Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed installation bug when choosing a username besides admin. Also i…

…ncorporated

a mechanism to avoid original user from easily being removed from the
Administrator acl group (avoid lock out syndrome).
  • Loading branch information...
commit 583e0c5e6d149161cc959fc3e2acddd7eca92c25 1 parent d35cb6b
bradymiller authored
View
14 acl_setup.php
@@ -184,9 +184,17 @@
// Create the Administrator in the above-created "users" section
// and add him/her to the above-created "admin" group.
- //
- $gacl->add_object('users', 'Administrator', 'admin' ,10, 0, 'ARO');
- $gacl->add_group_object($admin, 'users', 'admin', 'ARO');
+ // If this script is being used by OpenEMR's setup, then will
+ // incorporate the installation values. Otherwise will
+// hardcode the 'admin' user.
+ if ( isset($this->iuser) ) {
+ $gacl->add_object('users', $this->iuname, $this->iuser, 10, 0, 'ARO');
+ $gacl->add_group_object($admin, 'users', $this->iuser, 'ARO');
+ }
+ else {
+ $gacl->add_object('users', 'Administrator', 'admin' ,10, 0, 'ARO');
+ $gacl->add_group_object($admin, 'users', 'admin', 'ARO');
+ }
// Declare return terms for language translations
// xl('write') xl('wsome') xl('addonly')
View
22 library/acl.inc
@@ -307,7 +307,7 @@
//
// This will either create or edit a user aro object, and then place it
// in the requested groups. It will not allow removal of the 'admin'
- // user from the 'admin' group.
+ // user or gacl_protected users from the 'admin' group.
// $arr_group_titles = titles of the groups that user will be added to.
// $user_name = username, which is login name.
// $first_name = first name
@@ -321,6 +321,18 @@
include_once("$phpgacl_location/gacl_api.class.php");
$gacl = new gacl_api();
+ //see if this user is gacl protected (ie. do not allow
+ //removal from the Administrators group)
+ require_once(dirname(__FILE__).'/user.inc');
+ require_once(dirname(__FILE__).'/calendar.inc');
+ $userNametoID = getIDfromUser($user_name);
+ if (checkUserSetting("gacl_protect","1",$userNametoID) || $user_name == "admin") {
+ $gacl_protect = true;
+ }
+ else {
+ $gacl_protect = false;
+ }
+
//get array of all available group ID numbers
$parent_id = $gacl->get_root_group_id();
$arr_all_group_ids = $gacl->get_group_children($parent_id, 'ARO', 'RECURSE');
@@ -378,11 +390,11 @@
}
//
- //Below will not allow 'admin' user to be removed from 'admin' group
+ //Below will not allow 'admin' or gacl_protected user to be removed from 'admin' group
//
- if ($user_name == 'admin') {
+ if ($gacl_protect) {
$boolean_admin=0;
- $admin_id = $gacl->get_object_id($section_aro_value, 'admin', 'ARO');
+ $admin_id = $gacl->get_object_id($section_aro_value, $user_name, 'ARO');
$arr_admin = $gacl->get_object_groups($admin_id, 'ARO', 'NO_RECURSE');
foreach ($arr_admin as $value3) {
$arr_admin_data = $gacl->get_group_data($value3, 'ARO');
@@ -394,7 +406,7 @@
foreach ($arr_all_group_ids as $value4) {
$arr_temp = $gacl->get_group_data($value4, 'ARO');
if ($arr_temp[2] == 'admin') {
- $gacl->add_group_object($value4, $section_aro_value, 'admin', 'ARO');
+ $gacl->add_group_object($value4, $section_aro_value, $user_name, 'ARO');
}
}
}
View
14 library/ajax/adminacl_ajax.php
@@ -15,6 +15,8 @@
//
include_once("../../interface/globals.php");
include_once("$srcdir/acl.inc");
+include_once("$srcdir/user.inc");
+include_once("$srcdir/calendar.inc");
header("Content-type: text/xml");
header("Cache-Control: no-cache");
@@ -76,10 +78,18 @@
echo user_group_listings_xml($_POST["name"], $error);
exit;
}
- if (($_POST["name"] == "admin") && in_array("Administrators",$_POST["selection"])) {
+ // check if user is protected. If so, then state message unable to remove from admin group.
+ $userNametoID = getIDfromUser($_POST["name"]);
+ if (checkUserSetting("gacl_protect","1",$userNametoID) || ($_POST["name"] == "admin")) {
+ $gacl_protect = true;
+ }
+ else {
+ $gacl_protect = false;
+ }
+ if ($gacl_protect && in_array("Administrators",$_POST["selection"])) {
//unable to remove admin user from administrators group, process remove,
// send soft error, then return data
- array_push($error, (xl('Not allowed to remove the admin user from the Administrators group') . "!"));
+ array_push($error, (xl('Not allowed to remove this user from the Administrators group') . "!"));
remove_user_aros($_POST["name"], $_POST["selection"]);
echo user_group_listings_xml($_POST["name"], $error);
exit;
View
10 library/classes/Installer.class.php
@@ -311,13 +311,6 @@ public function install_gacl()
return TRUE;
}
- public function configure_gacl()
- {
- //give the administrator user admin priviledges
- $groupArray = array("Administrators");
- return set_user_aro($groupArray,$this->iuser,$this->iuname,"","");
- }
-
public function quick_install() {
if ( ! $this->login_is_valid() ) {
return False;
@@ -357,9 +350,6 @@ public function quick_install() {
if ( ! $this->install_gacl()) {
return False;
}
- if ( ! $this->configure_gacl()) {
- return False;
- }
return True;
}
View
24 library/user.inc
@@ -42,6 +42,30 @@ function getUserSetting($label,$user=NULL) {
return $result;
}
+//This will check a user setting (does not check for default setting)
+// $name is the setting name in the 'users' table
+// $value is the setting value to be checked in the 'users' table
+// $user is the user id number in the 'users' table
+// Returns true if setting exist and false if does not exist
+function checkUserSetting($label, $value, $user=NULL) {
+
+ // if no user id is sent, then use the currently logged in user
+ if (!isset($user)) {
+ $user = $_SESSION['authUserID'];
+ }
+
+ // Check for the user settings (return true if positive or false if negative)
+ $row = sqlQuery("SELECT setting_value FROM user_settings " .
+ "WHERE setting_user=? AND setting_label=? AND setting_value=?", array($user, $label, $value) );
+ if (empty($row)) {
+ return false;
+ }
+ else {
+ return true;
+ }
+
+}
+
//This will set a user setting
// $name is the setting name in the 'users' table
// $value is the setting value to be set in the 'users' table
View
5 setup.php
@@ -438,11 +438,6 @@ function cloneClicked() {
echo $installer->error_message;
break;
}
-
- if ( ! $installer->configure_gacl() ) {
- echo $installer->error_message;
- break;
- }
// display the status information for gacl setup
echo $installer->debug_message;
View
2  sql/database.sql
@@ -3096,6 +3096,8 @@ INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES
INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES (0, 'prescriptions_ps_expand', '1');
INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES (0, 'surgery_ps_expand', '1');
INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES (0, 'vitals_ps_expand', '1');
+INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES (0, 'gacl_protect', '0');
+INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES (1, 'gacl_protect', '1');
-- --------------------------------------------------------
Please sign in to comment.
Something went wrong with that request. Please try again.