2 // If you have installed phpGACL (http://phpgacl.sourceforge.net/)
3 // and have configured it for your site, then uncomment the following
4 // statement and change it to point to the location where
5 // gacl.class.php is intalled.
7 // $phpgacl_location = "/var/www/gacl";
9 // The following Access Control Objects are currently be supported.
10 // These are the "things to be protected":
12 // Section "admin" (Administration):
13 // super Superuser - can delete patients, encounters, issues
14 // calendar Calendar Settings
15 // database Database Reporting
16 // forms Forms Administration
17 // practice Practice Settings
18 // superbill Superbill Codes Administration
19 // users Users/Groups/Logs Administration
20 // batchcom Batch Communication Tool
21 // language Language Interface Tool
22 // drugs Pharmacy Dispensary
24 // Section "acct" (Accounting):
25 // bill Billing (write optional)
27 // rep Financial Reporting - my encounters
28 // rep_a Financial Reporting - anything
30 // Section "patients" (Patient Information):
31 // appt Appointments (write optional)
32 // demo Demographics (write,addonly optional)
33 // med Medical Records and History (write,addonly optional)
34 // trans Transactions, e.g. referrals (write optional)
35 // docs Documents (write,addonly optional)
36 // notes Patient Notes (write,addonly optional)
38 // Section "encounters" (Encounter Information):
39 // auth Authorize - my encounters
40 // auth_a Authorize - any encounters
41 // coding Coding - my encounters (write,wsome optional)
42 // coding_a Coding - any encounters (write,wsome optional)
43 // notes Notes - my encounters (write,addonly optional)
44 // notes_a Notes - any encounters (write,addonly optional)
45 // date_a Fix encounter dates - any encounters
46 // relaxed Less-private information (write,addonly optional)
47 // (e.g. the Sports Fitness encounter form)
49 // Section "squads" applies to sports team use only:
50 // acos in this section define the user-specified list of squads
52 // Section "sensitivities" (Sensitivities):
56 if (isset ($phpgacl_location)) {
57 include_once("$phpgacl_location/gacl.class.php");
58 $gacl_object = new gacl();
61 // acl_check should return 0 if access is denied. Otherwise it may
62 // return anything that evaluates to true. In addition if any of the
63 // following types of access are applicable, then the corresponding value
64 // must be returned if and only if such access is granted (ony one may
67 // * write - the user may add or modify the ACO
68 // * wsome - the user has limited add/modify access to the ACO
69 // * addonly - the user may view and add but not modify entries
71 function acl_check($section, $value, $user = '') {
72 global $gacl_object, $phpgacl_location;
73 if (! $user) $user = $_SESSION['authUser'];
75 if ($phpgacl_location) {
76 return $gacl_object->acl_check($section, $value, 'users', $user);
79 // If no phpgacl, then apply the old static rules whereby "authorized"
80 // users (providers) can do anything, and other users can do most things.
81 // If you want custom access control but don't want to mess with phpGACL,
82 // then you could customize the code below instead.
84 if ($section == 'admin' && $value == 'super') return 0;
86 if ($_SESSION['userauthorized']) return 'write';
88 if ($section == 'patients') {
89 if ($value == 'med') return 1;
92 else if ($section == 'encounters') {
93 if (strpos($value, 'coding' ) === 0) return 'write';
94 if (strpos($value, 'notes' ) === 0) return 'write';
95 if ($value == 'relaxed') return 'write';
97 else if ($section != 'admin') {
104 // Get the ACO name/value pairs for a designated section. Each value
105 // is an array (section_value, value, order_value, name, hidden).
107 function acl_get_section_acos($section) {
108 global $phpgacl_location;
109 if ($phpgacl_location) {
110 include_once("$phpgacl_location/gacl_api.class.php");
111 $gacl = new gacl_api();
112 $arr1 = $gacl->get_objects($section, 1, 'ACO');
114 foreach ($arr1[$section] as $value) {
115 $odata = $gacl->get_object_data($gacl->get_object_id($section, $value, 'ACO'), 'ACO');
116 $arr[$value] = $odata[0];
123 // Return an array keyed on squad ACO names.
124 // This is only applicable for sports team use.
126 function acl_get_squads() {
127 return acl_get_section_acos('squads');
130 // Return an array keyed on encounter sensitivity level ACO names.
131 // Sensitivities are useful when some encounter notes are not
132 // medically sensitive (e.g. a physical fitness test), and/or if
133 // some will be "for doctor's eyes only" (e.g. STD treatment).
135 // When a non-blank sensitivity value exists in the new encounter
136 // form, it names an additional ACO required for access to all forms
137 // in the encounter. If you want some encounters to be non-sensitive,
138 // then you also need some default nonblank sensitivity for normal
139 // encounters, as well as greater encounter notes permissions for
140 // those allowed to view non-sensitive encounters.
142 function acl_get_sensitivities() {
143 return acl_get_section_acos('sensitivities');