Permalink
Browse files

Access Control enhancements:

 -Modified access control engine to support return values (write, addonly, wsome, etc).
  (adjusted acl_check function, which was adjusted in entire codebase; old function is still
   supported for legacy code)
 -Added the standard acls to also have wsome and view return values
 -Ability to upgrade access controls by OpenEMR version (tracked in version.php file)
  • Loading branch information...
1 parent 1452ef2 commit a5f58a71ada9a939f6c6087f01292282f795c6e8 @bradymiller bradymiller committed Sep 15, 2012
Showing with 959 additions and 553 deletions.
  1. +2 −1 Documentation/README.phpgacl
  2. +67 −1 acl_setup.php
  3. +391 −433 acl_upgrade.php
  4. +18 −10 contrib/forms/xmlformgen/xslt/common_objects.xslt
  5. +1 −1 contrib/forms/xmlformgen/xslt/show.php.xslt
  6. +1 −2 custom/import_xml.php
  7. +49 −19 gacl/gacl.class.php
  8. +1 −2 interface/forms/physical_exam/edit_diagnoses.php
  9. +2 −5 interface/main/calendar/add_edit_event.php
  10. +3 −3 interface/main/calendar/find_appt_popup.php
  11. +4 −5 interface/main/left_nav.php
  12. +2 −4 interface/main/main_navigation.php
  13. +7 −2 interface/main/main_title.php
  14. +1 −2 interface/new/new_comprehensive.php
  15. +1 −2 interface/patient_file/history/edit_billnote.php
  16. +8 −6 interface/patient_file/history/history.php
  17. +3 −4 interface/patient_file/history/history_full.php
  18. +3 −4 interface/patient_file/history/history_save.php
  19. +3 −3 interface/patient_file/navigation.php
  20. +3 −3 interface/patient_file/problem_encounter.php
  21. +2 −3 interface/patient_file/summary/add_edit_issue.php
  22. +2 −4 interface/patient_file/summary/demographics.php
  23. +2 −3 interface/patient_file/summary/demographics_full.php
  24. +1 −2 interface/patient_file/summary/demographics_print.php
  25. +2 −3 interface/patient_file/summary/demographics_save.php
  26. +2 −2 interface/patient_file/summary/pnotes.php
  27. +3 −6 interface/patient_file/summary/pnotes_full.php
  28. +1 −2 interface/patient_file/summary/pnotes_full_add.php
  29. +6 −5 interface/patient_file/summary/stats_full.php
  30. +71 −7 library/acl.inc
  31. +280 −0 library/acl_upgrade_fx.php
  32. +1 −1 library/classes/Installer.class.php
  33. +4 −0 sql/4_1_1-to-4_1_2_upgrade.sql
  34. +3 −2 sql/database.sql
  35. +9 −1 version.php
View
3 Documentation/README.phpgacl
@@ -27,7 +27,8 @@ also add it to the following three sites:
3. acl_upgrade.php file
-Miscellaneous Information (the below information is only applicable
+Miscellaneous Information
+(the below information is only applicable
to OpenEMR versions less than 2.9.0.3 or to users who choose to
install an external version of phpGACL)
View
68 acl_setup.php
@@ -210,7 +210,7 @@
}
// Declare return terms for language translations
- // xl('write') xl('wsome') xl('addonly')
+ // xl('write') xl('wsome') xl('addonly') xl('view')
// Set permissions for administrators.
//
@@ -237,11 +237,27 @@
'placeholder'=>array('filler')
),
NULL, array($doc), NULL, NULL,
+ 1, 1, 'view', 'Things that physicians can only read'
+ );
+ // xl('Things that physicians can only read')
+ $gacl->add_acl(
+ array(
+ 'placeholder'=>array('filler')
+ ),
+ NULL, array($doc), NULL, NULL,
1, 1, 'addonly', 'Things that physicians can read and enter but not modify'
);
// xl('Things that physicians can read and enter but not modify')
$gacl->add_acl(
array(
+ 'placeholder'=>array('filler')
+ ),
+ NULL, array($doc), NULL, NULL,
+ 1, 1, 'wsome', 'Things that physicians can read and partly modify'
+ );
+ // xl('Things that physicians can read and partly modify')
+ $gacl->add_acl(
+ array(
'acct'=>array('disc', 'rep'),
'admin'=>array('drugs'),
'encounters'=>array('auth_a', 'coding_a', 'notes_a', 'date_a'),
@@ -257,6 +273,14 @@
//
$gacl->add_acl(
array(
+ 'placeholder'=>array('filler')
+ ),
+ NULL, array($clin), NULL, NULL,
+ 1, 1, 'view', 'Things that clinicians can only read'
+ );
+ // xl('Things that clinicians can only read')
+ $gacl->add_acl(
+ array(
'encounters'=>array('notes', 'relaxed'),
'patients'=>array('demo', 'med', 'docs', 'notes'),
'sensitivities'=>array('normal')
@@ -265,6 +289,15 @@
1, 1, 'addonly', 'Things that clinicians can read and enter but not modify'
);
// xl('Things that clinicians can read and enter but not modify')
+
+ $gacl->add_acl(
+ array(
+ 'placeholder'=>array('filler')
+ ),
+ NULL, array($clin), NULL, NULL,
+ 1, 1, 'wsome', 'Things that clinicians can read and partly modify'
+ );
+ // xl('Things that clinicians can read and partly modify')
$gacl->add_acl(
array(
'admin'=>array('drugs'),
@@ -283,11 +316,27 @@
'placeholder'=>array('filler')
),
NULL, array($front), NULL, NULL,
+ 1, 1, 'view', 'Things that front office can only read'
+ );
+ // xl('Things that front office can only read')
+ $gacl->add_acl(
+ array(
+ 'placeholder'=>array('filler')
+ ),
+ NULL, array($front), NULL, NULL,
1, 1, 'addonly', 'Things that front office can read and enter but not modify'
);
// xl('Things that front office can read and enter but not modify')
$gacl->add_acl(
array(
+ 'placeholder'=>array('filler')
+ ),
+ NULL, array($front), NULL, NULL,
+ 1, 1, 'wsome', 'Things that front office can read and partly modify'
+ );
+ // xl('Things that front office can read and partly modify')
+ $gacl->add_acl(
+ array(
'patients'=>array('appt', 'demo', 'trans', 'notes')
),
NULL, array($front), NULL, NULL,
@@ -302,11 +351,27 @@
'placeholder'=>array('filler')
),
NULL, array($back), NULL, NULL,
+ 1, 1, 'view', 'Things that back office can only read'
+ );
+ // xl('Things that back office can only read')
+ $gacl->add_acl(
+ array(
+ 'placeholder'=>array('filler')
+ ),
+ NULL, array($back), NULL, NULL,
1, 1, 'addonly', 'Things that back office can read and enter but not modify'
);
// xl('Things that back office can read and enter but not modify')
$gacl->add_acl(
array(
+ 'placeholder'=>array('filler')
+ ),
+ NULL, array($back), NULL, NULL,
+ 1, 1, 'wsome', 'Things that back office can read and partly modify'
+ );
+ // xl('Things that back office can read and partly modify')
+ $gacl->add_acl(
+ array(
'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
'admin'=>array('practice', 'superbill'),
'encounters'=>array('auth_a', 'coding_a', 'date_a'),
@@ -316,6 +381,7 @@
1, 1, 'write', 'Things that back office can read and modify'
);
// xl('Things that back office can read and modify')
+
// Set permissions for Emergency Login.
//
$gacl->add_acl(
View
824 acl_upgrade.php
@@ -1,46 +1,114 @@
<?php
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
-//
-// This script will update the phpGACL database, which include
-// Access Control Objects(ACO), Groups(ARO), and Access Control
-// Lists(ACL) to the most recent version.
-// It will display whether each update already exist
-// or if it was updated succesfully.
-//
-// Updates included:
-// 2.8.2
-// Section "sensitivities" (Sensitivities):
-// ADD normal Normal (Administrators, Physicians, Clinicians(addonly))
-// ADD high High (Administrators, Physicians)
-// Section "admin" (Administration):
-// ADD super Superuser (Adminstrators)
-// 2.8.4
-// Section "admin" (Administration):
-// ADD drugs Pharmacy Dispensary (Administrators, Physicians, Clinicians(write))
-// ADD acl ACL Administration (Administrators)
-// Section "sensitivities" (Sensitivities):
-// EDIT high High (ensure the order variable is '20')
-// Section "acct" (Accounting):
-// ADD disc Price Discounting (Administrators, Physicians, Accounting(write))
-// 3.0.2
-// ADD Section "lists" (Lists):
-// ADD default Default List (write,addonly optional) (Administrators)
-// ADD state State List (write,addonly optional) (Administrators)
-// ADD country Country List (write,addonly optional) (Administrators)
-// ADD language Language List (write,addonly optional) (Administrators)
-// ADD ethrace Ethnicity-Race List (write,addonly optional) (Administrators)
-// ADD Section "placeholder" (Placeholder):
-// ADD filler Placeholder (Maintains empty ACLs)
-// 3.3.0
-// Section "patients" (Patients):
-// ADD sign Sign Lab Results (Physicians)
+/**
+* Upgrade script for access controls.
+*
+* This script will update the phpGACL database, which include
+* Access Control Objects(ACO), Groups(ARO), and Access Control
+* Lists(ACL) to the most recent version.
+* It will display whether each update already exist
+* or if it was updated succesfully.
+* To avoid reversing customizations, upgrade is done in versions,
+* which are recorded in the database. To add another version of
+* changes, use the following template:
+* <pre>// Upgrade for acl_version <acl_version_here>
+* $upgrade_acl = <acl_version_here>;
+* if ($acl_version < $upgrade_acl) {
+* echo "<B>UPGRADING ACCESS CONTROLS TO VERSION ".$upgrade_acl.":</B></BR>";
+*
+* //Collect the ACL ID numbers.
+* echo "<B>Checking to ensure all the proper ACL(access control list) are present:</B></BR>";
+*
+* //Add new object Sections
+* echo "<BR/><B>Adding new object sections</B><BR/>";
+*
+* //Add new Objects
+* echo "<BR/><B>Adding new objects</B><BR/>";
+*
+* //Update already existing Objects
+* echo "<BR/><B>Upgrading objects</B><BR/>";
+*
+* //Add new ACLs here (will return the ACL ID of newly created or already existant ACL)
+* // (will also place in the appropriate group and CREATE a new group if needed)
+* echo "<BR/><B>Adding ACLs(Access Control Lists) and groups</B><BR/>";
+*
+* //Update the ACLs
+* echo "<BR/><B>Updating the ACLs(Access Control Lists)</B><BR/>";
+*
+* //DONE with upgrading to this version
+* $acl_version = $upgrade_acl;
+* }
+* </pre>
+*
+* Updates included:
+* <pre>---VERSION 1 ACL---
+* 2.8.2
+* Section "sensitivities" (Sensitivities):
+* ADD normal Normal (Administrators, Physicians, Clinicians(addonly))
+* ADD high High (Administrators, Physicians)
+* Section "admin" (Administration):
+* ADD super Superuser (Adminstrators)
+* 2.8.4
+* Section "admin" (Administration):
+* ADD drugs Pharmacy Dispensary (Administrators, Physicians, Clinicians(write))
+* ADD acl ACL Administration (Administrators)
+* Section "sensitivities" (Sensitivities):
+* EDIT high High (ensure the order variable is '20')
+* Section "acct" (Accounting):
+* ADD disc Price Discounting (Administrators, Physicians, Accounting(write))
+* 3.0.2
+* ADD Section "lists" (Lists):
+* ADD default Default List (write,addonly optional) (Administrators)
+* ADD state State List (write,addonly optional) (Administrators)
+* ADD country Country List (write,addonly optional) (Administrators)
+* ADD language Language List (write,addonly optional) (Administrators)
+* ADD ethrace Ethnicity-Race List (write,addonly optional) (Administrators)
+* ADD Section "placeholder" (Placeholder):
+* ADD filler Placeholder (Maintains empty ACLs)
+* ACL/Group doc addonly "Physicians" (filler aco)
+* ACL/Group front addonly "Front Office" (filler aco)
+* ACL/Group back addonly "Accounting" (filler aco)
+* 3.3.0
+* Section "patients" (Patients):
+* ADD sign Sign Lab Results (Physicians)
+* ACL/Group breakglass write "Emergency Login" (added all aco's to it)
+* 4.1.0
+* Section "nationnotes" (Nation Notes)
+* ADD nn_configure Nation Notes Configure (Administrators, Emergency Login)
+* Section "patientportal" (Patient Portal)
+* ADD portal Patient Portal (Administrators, Emergency Login)
+* 4.1.1
+* ACL/Group doc wsome "Physicians" (filler aco)
+* ACL/Group clin wsome "Clinicians" (filler aco)
+* ACL/Group front wsome "Front Office" (filler aco)
+* ACL/Group back wsome "Accounting" (filler aco)
+* ACL/Group doc view "Physicians" (filler aco)
+* ACL/Group clin view "Clinicians" (filler aco)
+* ACL/Group front view "Front Office" (filler aco)
+* ACL/Group back view "Accounting" (filler aco)
+* </pre>
+*
+* Copyright (C) 2012 Brady Miller <brady@sparmy.com>
+*
+* LICENSE: This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+* You should have received a copy of the GNU General Public License
+* along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>.
+*
+* @package OpenEMR
+* @author Brady Miller <brady@sparmy.com>
+* @link http://www.open-emr.org
+*/
$ignoreAuth = true; // no login required
require_once('interface/globals.php');
+require_once("$srcdir/acl_upgrade_fx.php");
//Ensure that phpGACL has been installed
include_once('library/acl.inc');
@@ -52,420 +120,310 @@
die("You must first set up library/acl.inc to use phpGACL!");
}
-
-//Collect the ACL ID numbers.
-echo "<B>Checking to ensure all the proper ACL(access control list) are present:</B></BR>";
-//Get Administrator ACL ID number
-$admin_write = getAclIdNumber('Administrators', 'write');
-//Get Doctor ACL ID Number
-$doc_write = getAclIdNumber('Physicians', 'write');
-//Get Clinician ACL with write access ID number
-$clin_write = getAclIdNumber('Clinicians', 'write');
-//Get Clinician ACL with addonly access ID number
-$clin_addonly = getAclIdNumber('Clinicians', 'addonly');
-//Get Receptionist ACL ID number
-$front_write = getAclIdNumber('Front Office', 'write');
-//Get Accountant ACL ID number
-$back_write = getAclIdNumber('Accounting', 'write');
-
-//Add new object Sections
-echo "<BR/><B>Adding new object sections</B><BR/>";
-//Add 'Sensitivities' object section (added in 2.8.2)
-addObjectSectionAcl('sensitivities', 'Sensitivities');
-//Add 'Lists' object section (added in 3.0.2)
-addObjectSectionAcl('lists', 'Lists');
-//Add 'Placeholder' object section (added in 3.0.2)
-addObjectSectionAcl('placeholder', 'Placeholder');
-//Add 'Nation Notes' object section (added in 4.1.0)
-addObjectSectionAcl('nationnotes','Nation Notes');
-//Add 'Patient Portal' object section (added in 4.1.0)
-addObjectSectionAcl('patientportal', 'Patient Portal');
-
-//Add new Objects
-echo "<BR/><B>Adding new objects</B><BR/>";
-//Add 'Normal' sensitivity object, order variable is default 10 (added in 2.8.2)
-addObjectAcl('sensitivities', 'Sensitivities', 'normal', 'Normal');
-//Add 'High' sensitivity object, order variable is set to 20 (added in 2.8.2)
-addObjectAclWithOrder('sensitivities', 'Sensitivities', 'high', 'High', 20);
-//Add 'Pharmacy Dispensary' object (added in 2.8.4)
-addObjectAcl('admin', 'Administration', 'drugs', 'Pharmacy Dispensary');
-//Add 'ACL Administration' object (added in 2.8.4)
-addObjectAcl('admin', 'Administration', 'acl', 'ACL Administration');
-//Add 'Price Discounting' object (added in 2.8.4)
-addObjectAcl('acct', 'Accounting', 'disc', 'Price Discounting');
-//Add 'Default List (write,addonly optional)' object (added in 3.0.2)
-addObjectAcl('lists', 'Lists', 'default', 'Default List (write,addonly optional)');
-//Add 'State List (write,addonly optional)' object (added in 3.0.2)
-addObjectAcl('lists', 'Lists', 'state', 'State List (write,addonly optional)');
-//Add 'Country List (write,addonly optional)' object (added in 3.0.2)
-addObjectAcl('lists', 'Lists', 'country', 'Country List (write,addonly optional)');
-//Add 'Language List (write,addonly optional)' object (added in 3.0.2)
-addObjectAcl('lists', 'Lists', 'language', 'Language List (write,addonly optional)');
-//Add 'Ethnicity-Race List (write,addonly optional)' object (added in 3.0.2)
-addObjectAcl('lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)');
-//Add 'Placeholder (Maintains empty ACLs)' object (added in 3.0.2)
-addObjectAcl('placeholder', 'Placeholder', 'filler', 'Placeholder (Maintains empty ACLs)');
-//Add 'Sign Lab Results (write,addonly optional)' object (added in 3.3.0)
-addObjectAcl('patients', 'Patients', 'sign', 'Sign Lab Results (write,addonly optional)');
-//Add 'nationnotes' object (added in 4.1.0)
-addObjectAcl('nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure');
-//Add 'patientportal' object (added in 4.1.0)
-addObjectAcl('patientportal', 'Patient Portal', 'portal', 'Patient Portal');
-
-//Update already existing Objects
-echo "<BR/><B>Upgrading objects</B><BR/>";
-//Ensure that 'High' sensitivity object order variable is set to 20
-editObjectAcl('sensitivities', 'Sensitivities', 'high', 'High', 20);
-
-//Add new ACLs here (will return the ACL ID of newly created or already existant ACL)
-// (will also place in the appropriate group and CREATE a new group if needed)
-echo "<BR/><B>Adding ACLs(Access Control Lists) and groups</B><BR/>";
-//Add 'Physicians' ACL with 'addonly' and collect the ID number (added in 3.0.2)
-$doc_addonly = addNewACL('Physicians', 'doc', 'addonly', 'Things that physicians can read and enter but not modify');
-//Add 'Front Office' ACL with 'addonly' and collect the ID number (added in 3.0.2)
-$front_addonly = addNewACL('Front Office', 'front', 'addonly', 'Things that front office can read and enter but not modify');
-//Add 'Accounting' ACL with 'addonly' and collect the ID number (added in 3.0.2)
-$back_addonly = addNewACL('Accounting', 'back', 'addonly', 'Things that back office can read and enter but not modify');
-//Add 'Emergency Login' ACL with 'write' and collect the ID number (added in 3.3.0)
-$emergency_write = addNewACL('Emergency Login', 'breakglass', 'write', 'Things that can use for emergency login, can read and modify');
-
-//Update the ACLs
-echo "<BR/><B>Updating the ACLs(Access Control Lists)</B><BR/>";
-//Insert the 'super' object from the 'admin' section into the Administrators group write ACL (added in 2.8.2)
-updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'super', 'Superuser', 'write');
-//Insert the 'high' object from the 'sensitivities' section into the Administrators group write ACL (added in 2.8.2)
-updateAcl($admin_write, 'Administrators', 'sensitivities', 'Sensitivities', 'high', 'High', 'write');
-//Insert the 'normal' object from the 'sensitivities' section into the Administrators group write ACL (added in 2.8.2)
-updateAcl($admin_write, 'Administrators', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write');
-//Insert the 'high' object from the 'sensitivities' section into the Physicians group write ACL (added in 2.8.2)
-updateAcl($doc_write, 'Physicians', 'sensitivities', 'Sensitivities', 'high', 'High', 'write');
-//Insert the 'normal' object from the 'sensitivities' section into the Physicians group write ACL (added in 2.8.2)
-updateAcl($doc_write, 'Physicians', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write');
-//Insert the 'normal' object from the 'sensitivities' section into the Clinicians group addonly ACL (added in 2.8.2)
-updateAcl($clin_addonly, 'Clinicians', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'addonly');
-//Insert the 'drugs' object from the 'admin' section into the Administrators group write ACL (added in 2.8.4)
-updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write');
-//Insert the 'drugs' object from the 'admin' section into the Physicians group write ACL (added in 2.8.4)
-updateAcl($doc_write, 'Physicians', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write');
-//Insert the 'drugs' object from the 'admin' section into the Clinicians group write ACL (added in 2.8.4)
-updateAcl($clin_write, 'Clinicians', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write');
-//Insert the 'acl' object from the 'admin' section into the Administrators group write ACL (added in 2.8.4)
-updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'acl', 'ACL Administration', 'write');
-//Insert the 'disc' object from the 'acct' section into the Administrators group write ACL (added in 2.8.4)
-updateAcl($admin_write, 'Administrators', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write');
-//Insert the 'disc' object from the 'acct' section into the Accounting group write ACL (added in 2.8.4)
-updateAcl($back_write, 'Accounting', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write');
-//Insert the 'disc' object from the 'acct' section into the Physicians group write ACL (added in 2.8.4)
-updateAcl($doc_write, 'Physicians', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write');
-//Insert the 'default' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2)
-updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'default', 'Default List (write,addonly optional)', 'write');
-//Insert the 'state' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2)
-updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'state', 'State List (write,addonly optional)', 'write');
-//Insert the 'country' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2)
-updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'country', 'Country List (write,addonly optional)', 'write');
-//Insert the 'language' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2)
-updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'language', 'Language List (write,addonly optional)', 'write');
-//Insert the 'race' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2)
-updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)', 'write');
-//Update ACLs for Emergency Login
-//Insert the 'disc' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write');
-//Insert the 'bill' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'bill', 'Billing (write optional)', 'write');
-//Insert the 'eob' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'eob', 'EOB Data Entry', 'write');
-//Insert the 'rep' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'rep', 'Financial Reporting - my encounters', 'write');
-//Insert the 'rep_a' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'rep_a', 'Financial Reporting - anything', 'write');
-//Insert the 'calendar' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'calendar', 'Calendar Settings', 'write');
-//Insert the 'database' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'database', 'Database Reporting', 'write');
-//Insert the 'forms' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'forms', 'Forms Administration', 'write');
-//Insert the 'practice' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'practice', 'Practice Settings', 'write');
-//Insert the 'superbill' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'superbill', 'Superbill Codes Administration', 'write');
-//Insert the 'users' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'users', 'Users/Groups/Logs Administration', 'write');
-//Insert the 'batchcom' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'batchcom', 'Batch Communication Tool', 'write');
-//Insert the 'language' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'language', 'Language Interface Tool', 'write');
-//Insert the 'super' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'super', 'Superuser', 'write');
-//Insert the 'drugs' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write');
-//Insert the 'acl' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'acl', 'ACL Administration', 'write');
-//Insert the 'auth_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'auth_a', 'Authorize - any encounters', 'write');
-//Insert the 'coding_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'coding_a', 'Coding - any encounters (write,wsome optional)', 'write');
-//Insert the 'notes_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'notes_a', 'Notes - any encounters (write,addonly optional)', 'write');
-//Insert the 'date_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'date_a', 'Fix encounter dates - any encounters', 'write');
-//Insert the 'default' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'default', 'Default List (write,addonly optional)', 'write');
-//Insert the 'state' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'state', 'State List (write,addonly optional)', 'write');
-//Insert the 'country' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'country', 'Country List (write,addonly optional)', 'write');
-//Insert the 'language' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'language', 'Language List (write,addonly optional)', 'write');
-//Insert the 'ethrace' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)', 'write');
-//Insert the 'appt' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'appt', 'Appointments (write,wsome optional)', 'write');
-//Insert the 'demo' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'demo', 'Demographics (write,addonly optional)', 'write');
-//Insert the 'med' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'med', 'Medical/History (write,addonly optional)', 'write');
-//Insert the 'trans' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'trans', 'Transactions (write optional)', 'write');
-//Insert the 'docs' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'docs', 'Documents (write,addonly optional)', 'write');
-//Insert the 'notes' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'notes', 'Patient Notes (write,addonly optional)', 'write');
-//Insert the 'high' object from the 'sensitivities' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'sensitivities', 'Sensitivities', 'high', 'High', 'write');
-//Insert the 'normal' object from the 'sensitivities' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write');
-//Insert the 'sign' object from the 'patients' section into the Physicians group write ACL (added in 3.3.0)
-updateAcl($doc_write, 'Physicians', 'patients', 'Patients', 'sign', 'Sign Lab Results (write,addonly optional)', 'write');
-//Insert the 'sign' object from the 'nationnotes' section into the Administrators group write ACL (added in 3.3.0)
-updateAcl($admin_write, 'Administrators','nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure','write');
-//Insert the 'sign' object from the 'nationnotes' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login','nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure','write');
-//Insert the 'patientportal' object from the 'patientportal' section into the Administrators group write ACL (added in 4.1.0)
-updateAcl($admin_write, 'Administrators','patientportal', 'Patient Portal', 'portal', 'Patient Portal','write');
-//Insert the 'patientportal' object from the 'patientportal' section into the Emergency Login group write ACL (added in 4.1.0)
-updateAcl($emergency_write, 'Emergency Login','patientportal', 'Patient Portal', 'portal', 'Patient Portal','write');
-
-//Function will return an array that contains the ACL ID number.
-//It will also check to ensure the ACL exist and is not duplicated.
-// $title = Title(string) of group.
-// $return_value = What the acl returns (string), usually 'write' or 'addonly'
-function getAclIdNumber($title, $return_value) {
- global $gacl;
- $temp_acl_id_array = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $title, FALSE, FALSE, FALSE, $return_value);
- switch (count($temp_acl_id_array)) {
- case 0:
- echo "<B>ERROR</B>, '$title' group '$return_value' ACL does not exist.</BR>";
- break;
- case 1:
- echo "'$title' group '$return_value' ACL is present.</BR>";
- break;
- default:
- echo "<B>ERROR</B>, Multiple '$title' group '$return_value' ACLs are present.</BR>";
- break;
- }
- return $temp_acl_id_array;
+$acl_version = get_acl_version();
+if (empty($acl_version)) {
+$acl_version = 0;
}
+// Upgrade for acl_version 1
+$upgrade_acl = 1;
+if ($acl_version < $upgrade_acl) {
+ echo "<B>UPGRADING ACCESS CONTROLS TO VERSION ".$upgrade_acl.":</B></BR>";
-//Function will add an ACL (if doesn't already exist).
-//It will also place the acl in the group, or will CREATE a new group.
-//It will return the ID number of the acl (created or old)
-// $title = Title(string) of group.
-// $name = name of acl (string)
-// $return_value = What the acl returns (string), usually 'write' or 'addonly'
-// $note = description of acl (array)
-function addNewACL($title, $name, $return_value, $note) {
- global $gacl;
- $temp_acl_id_array = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $title, FALSE, FALSE, FALSE, $return_value);
- switch (count($temp_acl_id_array)) {
- case 0:
- $group_id = $gacl->get_group_id($name, $title, 'ARO');
- if ($group_id) {
- //group already exist, so just create acl
- $temp_acl_id = $gacl->add_acl(array("placeholder"=>array("filler")), NULL, array($group_id), NULL, NULL, 1, 1, $return_value, $note);
- if ($temp_acl_id) {
- echo "The '$title' group already exist.</BR>";
- echo "The '$title' group '$return_value' ACL has been successfully added.</BR>";
- $temp_acl_id_array = array($temp_acl_id);
- }
- else {
- echo "The '$title' group already exist.</BR>";
- echo "<B>ERROR</B>, Unable to create the '$title' group '$return_value' ACL.</BR>";
- }
- }
- else {
- //create group, then create acl
- $parent_id = $gacl->get_root_group_id();
- $aro_id = $gacl->add_group($name, $title, $parent_id, 'ARO');
- $temp_acl_id = $gacl->add_acl(array("placeholder"=>array("filler")), NULL, array($aro_id), NULL, NULL, 1, 1, $return_value, $note);
- if ($aro_id ) {
- echo "The '$title' group has been successfully added.</BR>";
- }
- else {
- echo "<B>ERROR</B>, Unable to create the '$title' group.</BR>";
- }
- if ($temp_acl_id) {
- echo "The '$title' group '$return_value' ACL has been successfully added.</BR>";
- $temp_acl_id_array = array($temp_acl_id);
- }
- else {
- echo "<B>ERROR</B>, Unable to create the '$title' group '$return_value' ACL.</BR>";
- }
- }
- break;
- case 1:
- echo "'$title' group '$return_value' ACL already exist.</BR>";
- break;
-
- default:
- echo "<B>ERROR</B>, Multiple '$title' group '$return_value' ACLs are present.</BR>";
- break;
- }
- return $temp_acl_id_array;
-}
+ //Collect the ACL ID numbers.
+ echo "<B>Checking to ensure all the proper ACL(access control list) are present:</B></BR>";
+ //Get Administrator ACL ID number
+ $admin_write = getAclIdNumber('Administrators', 'write');
+ //Get Doctor ACL ID Number
+ $doc_write = getAclIdNumber('Physicians', 'write');
+ //Get Clinician ACL with write access ID number
+ $clin_write = getAclIdNumber('Clinicians', 'write');
+ //Get Clinician ACL with addonly access ID number
+ $clin_addonly = getAclIdNumber('Clinicians', 'addonly');
+ //Get Receptionist ACL ID number
+ $front_write = getAclIdNumber('Front Office', 'write');
+ //Get Accountant ACL ID number
+ $back_write = getAclIdNumber('Accounting', 'write');
+ //Add new object Sections
+ echo "<BR/><B>Adding new object sections</B><BR/>";
+ //Add 'Sensitivities' object section (added in 2.8.2)
+ addObjectSectionAcl('sensitivities', 'Sensitivities');
+ //Add 'Lists' object section (added in 3.0.2)
+ addObjectSectionAcl('lists', 'Lists');
+ //Add 'Placeholder' object section (added in 3.0.2)
+ addObjectSectionAcl('placeholder', 'Placeholder');
+ //Add 'Nation Notes' object section (added in 4.1.0)
+ addObjectSectionAcl('nationnotes','Nation Notes');
+ //Add 'Patient Portal' object section (added in 4.1.0)
+ addObjectSectionAcl('patientportal', 'Patient Portal');
-//Function to add an object section.
-//It will check to ensure the object section doesn't already exist.
-// $name = Identifier(string) of section
-// $title = Title(string) of object
-function addObjectSectionAcl($name, $title) {
- global $gacl;
- if ($gacl->get_object_section_section_id($title, $name, 'ACO')) {
- echo "The '$title' object section already exist.</BR>";
- }
- else {
- $tmp_boolean = $gacl->add_object_section($title , $name, 10, 0, 'ACO');
- if ($tmp_boolean) {
- echo "The '$title' object section has been successfully added.</BR>";
- }
- else {
- echo "<B>ERROR</B>,unable to create the '$title' object section.</BR>";
- }
- }
- return;
-}
+ //Add new Objects
+ echo "<BR/><B>Adding new objects</B><BR/>";
+ //Add 'Normal' sensitivity object, order variable is default 10 (added in 2.8.2)
+ addObjectAcl('sensitivities', 'Sensitivities', 'normal', 'Normal');
+ //Add 'High' sensitivity object, order variable is set to 20 (added in 2.8.2)
+ addObjectAclWithOrder('sensitivities', 'Sensitivities', 'high', 'High', 20);
+ //Add 'Pharmacy Dispensary' object (added in 2.8.4)
+ addObjectAcl('admin', 'Administration', 'drugs', 'Pharmacy Dispensary');
+ //Add 'ACL Administration' object (added in 2.8.4)
+ addObjectAcl('admin', 'Administration', 'acl', 'ACL Administration');
+ //Add 'Price Discounting' object (added in 2.8.4)
+ addObjectAcl('acct', 'Accounting', 'disc', 'Price Discounting');
+ //Add 'Default List (write,addonly optional)' object (added in 3.0.2)
+ addObjectAcl('lists', 'Lists', 'default', 'Default List (write,addonly optional)');
+ //Add 'State List (write,addonly optional)' object (added in 3.0.2)
+ addObjectAcl('lists', 'Lists', 'state', 'State List (write,addonly optional)');
+ //Add 'Country List (write,addonly optional)' object (added in 3.0.2)
+ addObjectAcl('lists', 'Lists', 'country', 'Country List (write,addonly optional)');
+ //Add 'Language List (write,addonly optional)' object (added in 3.0.2)
+ addObjectAcl('lists', 'Lists', 'language', 'Language List (write,addonly optional)');
+ //Add 'Ethnicity-Race List (write,addonly optional)' object (added in 3.0.2)
+ addObjectAcl('lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)');
+ //Add 'Placeholder (Maintains empty ACLs)' object (added in 3.0.2)
+ addObjectAcl('placeholder', 'Placeholder', 'filler', 'Placeholder (Maintains empty ACLs)');
+ //Add 'Sign Lab Results (write,addonly optional)' object (added in 3.3.0)
+ addObjectAcl('patients', 'Patients', 'sign', 'Sign Lab Results (write,addonly optional)');
+ //Add 'nationnotes' object (added in 4.1.0)
+ addObjectAcl('nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure');
+ //Add 'patientportal' object (added in 4.1.0)
+ addObjectAcl('patientportal', 'Patient Portal', 'portal', 'Patient Portal');
+ //Update already existing Objects
+ echo "<BR/><B>Upgrading objects</B><BR/>";
+ //Ensure that 'High' sensitivity object order variable is set to 20
+ editObjectAcl('sensitivities', 'Sensitivities', 'high', 'High', 20);
-//Function to add an object.
-//It will check to ensure the object doesn't already exist.
-// $section_name = Identifier(string) of section
-// $section_title = Title(string) of section
-// $object_name = Identifier(string) of object
-// $object_title = Title(string) of object
-function addObjectAcl($section_name, $section_title, $object_name, $object_title) {
- global $gacl;
- if ($gacl->get_object_id($section_name, $object_name, 'ACO')) {
- echo "The '$object_title' object in the '$section_title' section already exist.</BR>";
- }
- else {
- $tmp_boolean = $gacl->add_object($section_name, $object_title, $object_name, 10, 0, 'ACO');
- if ($tmp_boolean) {
- echo "The '$object_title' object in the '$section_title' section has been successfully added.</BR>";
- }
- else {
- echo "<B>ERROR</B>,unable to create the '$object_title' object in the '$section_title' section.</BR>";
- }
- }
- return;
+ //Add new ACLs here (will return the ACL ID of newly created or already existant ACL)
+ // (will also place in the appropriate group and CREATE a new group if needed)
+ echo "<BR/><B>Adding ACLs(Access Control Lists) and groups</B><BR/>";
+ //Add 'Physicians' ACL with 'addonly' and collect the ID number (added in 3.0.2)
+ $doc_addonly = addNewACL('Physicians', 'doc', 'addonly', 'Things that physicians can read and enter but not modify');
+ //Add 'Front Office' ACL with 'addonly' and collect the ID number (added in 3.0.2)
+ $front_addonly = addNewACL('Front Office', 'front', 'addonly', 'Things that front office can read and enter but not modify');
+ //Add 'Accounting' ACL with 'addonly' and collect the ID number (added in 3.0.2)
+ $back_addonly = addNewACL('Accounting', 'back', 'addonly', 'Things that back office can read and enter but not modify');
+ //Add 'Emergency Login' ACL with 'write' and collect the ID number (added in 3.3.0)
+ $emergency_write = addNewACL('Emergency Login', 'breakglass', 'write', 'Things that can use for emergency login, can read and modify');
+
+ //Update the ACLs
+ echo "<BR/><B>Updating the ACLs(Access Control Lists)</B><BR/>";
+ //Insert the 'super' object from the 'admin' section into the Administrators group write ACL (added in 2.8.2)
+ updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'super', 'Superuser', 'write');
+ //Insert the 'high' object from the 'sensitivities' section into the Administrators group write ACL (added in 2.8.2)
+ updateAcl($admin_write, 'Administrators', 'sensitivities', 'Sensitivities', 'high', 'High', 'write');
+ //Insert the 'normal' object from the 'sensitivities' section into the Administrators group write ACL (added in 2.8.2)
+ updateAcl($admin_write, 'Administrators', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write');
+ //Insert the 'high' object from the 'sensitivities' section into the Physicians group write ACL (added in 2.8.2)
+ updateAcl($doc_write, 'Physicians', 'sensitivities', 'Sensitivities', 'high', 'High', 'write');
+ //Insert the 'normal' object from the 'sensitivities' section into the Physicians group write ACL (added in 2.8.2)
+ updateAcl($doc_write, 'Physicians', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write');
+ //Insert the 'normal' object from the 'sensitivities' section into the Clinicians group addonly ACL (added in 2.8.2)
+ updateAcl($clin_addonly, 'Clinicians', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'addonly');
+ //Insert the 'drugs' object from the 'admin' section into the Administrators group write ACL (added in 2.8.4)
+ updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write');
+ //Insert the 'drugs' object from the 'admin' section into the Physicians group write ACL (added in 2.8.4)
+ updateAcl($doc_write, 'Physicians', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write');
+ //Insert the 'drugs' object from the 'admin' section into the Clinicians group write ACL (added in 2.8.4)
+ updateAcl($clin_write, 'Clinicians', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write');
+ //Insert the 'acl' object from the 'admin' section into the Administrators group write ACL (added in 2.8.4)
+ updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'acl', 'ACL Administration', 'write');
+ //Insert the 'disc' object from the 'acct' section into the Administrators group write ACL (added in 2.8.4)
+ updateAcl($admin_write, 'Administrators', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write');
+ //Insert the 'disc' object from the 'acct' section into the Accounting group write ACL (added in 2.8.4)
+ updateAcl($back_write, 'Accounting', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write');
+ //Insert the 'disc' object from the 'acct' section into the Physicians group write ACL (added in 2.8.4)
+ updateAcl($doc_write, 'Physicians', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write');
+ //Insert the 'default' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2)
+ updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'default', 'Default List (write,addonly optional)', 'write');
+ //Insert the 'state' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2)
+ updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'state', 'State List (write,addonly optional)', 'write');
+ //Insert the 'country' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2)
+ updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'country', 'Country List (write,addonly optional)', 'write');
+ //Insert the 'language' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2)
+ updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'language', 'Language List (write,addonly optional)', 'write');
+ //Insert the 'race' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2)
+ updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)', 'write');
+ //Update ACLs for Emergency Login
+ //Insert the 'disc' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write');
+ //Insert the 'bill' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'bill', 'Billing (write optional)', 'write');
+ //Insert the 'eob' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'eob', 'EOB Data Entry', 'write');
+ //Insert the 'rep' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'rep', 'Financial Reporting - my encounters', 'write');
+ //Insert the 'rep_a' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'rep_a', 'Financial Reporting - anything', 'write');
+ //Insert the 'calendar' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'calendar', 'Calendar Settings', 'write');
+ //Insert the 'database' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'database', 'Database Reporting', 'write');
+ //Insert the 'forms' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'forms', 'Forms Administration', 'write');
+ //Insert the 'practice' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'practice', 'Practice Settings', 'write');
+ //Insert the 'superbill' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'superbill', 'Superbill Codes Administration', 'write');
+ //Insert the 'users' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'users', 'Users/Groups/Logs Administration', 'write');
+ //Insert the 'batchcom' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'batchcom', 'Batch Communication Tool', 'write');
+ //Insert the 'language' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'language', 'Language Interface Tool', 'write');
+ //Insert the 'super' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'super', 'Superuser', 'write');
+ //Insert the 'drugs' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write');
+ //Insert the 'acl' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'acl', 'ACL Administration', 'write');
+ //Insert the 'auth_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'auth_a', 'Authorize - any encounters', 'write');
+ //Insert the 'coding_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'coding_a', 'Coding - any encounters (write,wsome optional)', 'write');
+ //Insert the 'notes_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'notes_a', 'Notes - any encounters (write,addonly optional)', 'write');
+ //Insert the 'date_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'date_a', 'Fix encounter dates - any encounters', 'write');
+ //Insert the 'default' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'default', 'Default List (write,addonly optional)', 'write');
+ //Insert the 'state' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'state', 'State List (write,addonly optional)', 'write');
+ //Insert the 'country' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'country', 'Country List (write,addonly optional)', 'write');
+ //Insert the 'language' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'language', 'Language List (write,addonly optional)', 'write');
+ //Insert the 'ethrace' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)', 'write');
+ //Insert the 'appt' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'appt', 'Appointments (write,wsome optional)', 'write');
+ //Insert the 'demo' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'demo', 'Demographics (write,addonly optional)', 'write');
+ //Insert the 'med' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'med', 'Medical/History (write,addonly optional)', 'write');
+ //Insert the 'trans' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'trans', 'Transactions (write optional)', 'write');
+ //Insert the 'docs' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'docs', 'Documents (write,addonly optional)', 'write');
+ //Insert the 'notes' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'notes', 'Patient Notes (write,addonly optional)', 'write');
+ //Insert the 'high' object from the 'sensitivities' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'sensitivities', 'Sensitivities', 'high', 'High', 'write');
+ //Insert the 'normal' object from the 'sensitivities' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write');
+ //Insert the 'sign' object from the 'patients' section into the Physicians group write ACL (added in 3.3.0)
+ updateAcl($doc_write, 'Physicians', 'patients', 'Patients', 'sign', 'Sign Lab Results (write,addonly optional)', 'write');
+ //Insert the 'sign' object from the 'nationnotes' section into the Administrators group write ACL (added in 3.3.0)
+ updateAcl($admin_write, 'Administrators','nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure','write');
+ //Insert the 'sign' object from the 'nationnotes' section into the Emergency Login group write ACL (added in 3.3.0)
+ updateAcl($emergency_write, 'Emergency Login','nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure','write');
+ //Insert the 'patientportal' object from the 'patientportal' section into the Administrators group write ACL (added in 4.1.0)
+ updateAcl($admin_write, 'Administrators','patientportal', 'Patient Portal', 'portal', 'Patient Portal','write');
+ //Insert the 'patientportal' object from the 'patientportal' section into the Emergency Login group write ACL (added in 4.1.0)
+ updateAcl($emergency_write, 'Emergency Login','patientportal', 'Patient Portal', 'portal', 'Patient Portal','write');
+
+ //DONE with upgrading to this version
+ $acl_version = $upgrade_acl;
}
+// Upgrade for acl_version 2
+$upgrade_acl = 2;
+if ($acl_version < $upgrade_acl) {
+ echo "<B>UPGRADING ACCESS CONTROLS TO VERSION ".$upgrade_acl.":</B></BR>";
+
+ //Collect the ACL ID numbers.
+ echo "<B>Checking to ensure all the proper ACL(access control list) are present:</B></BR>";
+
+ //Add new object Sections
+ echo "<BR/><B>Adding new object sections</B><BR/>";
-//Function to add an object and set the 'order' variable.
-//It will check to ensure the object doesn't already exist.
-// $section_name = Identifier(string) of section
-// $section_title = Title(string) of section
-// $object_name = Identifier(string) of object
-// $object_title = Title(string) of object
-// $order_number = number to determine order in list. used in sensitivities to order the choices
-// in openemr
-function addObjectAclWithOrder($section_name, $section_title, $object_name, $object_title, $order_number) {
- global $gacl;
- if ($gacl->get_object_id($section_name, $object_name, 'ACO')) {
- echo "The '$object_title' object in the '$section_title' section already exist.</BR>";
- }
- else {
- $tmp_boolean = $gacl->add_object($section_name, $object_title, $object_name, $order_number, 0, 'ACO');
- if ($tmp_boolean) {
- echo "The '$object_title' object in the '$section_title' section has been successfully added.</BR>";
- }
- else {
- echo "<B>ERROR</B>,unable to create the '$object_title' object in the '$section_title' section.</BR>";
- }
- }
- return;
+ //Add new Objects
+ echo "<BR/><B>Adding new objects</B><BR/>";
+
+ //Update already existing Objects
+ echo "<BR/><B>Upgrading objects</B><BR/>";
+
+ //Add new ACLs here (will return the ACL ID of newly created or already existant ACL)
+ // (will also place in the appropriate group and CREATE a new group if needed)
+ echo "<BR/><B>Adding ACLs(Access Control Lists) and groups</B><BR/>";
+ addNewACL('Physicians', 'doc', 'wsome', 'Things that physicians can read and partly modify');
+ addNewACL('Clinicians', 'clin', 'wsome', 'Things that clinicians can read and partly modify');
+ addNewACL('Front Office', 'front', 'wsome', 'Things that front office can read and partly modify');
+ addNewACL('Accounting', 'back', 'wsome', 'Things that back office can read and partly modify');
+ addNewACL('Physicians', 'doc', 'view', 'Things that physicians can only read');
+ addNewACL('Clinicians', 'clin', 'view', 'Things that clinicians can only read');
+ addNewACL('Front Office', 'front', 'view', 'Things that front office can only read');
+ addNewACL('Accounting', 'back', 'view', 'Things that back office can only read');
+
+ //Update the ACLs
+ echo "<BR/><B>Updating the ACLs(Access Control Lists)</B><BR/>";
+
+ //DONE with upgrading to this version
+ $acl_version = $upgrade_acl;
}
+/* This is a template for a new revision, when needed
+// Upgrade for acl_version 3
+$upgrade_acl = 3;
+if ($acl_version < $upgrade_acl) {
+ echo "<B>UPGRADING ACCESS CONTROLS TO VERSION ".$upgrade_acl.":</B></BR>";
+
+ //Collect the ACL ID numbers.
+ echo "<B>Checking to ensure all the proper ACL(access control list) are present:</B></BR>";
-//Function to edit an object and set the 'order' variable.
-//It will check to ensure the object already exist, and hasn't been upgraded yet.
-// $section_name = Identifier(string) of section
-// $section_title = Title(string) of section
-// $object_name = Identifier(string) of object
-// $object_title = Title(string) of object
-// $order_number = number to determine order in list. used in sensitivities to order the choices
-// in openemr
-function editObjectAcl($section_name, $section_title, $object_name, $object_title, $order_number) {
- global $gacl;
- $tmp_objectID = $gacl->get_object_id($section_name, $object_name, 'ACO');
- if ($tmp_objectID) {
- $tmp_object = $gacl->get_object_data($tmp_objectID, 'ACO');
- if ($tmp_object[0][2] == $order_number &&
- $tmp_object[0][0] == $section_name &&
- $tmp_object[0][1] == $object_name &&
- $tmp_object[0][3] == $object_title) {
- echo "The '$object_title' object in the '$section_title' section has already been updated.</BR>";
- }
- else {
- $tmp_boolean = $gacl->edit_object($tmp_objectID, $section_name, $object_title, $object_name, $order_number, 0, 'ACO');
- if ($tmp_boolean) {
- echo "The '$object_title' object in the '$section_title' section has been successfully updated.</BR>";
- }
- else {
- echo "<B>ERROR</B>,unable to update the '$object_title' object in the '$section_title' section.</BR>";
- }
- }
- }
- else {
- echo "<B>ERROR</B>, the '$object_title' object in the '$section_title' section does not exist.</BR>";
- }
- return;
+ //Add new object Sections
+ echo "<BR/><B>Adding new object sections</B><BR/>";
+
+ //Add new Objects
+ echo "<BR/><B>Adding new objects</B><BR/>";
+
+ //Update already existing Objects
+ echo "<BR/><B>Upgrading objects</B><BR/>";
+
+ //Add new ACLs here (will return the ACL ID of newly created or already existant ACL)
+ // (will also place in the appropriate group and CREATE a new group if needed)
+ echo "<BR/><B>Adding ACLs(Access Control Lists) and groups</B><BR/>";
+
+ //Update the ACLs
+ echo "<BR/><B>Updating the ACLs(Access Control Lists)</B><BR/>";
+
+ //DONE with upgrading to this version
+ $acl_version = $upgrade_acl;
}
+*/
+
+/* This is a template for a new revision, when needed
+// Upgrade for acl_version 4
+$upgrade_acl = 4;
+if ($acl_version < $upgrade_acl) {
+ echo "<B>UPGRADING ACCESS CONTROLS TO VERSION ".$upgrade_acl.":</B></BR>";
+
+ //Collect the ACL ID numbers.
+ echo "<B>Checking to ensure all the proper ACL(access control list) are present:</B></BR>";
+
+ //Add new object Sections
+ echo "<BR/><B>Adding new object sections</B><BR/>";
+
+ //Add new Objects
+ echo "<BR/><B>Adding new objects</B><BR/>";
+
+ //Update already existing Objects
+ echo "<BR/><B>Upgrading objects</B><BR/>";
+
+ //Add new ACLs here (will return the ACL ID of newly created or already existant ACL)
+ // (will also place in the appropriate group and CREATE a new group if needed)
+ echo "<BR/><B>Adding ACLs(Access Control Lists) and groups</B><BR/>";
+ //Update the ACLs
+ echo "<BR/><B>Updating the ACLs(Access Control Lists)</B><BR/>";
-//Update the ACL
-//It will check to ensure the ACL hasn't already been updated.
-// $array_acl_id_number = array containing hopefully one element, which is an integer, and is identifier of acl to be updated.
-// $group_title = Title(string) of group.
-// $object_section_name = Identifier(string) of section
-// $object_section_title = Title(string) of section
-// $object_name = Identifier(string) of object
-// $object_title = Title(string) of object
-// $acl_return_value = What the acl returns (string), usually 'write' or 'addonly'
-function updateAcl($array_acl_id_number, $group_title, $section_name, $section_title, $object_name, $object_title, $return_value) {
- global $gacl;
- $tmp_array = $gacl->search_acl($section_name, $object_name, FALSE, FALSE, $group_title, FALSE, FALSE, FALSE, $return_value);
- switch (count($tmp_array)) {
- case 0:
- $tmp_boolean = @$gacl->append_acl($array_acl_id_number[0], NULL, NULL, NULL, NULL, array($section_name=>array($object_name)));
- if ($tmp_boolean){
- echo "Successfully placed the '$object_title' object of the '$section_title' section into the '$group_title' group '$return_value' ACL.</BR>";
- }
- else {
- echo "<B>ERROR</B>,unable to place the '$object_title' object of the '$section_title' section into the '$group_title' group '$return_value' ACL.</BR>";
- }
- break;
- case 1:
- echo "The '$object_title' object of the '$section_title' section is already found in the '$group_title' group '$return_value' ACL.</BR>";
- break;
- default:
- echo "<B>ERROR</B>, Multiple '$group_title' group '$return_value' ACLs with the '$object_title' object of the '$section_title' section are present.</BR>";
- break;
- }
- return;
+ //DONE with upgrading to this version
+ $acl_version = $upgrade_acl;
}
+*/
//All done
+set_acl_version($acl_version);
echo "</BR><B>ALL DONE</B>";
?>
View
28 contrib/forms/xmlformgen/xslt/common_objects.xslt
@@ -142,31 +142,39 @@ $table_name = ']]></xsl:text>
</xsl:if>
</xsl:template>
<xsl:template match="acl">
+<xsl:if test="@table='patients'">
<xsl:text disable-output-escaping="yes"><![CDATA[/* Check the access control lists to ensure permissions to this page */
-$thisauth = acl_check(']]></xsl:text>
+if (!acl_check(']]></xsl:text>
<xsl:value-of select="@table" />
<xsl:text disable-output-escaping="yes"><![CDATA[', ']]></xsl:text>
<xsl:value-of select="./text()" />
-<xsl:text disable-output-escaping="yes"><![CDATA[');]]></xsl:text>
-<xsl:if test="@table='patients'">
-<xsl:text disable-output-escaping="yes"><![CDATA[
-if (!$thisauth) {
- die($form_name.': Access Denied.');
+<xsl:text disable-output-escaping="yes"><![CDATA[')) {
+ die(text($form_name).': '.xlt("Access Denied"));
+}
+$thisauth_write_addonly=FALSE;
+if ( acl_check(']]></xsl:text>
+<xsl:value-of select="@table" />
+<xsl:text disable-output-escaping="yes"><![CDATA[',']]></xsl:text>
+<xsl:value-of select="./text()" />
+<xsl:text disable-output-escaping="yes"><![CDATA[','',array('write','addonly') )) {
+ $thisauth_write_addonly=TRUE;
}
+]]></xsl:text>
+<xsl:text disable-output-escaping="yes"><![CDATA[
/* perform a squad check for pages touching patients, if we're in 'athletic team' mode */
if ($GLOBALS['athletic_team']!='false') {
$tmp = getPatientData($pid, 'squad');
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
- $thisauth = 0;
+ die(text($form_name).': '.xlt("Access Denied"));
}
]]></xsl:text>
-</xsl:if>
<xsl:if test="$page='new' or $page='view'">
<xsl:text disable-output-escaping="yes"><![CDATA[
-if ($thisauth != 'write' && $thisauth != 'addonly')
- die($form_name.': Adding is not authorized.');
+if (!$thisauth_write_addonly)
+ die(text($form_name).': '.xlt("Adding is not authorized"));
]]></xsl:text>
</xsl:if>
+</xsl:if>
</xsl:template>
<!-- default layout object -->
<xsl:template match="layout">
View
2 contrib/forms/xmlformgen/xslt/show.php.xslt
@@ -92,7 +92,7 @@ function PrintForm() {
<div id="title">
<span class="title"><?php xl($form_name,'e'); ?></span>
<?php
- if ($thisauth == 'write' || $thisauth == 'addonly')
+ if ($thisauth_write_addonly)
{ ?>
<a href="<?php echo $returnurl; ?>" onclick="top.restoreSession()">
<span class="back"><?php xl($tmore,'e'); ?></span>
View
3 custom/import_xml.php
@@ -47,8 +47,7 @@ function setInsurance($pid, $ainsurance, $asubscriber, $seq) {
}
// Check authorization.
- $thisauth = acl_check('patients', 'demo');
- if ($thisauth != 'write')
+ if (!acl_check('patients', 'demo','','write'))
die("Updating demographics is not authorized.");
if ($_POST['form_import']) {
View
68 gacl/gacl.class.php
@@ -321,11 +321,12 @@ function acl_check_array($aco_section_value, $aco_value, $aro_array) {
* @param string The value of the ARO group (optional)
* @param string The value of the AXO group (optional)
* @param boolean Debug the operation if true (optional)
+ * @param boolean Option to return all applicable ACL's rather than just one. (optional) (Added by OpenEMR)
* @return array Returns as much information as possible about the ACL so other functions can trim it down and omit unwanted data.
*/
- function acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL, $root_aro_group=NULL, $root_axo_group=NULL, $debug=NULL) {
+ function acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL, $root_aro_group=NULL, $root_axo_group=NULL, $debug=NULL, $return_all=FALSE) {
- $cache_id = 'acl_query_'.$aco_section_value.'-'.$aco_value.'-'.$aro_section_value.'-'.$aro_value.'-'.$axo_section_value.'-'.$axo_value.'-'.$root_aro_group.'-'.$root_axo_group.'-'.$debug;
+ $cache_id = 'acl_query_'.$aco_section_value.'-'.$aco_value.'-'.$aro_section_value.'-'.$aro_value.'-'.$axo_section_value.'-'.$axo_value.'-'.$root_aro_group.'-'.$root_axo_group.'-'.$debug.'-'.$return_all;
$retarr = $this->get_cache($cache_id);
@@ -351,7 +352,8 @@ function acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_valu
* This query is where all the magic happens.
* The ordering is very important here, as well very tricky to get correct.
* Currently there can be duplicate ACLs, or ones that step on each other toes. In this case, the ACL that was last updated/created
- * is used.
+ * is used; unless the $return_all parameter is set to TRUE, then will return the entire array of applicable ACL information (this
+ * option was added by OpenEMR)
*
* This is probably where the most optimizations can be made.
*/
@@ -466,6 +468,8 @@ function acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_valu
* The ordering is always very tricky and makes all the difference in the world.
* Order (ar.value IS NOT NULL) DESC should put ACLs given to specific AROs
* ahead of any ACLs given to groups. This works well for exceptions to groups.
+ * If the $return_all parameter is set to TRUE, then will return the entire
+ * array of applicable ACL information (this option was added by OpenEMR)
*/
$order_by[] = 'a.updated_date DESC';
@@ -474,35 +478,61 @@ function acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_valu
ORDER BY '. implode (',', $order_by) . '
';
- // we are only interested in the first row
- $rs = $this->db->SelectLimit($query, 1);
+ // we are only interested in the first row unless $return_all is set
+ if ($return_all) {
+ $rs = $this->db->Execute($query);
+ }
+ else {
+ $rs = $this->db->SelectLimit($query, 1);
+ }
if (!is_object($rs)) {
$this->debug_db('acl_query');
return FALSE;
}
- $row =& $rs->FetchRow();
+ if ($return_all) {
+ while ($arr =& $rs->fetchRow()) {
+ $row[] = $arr;
+ }
+ }
+ else {
+ $row =& $rs->FetchRow();
+ }
+
/*
* Return ACL ID. This is the key to "hooking" extras like pricing assigned to ACLs etc... Very useful.
*/
if (is_array($row)) {
- // Permission granted?
- // This below oneliner is very confusing.
- //$allow = (isset($row[1]) AND $row[1] == 1);
-
- //Prefer this.
- if ( isset($row[1]) AND $row[1] == 1 ) {
- $allow = TRUE;
- } else {
- $allow = FALSE;
- }
- $retarr = array('acl_id' => &$row[0], 'return_value' => &$row[2], 'allow' => $allow);
+ if ($return_all) {
+ foreach ($row as $single_row) {
+ if ( isset($single_row[1]) AND $single_row[1] == 1 ) {
+ $allow = TRUE;
+ } else {
+ $allow = FALSE;
+ }
+ $retarr[] = array('acl_id' => &$single_row[0], 'return_value' => &$single_row[2], 'allow' => $allow);
+ }
+ }
+ else {
+ if ( isset($row[1]) AND $row[1] == 1 ) {
+ $allow = TRUE;
+ } else {
+ $allow = FALSE;
+ }
+ $retarr = array('acl_id' => &$row[0], 'return_value' => &$row[2], 'allow' => $allow);
+ }
} else {
- // Permission denied.
- $retarr = array('acl_id' => NULL, 'return_value' => NULL, 'allow' => FALSE);
+ if ($return_all) {
+ // Permission denied.
+ $retarr[] = array('acl_id' => NULL, 'return_value' => NULL, 'allow' => FALSE);
+ }
+ else {
+ // Permission denied.
+ $retarr = array('acl_id' => NULL, 'return_value' => NULL, 'allow' => FALSE);
+ }
}
/*
View
3 interface/forms/physical_exam/edit_diagnoses.php
@@ -12,8 +12,7 @@
$line_id = $_REQUEST['lineid'];
$info_msg = "";
- $thisauth = acl_check('patients', 'med');
- if ($issue && $thisauth != 'write') die("Edit is not authorized!");
+ if ($issue && !acl_check('patients', 'med','','write')) die("Edit is not authorized!");
?>
<html>
<head>
View
7 interface/main/calendar/add_edit_event.php
@@ -32,11 +32,8 @@
require_once("$srcdir/encounter_events.inc.php");
require_once("$srcdir/acl.inc");
- $my_permission = acl_check('patients', 'appt');
-// Add these restrictions back using new acl return value parameter when
-// that mechanism is added to codebase.
-// if ($my_permission !== 'write' && $my_permission !== 'wsome')
- if (!$my_permission)
+ //Check access control
+ if (!acl_check('patients','appt','',array('write','wsome') ))
die(xl('Access not allowed'));
// Things that might be passed by our opener.
View
6 interface/main/calendar/find_appt_popup.php
@@ -9,8 +9,8 @@
include_once("../../globals.php");
include_once("$srcdir/patient.inc");
- $my_permission = acl_check('patients', 'appt');
- if ($my_permission != 'write' && $my_permission != 'wsome')
+ // check access controls
+ if (!acl_check('patients','appt','',array('write','wsome') ))
die(xl('Access not allowed'));
// If the caller is updating an existing event, then get its ID so
@@ -418,7 +418,7 @@ function setappt(year,mon,mday,hours,minutes) {
});
<?php if (!$ckavail) { ?>
-<?php if ($my_permission == 'write') { ?>
+<?php if (acl_check('patients','appt','','write')) { ?>
if (confirm('<?php echo addslashes(xl('This appointment slot is already used, use it anyway?')); ?>')) {
opener.top.restoreSession();
opener.document.forms[0].submit();
View
9 interface/main/left_nav.php
@@ -158,16 +158,15 @@
$disallowed['bil'] = !(acl_check('acct', 'rep') || acl_check('acct', 'eob') ||
acl_check('acct', 'bill'));
- $tmp = acl_check('patients', 'demo');
- $disallowed['new'] = !($tmp == 'write' || $tmp == 'addonly');
+ $disallowed['new'] = !(acl_check('patients','demo','',array('write','addonly') ));
$disallowed['fax'] = !($GLOBALS['enable_hylafax'] || $GLOBALS['enable_scanner']);
$disallowed['ros'] = !$GLOBALS['athletic_team'];
- $disallowed['iss'] = !((acl_check('encounters', 'notes') == 'write' ||
- acl_check('encounters', 'notes_a') == 'write') &&
- acl_check('patients', 'med') == 'write');
+ $disallowed['iss'] = !((acl_check('encounters','notes','','write') ||
+ acl_check('encounters','notes_a','','write') ) &&
+ acl_check('patients','med','','write') );
$disallowed['imp'] = $disallowed['new'] ||
!is_readable("$webserver_root/custom/import.php");
View
6 interface/main/main_navigation.php
@@ -35,8 +35,7 @@ class='link'>&nbsp;<?php xl('Find','e'); ?>&nbsp;<?php xl('Patient','e'); ?></a>
</td>
<?php
- $npauth = acl_check('patients', 'demo');
- if ($npauth == 'write' || $npauth == 'addonly') {
+ if (acl_check('patients','demo','',array('write','addonly') )) {
?>
<td align="center" nowrap>
&nbsp;<a class="menu" target=_top href="../new/new_patient.php" onclick="top.restoreSession()">
@@ -82,8 +81,7 @@ class='link'>&nbsp;<?php xl('Find','e'); ?>&nbsp;<?php xl('Patient','e'); ?></a>
</td>
<?php
- $tmp = acl_check('patients', 'demo');
- if (($tmp == 'write' || $tmp == 'addonly') &&
+ if ( (acl_check('patients','demo','',array('write','addonly') )) &&
is_readable("$webserver_root/custom/import.php")) {
?>
<td align="center" nowrap>
View
9 interface/main/main_title.php
@@ -73,10 +73,15 @@ function showhideMenu() {
<tr>
<td align="left">
<?php if ($GLOBALS['concurrent_layout']) { ?>
- <table cellspacing="0" cellpadding="1" style="margin:0px 0px 0px 3px;"><tr><td style="vertical-align:text-bottom;">
+ <table cellspacing="0" cellpadding="1" style="margin:0px 0px 0px 3px;">
+
+<?php if (acl_check('patients','demo','',array('write','addonly') )) { ?>
+<tr><td style="vertical-align:text-bottom;">
<a href='' class="css_button_small" style="margin:0px;vertical-align:top;" id='new0' onClick=" return top.window.parent.left_nav.loadFrame2('new0','RTop','new/new.php')">
- <span><?php echo htmlspecialchars( xl('NEW PATIENT'), ENT_QUOTES) ?></span></a>
+ <span><?php echo htmlspecialchars( xl('NEW PATIENT'), ENT_QUOTES); ?></span></a>
</td></tr>
+<?php } //end of acl_check('patients','demo','',array('write','addonly') if ?>
+
<tr><td valign="baseline"><B>
<a class="text" style='vertical-align:text-bottom;' href="main_title.php" id='showMenuLink' onclick='javascript:showhideMenu();return false;'><?php xl('Hide Menu','e'); ?></a></B>
</td></tr></table>
View
3 interface/new/new_comprehensive.php
@@ -13,8 +13,7 @@
require_once("$srcdir/erx_javascript.inc.php");
// Check authorization.
-$thisauth = acl_check('patients', 'demo');
-if ($thisauth != 'write' && $thisauth != 'addonly')
+if (!acl_check('patients','demo','',array('write',addonly) ))
die("Adding demographics is not authorized.");
$CPR = 4; // cells per row
View
3 interface/patient_file/history/edit_billnote.php
@@ -22,8 +22,7 @@
$info_msg = "";
- $thisauth = (acl_check('acct', 'bill') == 'write');
- if (! $thisauth) die(htmlspecialchars(xl('Not authorized'),ENT_NOQUOTES));
+ if (!acl_check('acct', 'bill','','write')) die(htmlspecialchars(xl('Not authorized'),ENT_NOQUOTES));
?>
<html>
<head>
View
14 interface/patient_file/history/history.php
@@ -34,13 +34,15 @@
<body class="body_top">
<?php
- $thisauth = acl_check('patients', 'med');
- if ($thisauth) {
+ if (acl_check('patients','med')) {
$tmp = getPatientData($pid, "squad");
- if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
- $thisauth = 0;
+ if ($tmp['squad'] && ! acl_check('squads', $tmp['squad'])) {
+ echo "<p>(".htmlspecialchars(xl('History not authorized'),ENT_NOQUOTES).")</p>\n";
+ echo "</body>\n</html>\n";
+ exit();
+ }
}
- if (!$thisauth) {
+ else {
echo "<p>(".htmlspecialchars(xl('History not authorized'),ENT_NOQUOTES).")</p>\n";
echo "</body>\n</html>\n";
exit();
@@ -53,7 +55,7 @@
}
?>
-<?php if ($thisauth == 'write' || $thisauth == 'addonly') { ?>
+<?php if (acl_check('patients','med','',array('write','addonly') )) { ?>
<div>
<span class="title"><?php echo htmlspecialchars(xl('Patient History / Lifestyle'),ENT_NOQUOTES); ?></span>
</div>
View
7 interface/patient_file/history/history_full.php
@@ -17,13 +17,12 @@
$CPR = 4; // cells per row
// Check authorization.
-$thisauth = acl_check('patients', 'med');
-if ($thisauth) {
+if (acl_check('patients','med')) {
$tmp = getPatientData($pid, "squad");
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
- $thisauth = 0;
+ die(htmlspecialchars(xl("Not authorized for this squad."),ENT_NOQUOTES));
}
-if ($thisauth != 'write' && $thisauth != 'addonly')
+if ( !acl_check('patients','med','',array('write','addonly') ))
die(htmlspecialchars(xl("Not authorized"),ENT_NOQUOTES));
?>
<html>
View
7 interface/patient_file/history/history_save.php
@@ -15,13 +15,12 @@
include_once("$srcdir/options.inc.php");
// Check authorization.
- $thisauth = acl_check('patients', 'med');
- if ($thisauth) {
+ if (acl_check('patients','med')) {
$tmp = getPatientData($pid, "squad");
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
- $thisauth = 0;
+ die(htmlspecialchars(xl("Not authorized for this squad."),ENT_NOQUOTES));
}
- if ($thisauth != 'write' && $thisauth != 'addonly')
+ if ( !acl_check('patients','med','',array('write','addonly') ))
die(htmlspecialchars(xl("Not authorized"),ENT_NOQUOTES));
foreach ($_POST as $key => $val) {
View
6 interface/patient_file/navigation.php
@@ -2,9 +2,9 @@
include_once("../globals.php");
include_once("$srcdir/acl.inc");
- $ie_auth = ((acl_check('encounters', 'notes') == 'write' ||
- acl_check('encounters', 'notes_a') == 'write') &&
- acl_check('patients', 'med') == 'write');
+ $ie_auth = ((acl_check('encounters','notes','','write') ||
+ acl_check('encounters','notes_a','','write')) &&
+ acl_check('patients','med','','write'));
?>
<html>
<head>
View
6 interface/patient_file/problem_encounter.php
@@ -13,9 +13,9 @@
$patdata = getPatientData($pid, "fname,lname,squad");
- $thisauth = ((acl_check('encounters', 'notes') == 'write' ||
- acl_check('encounters', 'notes_a') == 'write') &&
- acl_check('patients', 'med') == 'write');
+ $thisauth = ((acl_check('encounters','notes','','write') ||
+ acl_check('encounters','notes_a','','write')) &&
+ acl_check('patients','med','','write'));
if ($patdata['squad'] && ! acl_check('squads', $patdata['squad']))
$thisauth = 0;
View
5 interface/patient_file/summary/add_edit_issue.php
@@ -45,9 +45,8 @@
// A nonempty thistype is an issue type to be forced for a new issue.
$thistype = empty($_REQUEST['thistype']) ? '' : $_REQUEST['thistype'];
-$thisauth = acl_check('patients', 'med');
-if ($issue && $thisauth != 'write') die(xlt("Edit is not authorized!"));
-if ($thisauth != 'write' && $thisauth != 'addonly') die(xlt("Add is not authorized!"));
+if ($issue && !acl_check('patients','med','','write') ) die(xlt("Edit is not authorized!"));
+if ( !acl_check('patients','med','',array('write','addonly') )) die(xlt("Add is not authorized!"));
$tmp = getPatientData($thispid, "squad");
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
View
6 interface/patient_file/summary/demographics.php
@@ -456,13 +456,11 @@ function setMyPatient() {
if ($result['squad'] && ! acl_check('squads', $result['squad']))
$thisauth = 0;
}
-
if (!$thisauth) {
echo "<p>(" . htmlspecialchars(xl('Demographics not authorized'),ENT_NOQUOTES) . ")</p>\n";
echo "</body>\n</html>\n";
exit();
}
-
if ($thisauth) {
echo "<table><tr><td><span class='title'>" .
htmlspecialchars(getPatientName($pid),ENT_NOQUOTES) .
@@ -634,7 +632,7 @@ function setMyPatient() {
$widgetButtonClass = "";
$linkMethod = "html";
$bodyClass = "";
-$widgetAuth = ($thisauth == "write");
+$widgetAuth = acl_check('patients', 'demo', '', 'write');
$fixedWidth = true;
expand_collapse_widget($widgetTitle, $widgetLabel, $widgetButtonLabel,
$widgetButtonLink, $widgetButtonClass, $linkMethod, $bodyClass,
@@ -676,7 +674,7 @@ function setMyPatient() {
$widgetButtonClass = "";
$linkMethod = "html";
$bodyClass = "";
- $widgetAuth = ($thisauth == "write");
+ $widgetAuth = acl_check('patients', 'demo', '', 'write');
$fixedWidth = true;
expand_collapse_widget($widgetTitle, $widgetLabel, $widgetButtonLabel,
$widgetButtonLink, $widgetButtonClass, $linkMethod, $bodyClass,
View
5 interface/patient_file/summary/demographics_full.php
@@ -24,14 +24,13 @@
$result2 = getEmployerData($pid);
// Check authorization.
- $thisauth = acl_check('patients', 'demo');
if ($pid) {
- if ($thisauth != 'write')
+ if (!acl_check('patients', 'demo', '', 'write'))
die(xl('Updating demographics is not authorized.'));
if ($result['squad'] && ! acl_check('squads', $result['squad']))
die(xl('You are not authorized to access this squad.'));
} else {
- if ($thisauth != 'write' && $thisauth != 'addonly')
+ if (!acl_check('patients', 'demo', '', array('write','addonly') ))
die(xl('Adding demographics is not authorized.'));
}
View
3 interface/patient_file/summary/demographics_print.php
@@ -21,9 +21,8 @@
$result = getPatientData($pid, "*, DATE_FORMAT(DOB,'%Y-%m-%d') as DOB_YMD");
$result2 = getEmployerData($pid);
// Check authorization.
-$thisauth = acl_check('patients', 'demo');
if ($pid) {
- if (!$thisauth != 'write')
+ if (!acl_check('patients','demo','','write'))
die(xl('Demographics not authorized.'));
if ($result['squad'] && ! acl_check('squads', $result['squad']))
die(xl('You are not authorized to access this squad.'));
View
5 interface/patient_file/summary/demographics_save.php
@@ -6,15 +6,14 @@
include_once("$srcdir/formdata.inc.php");
// Check authorization.
-$thisauth = acl_check('patients', 'demo');
if ($pid) {
- if ($thisauth != 'write')
+ if ( !acl_check('patients','demo','','write') )
die(xl('Updating demographics is not authorized.'));
$tmp = getPatientData($pid, "squad");
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
die(xl('You are not authorized to access this squad.'));
} else {
- if ($thisauth != 'write' && $thisauth != 'addonly')
+ if (!acl_check('patients','demo','',array('write','addonly') ))
die(xl('Adding demographics is not authorized.'));
}
View
4 interface/patient_file/summary/pnotes.php
@@ -44,7 +44,7 @@
<div id='pnotes'>
-<?php if ($thisauth == 'write' || $thisauth == 'addonly'): ?>
+<?php if ( acl_check('patients', 'notes','',array('write','addonly') )): ?>
<?php if ($GLOBALS['concurrent_layout']) { ?>
<a href="pnotes_full.php?docid=<?php echo htmlspecialchars( $docid, ENT_QUOTES); ?>" onclick="top.restoreSession()">
@@ -168,7 +168,7 @@
});
var EditNote = function(note) {
-<?php if ($thisauth == 'write' || $thisauth == 'addonly'): ?>
+<?php if ( acl_check('patients', 'notes','',array('write','addonly') )): ?>
top.restoreSession();
<?php if (!$GLOBALS['concurrent_layout']): ?>
top.Main.location.href = "pnotes_full.php?docid=<?php echo $docid; ?>&noteid=" + note.id + "&active=1";
View
9 interface/patient_file/summary/pnotes_full.php
@@ -28,8 +28,7 @@
}
// Check authorization.
-$thisauth = acl_check('patients', 'notes');
-if ($thisauth != 'write' && $thisauth != 'addonly')
+if (!acl_check('patients','notes','',array('write','addonly') ))
die(htmlspecialchars( xl('Not authorized'), ENT_NOQUOTES));
$tmp = getPatientData($pid, "squad");
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
@@ -373,8 +372,7 @@ function show_div(name){
// display, or not, a button to delete the note
// if the user is an admin or if they are the author of the note, they can delete it
- $thisauth = acl_check('admin', 'super');
- if (($iter['user'] == $_SESSION['authUser']) || ($thisauth == 'write')) {
+ if (($iter['user'] == $_SESSION['authUser']) || (acl_check('admin','super','','write'))) {
echo " <a href='#' class='deletenote css_button_small' id='del" . htmlspecialchars( $row_note_id, ENT_QUOTES) .
"' title='" . htmlspecialchars( xl('Delete this note'), ENT_QUOTES) . "'><span>" .
htmlspecialchars( xl('Delete'), ENT_NOQUOTES) . "</span>\n";
@@ -517,8 +515,7 @@ function show_div(name){
// display, or not, a button to delete the note
// if the user is an admin or if they are the author of the note, they can delete it
- $thisauth = acl_check('admin', 'super');
- if (($iter['user'] == $_SESSION['authUser']) || ($thisauth == 'write')) {
+ if (($iter['user'] == $_SESSION['authUser']) || (acl_check('admin','super','','write'))) {
echo " <a href='#' class='deletenote css_button_small' id='del" . htmlspecialchars( $row_note_id, ENT_QUOTES) .
"' title='" . htmlspecialchars( xl('Delete this note'), ENT_QUOTES) . "'><span>" .
htmlspecialchars( xl('Delete'), ENT_NOQUOTES) . "</span>\n";
View
3 interface/patient_file/summary/pnotes_full_add.php
@@ -26,8 +26,7 @@
setpid($_GET['set_pid']);
}
// Check authorization.
-$thisauth = acl_check('patients', 'notes');
-if ($thisauth != 'write' && $thisauth != 'addonly')
+if (!acl_check('patients','notes','',array('write','addonly') ))
die(htmlspecialchars( xl('Not authorized'), ENT_NOQUOTES));
$tmp = getPatientData($pid, "squad");
if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
View
11 interface/patient_file/summary/stats_full.php