acl_upgrade.php

   1 <?php
   2 // This program is free software; you can redistribute it and/or
   3 // modify it under the terms of the GNU General Public License
   4 // as published by the Free Software Foundation; either version 2
   5 // of the License, or (at your option) any later version.
   6 //
   7 // This script will update the phpGACL database, which include
   8 // Access Control Objects(ACO), Groups(ARO), and Access Control
   9 // Lists(ACL) created by the the acl_setup.php(2.8.1 onward)
  10 // program, to the most recent version.
  11 // (this assumes phpGACL has been previously installed)
  12 // It will display whether each update already exist
  13 // or if it was updated succesfully.
  14 //
  15 // Updates included:
  16 //   2.8.2
  17 //     Section "sensitivities" (Sensitivities):
  18 //       ADD  normal   Normal              (Administrators, Physicians, Clinicians(addonly))
  19 //       ADD  high     High                (Administrators, Physicians)
  20 //     Section "admin"         (Administration):
  21 //       ADD  super    Superuser           (Adminstrators)
  22 //   2.8.4
  23 //     Section "admin"         (Administration):
  24 //       ADD  drugs    Pharmacy Dispensary (Administrators, Physicians, Clinicians(write))
  25 //       ADD  acl      ACL Administration (Administrators)
  26 //     Section "sensitivities" (Sensitivities):
  27 //       EDIT high     High               (ensure the order variable is '20')
  28
  29
  30 //Ensure that phpGACL has been installed
  31 include_once('library/acl.inc');
  32 if (isset ($phpgacl_location)) {
  33         include_once("$phpgacl_location/gacl_api.class.php");
  34         $gacl = new gacl_api();
  35 }
  36 else {
  37         die("You must first set up library/acl.inc to use phpGACL!");
  38 }
  39
  40
  41 //Collect the ACL ID numbers.
  42 echo "<B>Checking to ensure all the proper ACL(access control list) are present:</B></BR>";
  43 //Get Administrator ACL ID number
  44 $admin_write = getAclIdNumber('Administrators', 'write');
  45 //Get Doctor ACL ID Number
  46 $doc_write = getAclIdNumber('Physicians', 'write');
  47 //Get Clinician ACL with write access ID number
  48 $clin_write = getAclIdNumber('Clinicians', 'write');
  49 //Get Clinician ACL with addonly access ID number
  50 $clin_addonly = getAclIdNumber('Clinicians', 'addonly');
  51 //Get Receptionist ACL ID number
  52 $front_write = getAclIdNumber('Front Office', 'write');
  53 //Get Accountant ACL ID number
  54 $back_write = getAclIdNumber('Accounting', 'write');
  55
  56
  57 //Add new object Sections
  58 echo "<BR/><B>Adding new object sections</B><BR/>";
  59 //Add 'Sensitivities' object section (added in 2.8.2)
  60 addObjectSectionAcl('sensitivities', 'Sensitivities');
  61
  62
  63 //Add new Objects
  64 echo "<BR/><B>Adding new objects</B><BR/>";
  65 //Add 'Normal' sensitivity object, order variable is default 10 (added in 2.8.2)
  66 addObjectAcl('sensitivities', 'Sensitivities', 'normal', 'Normal');
  67 //Add 'High' sensitivity object, order variable is set to 20 (added in 2.8.2)
  68 addObjectAclWithOrder('sensitivities', 'Sensitivities', 'high', 'High', 20);
  69 //Add 'Pharmacy Dispensary' object (added in 2.8.4)
  70 addObjectAcl('admin', 'Administration', 'drugs', 'Pharmacy Dispensary');
  71 //Add 'ACL Administration' object (added in 2.8.4)
  72 addObjectAcl('admin', 'Administration', 'acl', 'ACL Administration');
  73
  74
  75 //Update already existing Objects
  76 echo "<BR/><B>Upgrading objects</B><BR/>";
  77 //Ensure that 'High' sensitivity object order variable is set to 20
  78 editObjectAcl('sensitivities', 'Sensitivities', 'high', 'High', 20);
  79
  80
  81 //Add new User Defined Groups (ARO) here
  82 //(placemarker, since no new user defined groups since 2.8.1 have been added)
  83
  84
  85 //Update the ACLs
  86 echo "<BR/><B>Updating the ACLs(Access Control Lists)</B><BR/>";
  87 //Insert the 'super' object from the 'admin' section into the Administrators group write ACL (added in 2.8.2)
  88 updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'super', 'Superuser', 'write');
  89 //Insert the 'high' object from the 'sensitivities' section into the Administrators group write ACL (added in 2.8.2)
  90 updateAcl($admin_write, 'Administrators', 'sensitivities', 'Sensitivities', 'high', 'High', 'write');
  91 //Insert the 'normal' object from the 'sensitivities' section into the Administrators group write ACL (added in 2.8.2)
  92 updateAcl($admin_write, 'Administrators', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write');
  93 //Insert the 'high' object from the 'sensitivities' section into the Physicians group write ACL (added in 2.8.2)
  94 updateAcl($doc_write, 'Physicians', 'sensitivities', 'Sensitivities', 'high', 'High', 'write');
  95 //Insert the 'normal' object from the 'sensitivities' section into the Physicians group write ACL (added in 2.8.2)
  96 updateAcl($doc_write, 'Physicians', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write');
  97 //Insert the 'normal' object from the 'sensitivities' section into the Clinicians group  addonly ACL (added in 2.8.2)
  98 updateAcl($clin_addonly, 'Clinicians', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'addonly');
  99 //Insert the 'drugs' object from the 'admin' section into the Administrators group write ACL (added in 2.8.4)
 100 updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write');
 101 //Insert the 'drugs' object from the 'admin' section into the Physicians group write ACL (added in 2.8.4)
 102 updateAcl($doc_write, 'Physicians', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write');
 103 //Insert the 'drugs' object from the 'admin' section into the Clinicians group write ACL (added in 2.8.4)
 104 updateAcl($clin_write, 'Clinicians', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write');
 105 //Insert the 'acl' object from the 'admin' section into the Administrators group write ACL (added in 2.8.4)
 106 updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'acl', 'ACL Administration', 'write');
 107
 108
 109 //Function will return an array that contains the ACL ID number.
 110 //It will also check to ensure the ACL exist and is not duplicated.
 111 //  $title = Title(string) of group.
 112 //  $return_value = What the acl returns (string), usually 'write' or 'addonly'
 113 function getAclIdNumber($title, $return_value) {
 114         global $gacl;
 115         $temp_acl_id_array  = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $title, FALSE, FALSE, FALSE, $return_value);
 116         switch (count($temp_acl_id_array)) {
 117                 case 0:
 118                         echo "<B>ERROR</B>, '$title' group '$return_value' ACL does not exist.</BR>";
 119                         break;
 120                 case 1:
 121                         echo "'$title' group '$return_value' ACL is present.</BR>";
 122                         break;
 123                 default:
 124                         echo "<B>ERROR</B>, Multiple '$title' group '$return_value' ACLs are present.</BR>";
 125                         break;
 126         }
 127         return $temp_acl_id_array;
 128 }
 129
 130
 131 //Function to add a group.
 132 //This is just a placeholder function at this point, since have not added another group yet.
 133 //  $name = Identifier(string) of group
 134 //  $title = Title(string) of group
 135 function addGroupAcl($name, $title) {
 136         global $gacl;
 137 //if add a group, then will need to add logic here
 138         return;
 139 }
 140
 141
 142 //Function to add an object section.
 143 //It will check to ensure the object section doesn't already exist.
 144 //  $name = Identifier(string) of section
 145 //  $title = Title(string) of object
 146 function addObjectSectionAcl($name, $title) {
 147         global $gacl;
 148         if ($gacl->get_object_section_section_id($title, $name, 'ACO')) {
 149                 echo "The '$title' object section already exist.</BR>";
 150         }
 151         else {
 152                 $tmp_boolean = $gacl->add_object_section($title , $name, 10, 0, 'ACO');
 153                 if ($tmp_boolean) {
 154                         echo "The '$title' object section has been successfully added.</BR>";
 155                 }
 156                 else {
 157                         echo "<B>ERROR</B>,unable to create the '$title' object section.</BR>";
 158                 }
 159         }
 160         return;
 161 }
 162
 163
 164 //Function to add an object.
 165 //It will check to ensure the object doesn't already exist.
 166 //  $section_name = Identifier(string) of section
 167 //  $section_title = Title(string) of section
 168 //  $object_name = Identifier(string) of object
 169 //  $object_title = Title(string) of object
 170 function addObjectAcl($section_name, $section_title, $object_name, $object_title) {
 171         global $gacl;
 172         if ($gacl->get_object_id($section_name, $object_name, 'ACO')) {
 173                 echo "The '$object_title' object in the '$section_title' section already exist.</BR>";
 174         }
 175         else {
 176                 $tmp_boolean = $gacl->add_object($section_name, $object_title, $object_name, 10, 0, 'ACO');
 177                 if ($tmp_boolean) {
 178                         echo "The '$object_title' object in the '$section_title' section has been successfully added.</BR>";
 179                 }
 180                 else {
 181                         echo "<B>ERROR</B>,unable to create the '$object_title' object in the '$section_title' section.</BR>";
 182                 }
 183         }
 184         return;
 185 }
 186
 187
 188 //Function to add an object and set the 'order' variable.
 189 //It will check to ensure the object doesn't already exist.
 190 //  $section_name = Identifier(string) of section
 191 //  $section_title = Title(string) of section
 192 //  $object_name = Identifier(string) of object
 193 //  $object_title = Title(string) of object
 194 //  $order_number = number to determine order in list. used in sensitivities to order the choices
 195 //                  in openemr
 196 function addObjectAclWithOrder($section_name, $section_title, $object_name, $object_title, $order_number) {
 197         global $gacl;
 198         if ($gacl->get_object_id($section_name, $object_name, 'ACO')) {
 199                 echo "The '$object_title' object in the '$section_title' section already exist.</BR>";
 200         }
 201         else {
 202                 $tmp_boolean = $gacl->add_object($section_name, $object_title, $object_name, $order_number, 0, 'ACO');
 203                 if ($tmp_boolean) {
 204                         echo "The '$object_title' object in the '$section_title' section has been successfully added.</BR>";
 205                 }
 206                 else {
 207                         echo "<B>ERROR</B>,unable to create the '$object_title' object in the '$section_title' section.</BR>";
 208                 }
 209         }
 210         return;
 211 }
 212
 213
 214 //Function to edit an object and set the 'order' variable.
 215 //It will check to ensure the object already exist, and hasn't been upgraded yet.
 216 //  $section_name = Identifier(string) of section
 217 //  $section_title = Title(string) of section
 218 //  $object_name = Identifier(string) of object
 219 //  $object_title = Title(string) of object
 220 //  $order_number = number to determine order in list. used in sensitivities to order the choices
 221 //                  in openemr
 222 function editObjectAcl($section_name, $section_title, $object_name, $object_title, $order_number) {
 223         global $gacl;
 224         $tmp_objectID = $gacl->get_object_id($section_name, $object_name, 'ACO');
 225         if ($tmp_objectID) {
 226                 $tmp_object = $gacl->get_object_data($tmp_objectID, 'ACO');
 227                 if ($tmp_object[0][2] ==  $order_number &&
 228                     $tmp_object[0][0] ==  $section_name &&
 229                     $tmp_object[0][1] ==  $object_name &&
 230                     $tmp_object[0][3] ==  $object_title) {
 231                         echo "The '$object_title' object in the '$section_title' section has already been updated.</BR>";
 232                 }
 233                 else {
 234                         $tmp_boolean = $gacl->edit_object($tmp_objectID, $section_name, $object_title, $object_name, $order_number, 0, 'ACO');
 235                         if ($tmp_boolean) {
 236                                 echo "The '$object_title' object in the '$section_title' section has been successfully updated.</BR>";
 237                         }
 238                         else {
 239                                 echo "<B>ERROR</B>,unable to update the '$object_title' object in the '$section_title' section.</BR>";
 240                         }
 241                 }
 242         }
 243         else {
 244                 echo "<B>ERROR</B>, the '$object_title' object in the '$section_title' section does not exist.</BR>";
 245         }
 246         return;
 247 }
 248
 249
 250 //Update the ACL
 251 //It will check to ensure the ACL hasn't already been updated.
 252 //  $array_acl_id_number = array containing hopefully one element, which is an integer, and is identifier of acl to be updated.
 253 //  $group_title = Title(string) of group.
 254 //  $object_section_name = Identifier(string) of section
 255 //  $object_section_title = Title(string) of section
 256 //  $object_name = Identifier(string) of object
 257 //  $object_title = Title(string) of object
 258 //  $acl_return_value = What the acl returns (string), usually 'write' or 'addonly'
 259 function updateAcl($array_acl_id_number, $group_title, $section_name, $section_title, $object_name, $object_title, $return_value) {
 260         global $gacl;
 261         $tmp_array = $gacl->search_acl($section_name, $object_name, FALSE, FALSE, $group_title, FALSE, FALSE, FALSE, $return_value);
 262         switch (count($tmp_array)) {
 263                 case 0:
 264                         $tmp_boolean = @$gacl->append_acl($array_acl_id_number[0], NULL, NULL, NULL, NULL, array($section_name=>array($object_name)));
 265                         if ($tmp_boolean){
 266                                 echo "Successfully placed the '$object_title' object of the '$section_title' section into the '$group_title' group '$return_value' ACL.</BR>";
 267                         }
 268                         else {
 269                                 echo "<B>ERROR</B>,unable to place the '$object_title' object of the '$section_title' section into the '$group_title' group '$return_value' ACL.</BR>";
 270                         }
 271                         break;
 272                 case 1:
 273                         echo "The '$object_title' object of the '$section_title' section is already found in the '$group_title' group '$return_value' ACL.</BR>";
 274                         break;
 275                 default:
 276                         echo "<B>ERROR</B>, Multiple '$group_title' group '$return_value' ACLs with the '$object_title' object of the '$section_title' section are present.</BR>";
 277                         break;
 278         }
 279         return;
 280 }
 281
 282 //All done
 283 echo "</BR><B>ALL DONE</B>";
 284
 285 ?>