracticeSettings extends Controller
{
var $template_mod;
Expand All @@ -14,6 +17,11 @@ function __construct($template_mod = "general")
$this->assign("TOP_ACTION", $GLOBALS['webroot'] . "/controller.php?" . "practice_settings" . "&");
$this->assign("STYLE", $GLOBALS['style']);
$this->direction = ($GLOBALS['_SESSION']['language_direction'] == 'rtl') ? 'right' : 'left';

if (!AclMain::aclCheckCore('admin', 'practice')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Practice Settings")]);
exit;
}
}

function default_action($display = "")
Expand Down
7 changes: 7 additions & 0 deletions interface/billing/edit_payment.php
Expand Up @@ -27,8 +27,15 @@
require_once("$srcdir/options.inc.php");
require_once("$srcdir/payment.inc.php");

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;

if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Confirm Payment")]);
exit;
}

$screen = 'edit_payment';

// Deletion of payment distribution code
Expand Down
7 changes: 7 additions & 0 deletions interface/billing/era_payments.php
Expand Up @@ -23,10 +23,17 @@

use OpenEMR\Billing\ParseERA;
use OpenEMR\Billing\SLEOB;
use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Csrf\CsrfUtils;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;
use OpenEMR\OeUI\OemrUI;

if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("ERA Posting")]);
exit;
}

$hidden_type_code = isset($_POST['hidden_type_code']) ? $_POST['hidden_type_code'] : '';
$check_date = isset($_POST['check_date']) ? $_POST['check_date'] : '';
$post_to_date = isset($_POST['post_to_date']) ? $_POST['post_to_date'] : '';
Expand Down
7 changes: 7 additions & 0 deletions interface/billing/indigent_patients_report.php
Expand Up @@ -17,9 +17,16 @@
require_once("../globals.php");
require_once("$srcdir/patient.inc");

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Csrf\CsrfUtils;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;

if (!AclMain::aclCheckCore('acct', 'rep_a')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Indigent Patients Report")]);
exit;
}

$alertmsg = '';

function bucks($amount)
Expand Down
7 changes: 7 additions & 0 deletions interface/billing/new_payment.php
Expand Up @@ -25,9 +25,16 @@
require_once("$srcdir/payment.inc.php");

use OpenEMR\Billing\ParseERA;
use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;
use OpenEMR\OeUI\OemrUI;

if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("New Payment")]);
exit;
}

//===============================================================================
$screen = 'new_payment';
//===============================================================================
Expand Down
7 changes: 7 additions & 0 deletions interface/billing/search_payments.php
Expand Up @@ -23,9 +23,16 @@
require_once("$srcdir/options.inc.php");
require_once("$srcdir/payment.inc.php");

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;
use OpenEMR\OeUI\OemrUI;

if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Search Payment")]);
exit;
}

//===============================================================================
//Deletion of payment and its corresponding distributions.
//===============================================================================
Expand Down
7 changes: 7 additions & 0 deletions interface/billing/sl_eob_search.php
Expand Up @@ -36,10 +36,17 @@
use OpenEMR\Billing\InvoiceSummary;
use OpenEMR\Billing\ParseERA;
use OpenEMR\Billing\SLEOB;
use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Csrf\CsrfUtils;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;
use OpenEMR\OeUI\OemrUI;

if (!AclMain::aclCheckCore('acct', 'eob', '', 'write')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("EOB Posting - Search")]);
exit;
}

$DEBUG = 0; // set to 0 for production, 1 to test
$alertmsg = '';
$where = '';
Expand Down
16 changes: 11 additions & 5 deletions interface/billing/sl_receipts_report.php
Expand Up @@ -36,8 +36,14 @@

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Csrf\CsrfUtils;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;

if (!AclMain::aclCheckCore('acct', 'rep') && !AclMain::aclCheckCore('acct', 'rep_a')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Cash Receipts by Provider")]);
exit;
}

function is_clinic($code)
{
global $bcodes;
Expand All @@ -60,11 +66,6 @@ function bucks($amount)
}
}

if (! AclMain::aclCheckCore('acct', 'rep')) {
die(xlt("Unauthorized access."));
}


$form_use_edate = $_POST['form_use_edate'] ?? null;

$form_proc_codefull = trim($_POST['form_proc_codefull'] ?? '');
Expand Down Expand Up @@ -373,6 +374,11 @@ function sel_diagnosis() {
<?php
if ($_POST['form_refresh']) {
$form_doctor = $_POST['form_doctor'];
if (!AclMain::aclCheckCore('acct', 'rep_a')) {
// only allow user to see their encounter information
$form_doctor = $_SESSION['authUserID'];
}

$arows = array();

$ids_to_skip = array();
Expand Down
7 changes: 7 additions & 0 deletions interface/main/display_documents.php
Expand Up @@ -18,8 +18,15 @@
require_once('../globals.php');
require_once("$srcdir/patient.inc");

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;

if (!AclMain::aclCheckCore('patients', 'lab')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Lab Documents")]);
exit;
}

$curdate = date_create(date("Y-m-d"));
date_sub($curdate, date_interval_create_from_date_string("7 days"));
$sub_date = date_format($curdate, 'Y-m-d');
Expand Down
9 changes: 6 additions & 3 deletions interface/orders/orders_results.php
Expand Up @@ -17,6 +17,7 @@
require_once("$srcdir/lab.inc");

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;

// Indicates if we are entering in batch mode.
Expand All @@ -26,15 +27,17 @@
$form_review = empty($_GET['review']) ? 0 : 1;

// Check authorization.
$thisauth = AclMain::aclCheckCore('patients', 'med');
$thisauth = AclMain::aclCheckCore('patients', 'lab');
if (!$thisauth) {
die(xlt('Not authorized'));
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Procedure Results")]);
exit;
}

// Check authorization for pending review.
$reviewauth = AclMain::aclCheckCore('patients', 'sign');
if ($form_review and !$reviewauth and !$thisauth) {
die(xlt('Not authorized'));
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Procedure Results")]);
exit;
}

// Set pid for pending review.
Expand Down
10 changes: 6 additions & 4 deletions interface/orders/pending_orders.php
Expand Up @@ -18,8 +18,14 @@

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Csrf\CsrfUtils;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;

if (!AclMain::aclCheckCore('patients', 'lab')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Pending Orders")]);
exit;
}

function thisLineItem($row)
{
$provname = $row['provider_lname'];
Expand Down Expand Up @@ -53,10 +59,6 @@ function thisLineItem($row)
} // End not csv export
}

if (!AclMain::aclCheckCore('acct', 'rep')) {
die(xlt("Unauthorized access."));
}

$form_from_date = isset($_POST['form_from_date']) ? DateToYYYYMMDD($_POST['form_from_date']) : date('Y-m-d');
$form_to_date = isset($_POST['form_to_date']) ? DateToYYYYMMDD($_POST['form_to_date']) : date('Y-m-d');
$form_facility = $_POST['form_facility'] ?? null;
Expand Down
8 changes: 4 additions & 4 deletions interface/orders/procedure_stats.php
Expand Up @@ -22,12 +22,12 @@

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Csrf\CsrfUtils;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;

// Might want something different here.
//
if (! AclMain::aclCheckCore('acct', 'rep')) {
die(xlt("Unauthorized access."));
if (!AclMain::aclCheckCore('patients', 'lab')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Procedure Statistics Report")]);
exit;
}

$from_date = isset($_POST['form_from_date']) ? DateToYYYYMMDD($_POST['form_from_date']) : '0000-00-00';
Expand Down
11 changes: 11 additions & 0 deletions interface/orders/types.php
Expand Up @@ -15,6 +15,8 @@

require_once("../globals.php");

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;

// This script can be run either inside the OpenEMR frameset for order catalog
Expand All @@ -26,6 +28,15 @@
$order = isset($_GET['order']) ? $_GET['order'] + 0 : 0;
$labid = isset($_GET['labid']) ? $_GET['labid'] + 0 : 0;

if (!$popup && !AclMain::aclCheckCore('admin', 'super')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Configure Orders and Results")]);
exit;
}
if ($popup && !AclMain::aclCheckCore('patients', 'lab') && !AclMain::aclCheckCore('admin', 'super')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Configure Orders and Results")]);
exit;
}

// If Save was clicked, set the result, close the window and exit.
//
if ($popup && $_POST['form_save']) {
Expand Down
7 changes: 7 additions & 0 deletions interface/patient_file/ccr_import.php
Expand Up @@ -17,8 +17,15 @@

require_once(dirname(__FILE__) . "../../globals.php");

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;

if (!AclMain::aclCheckCore('patients', 'med', '', 'write')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Import")]);
exit;
}

?>
<html>
<head>
Expand Down
7 changes: 7 additions & 0 deletions interface/patient_file/ccr_pending_approval.php
Expand Up @@ -18,9 +18,16 @@
require_once(dirname(__FILE__) . "/../../library/patient.inc");
require_once(dirname(__FILE__) . "/../../library/parse_patient_xml.php");

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Csrf\CsrfUtils;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;

if (!AclMain::aclCheckCore('patients', 'med', '', 'write')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("CCR Approve")]);
exit;
}

if (isset($_GET['approve']) && $_GET['approve'] == 1) {
if (!CsrfUtils::verifyCsrfToken($_GET["csrf_token_form"])) {
CsrfUtils::csrfNotVerified();
Expand Down
13 changes: 13 additions & 0 deletions interface/patient_file/encounter/load_form.php
Expand Up @@ -13,6 +13,11 @@
*/

require_once("../../globals.php");
require_once("../../../library/registry.inc");

use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Twig\TwigContainer;

if (substr($_GET["formname"], 0, 3) === 'LBF') {
// Use the List Based Forms engine for all LBFxxxxx forms.
include_once("$incdir/forms/LBF/new.php");
Expand All @@ -25,6 +30,14 @@
// ensure the path variable has no illegal characters
check_file_dir_name($_GET["formname"]);

// ensure authorized to see the form
if (!AclMain::aclCheckForm($_GET["formname"])) {
$formLabel = xl_form_title(getRegistryEntryByDirectory($_GET["formname"], 'name')['name'] ?? '');
$formLabel = (!empty($formLabel)) ? $formLabel : $_GET["formname"];
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => $formLabel]);
exit;
}

include_once("$incdir/forms/" . $_GET["formname"] . "/new.php");
}

Expand Down
18 changes: 18 additions & 0 deletions interface/patient_file/front_payment.php
Expand Up @@ -23,11 +23,29 @@
use OpenEMR\Billing\BillingUtilities;
use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Csrf\CsrfUtils;
use OpenEMR\Common\Twig\TwigContainer;
use OpenEMR\Core\Header;
use OpenEMR\OeUI\OemrUI;
use OpenEMR\PaymentProcessing\Sphere\SpherePayment;
use OpenEMR\Services\FacilityService;

if (!empty($_REQUEST['receipt']) && empty($_POST['form_save'])) {
if (!AclMain::aclCheckCore('acct', 'bill') && !AclMain::aclCheckCore('acct', 'rep_a') && !AclMain::aclCheckCore('patients', 'rx')) {
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Receipt for Payment")]);
exit;
}
} else {
if (!AclMain::aclCheckCore('acct', 'bill', '', 'write')) {
if (!empty($_POST['form_save'])) {
$pageTitle = xl("Receipt for Payment");
} else {
$pageTitle = xl("Record Payment");
}
echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => $pageTitle]);
exit;
}
}

$pid = (!empty($_REQUEST['hidden_patient_code']) && ($_REQUEST['hidden_patient_code'] > 0)) ? $_REQUEST['hidden_patient_code'] : $pid;

$facilityService = new FacilityService();
Expand Down

0 comments on commit 871ae51

Please sign in to comment.