gacl/admin/edit_object_sections.php

   1 <?php
   2 //First make sure user has access
   3 require_once("../../interface/globals.php");
   4
   5 use OpenEMR\Common\Acl\AclMain;
   6 use OpenEMR\Common\Csrf\CsrfUtils;
   7 use OpenEMR\Common\Twig\TwigContainer;
   8
   9 if (!empty($_POST)) {
  10     if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
  11         CsrfUtils::csrfNotVerified();
  12     }
  13 }
  14
  15 //ensure user has proper access
  16 if (!AclMain::aclCheckCore('admin', 'acl')) {
  17     echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("ACL Administration")]);
  18     exit;
  19 }
  20
  21 require_once("gacl_admin.inc.php");
  22
  23 //GET takes precedence.
  24 if ( isset($_GET['object_type']) AND $_GET['object_type'] != '' ) {
  25         $object_type = $_GET['object_type'];
  26 } else {
  27         $object_type = $_POST['object_type'];
  28 }
  29
  30 switch(strtolower(trim($object_type))) {
  31     case 'aco':
  32         $object_type = 'aco';
  33                 $object_sections_table = $gacl_api->_db_table_prefix . 'aco_sections';
  34         break;
  35     case 'aro':
  36         $object_type = 'aro';
  37                 $object_sections_table = $gacl_api->_db_table_prefix . 'aro_sections';
  38         break;
  39     case 'axo':
  40         $object_type = 'axo';
  41                 $object_sections_table = $gacl_api->_db_table_prefix . 'axo_sections';
  42         break;
  43     case 'acl':
  44         $object_type = 'acl';
  45                 $object_sections_table = $gacl_api->_db_table_prefix . 'acl_sections';
  46         break;
  47     default:
  48         echo "ERROR: Must select an object type<br />\n";
  49         exit();
  50         break;
  51 }
  52
  53 $postAction = $_POST['action'] ?? null;
  54 switch ($postAction) {
  55     case 'Delete':
  56
  57         if (count($_POST['delete_sections']) > 0) {
  58             foreach($_POST['delete_sections'] as $id) {
  59                 $gacl_api->del_object_section($id, $object_type, TRUE);
  60             }
  61         }
  62
  63         //Return page.
  64         $gacl_api->return_page($_POST['return_page']);
  65
  66         break;
  67     case 'Submit':
  68         $gacl_api->debug_text("Submit!!");
  69
  70         //Update sections
  71         foreach ($_POST['sections'] as $row) {
  72             list($id, $value, $order, $name) = $row;
  73             $gacl_api->edit_object_section($id, $name, $value, $order,0,$object_type );
  74         }
  75         unset($id);
  76         unset($value);
  77         unset($order);
  78         unset($name);
  79
  80         //Insert new sections
  81         foreach ($_POST['new_sections'] as $row) {
  82             list($value, $order, $name) = $row;
  83
  84             if (!empty($value) AND !empty($order) AND !empty($name)) {
  85
  86                 $object_section_id = $gacl_api->add_object_section($name, $value, $order, 0, $object_type);
  87                 $gacl_api->debug_text("Section ID: $object_section_id");
  88             }
  89         }
  90         $gacl_api->debug_text("return_page: ". $_POST['return_page']);
  91         $gacl_api->return_page($_POST['return_page']);
  92
  93         break;
  94     default:
  95         $query = "select id,value,order_value,name from $object_sections_table order by order_value";
  96
  97         $rs = $db->pageexecute($query, $gacl_api->_items_per_page, ($_GET['page'] ?? null));
  98         $rows = $rs->GetRows();
  99
 100         $sections = array();
 101
 102         foreach ($rows as $row) {
 103             list($id, $value, $order_value, $name) = $row;
 104
 105                 $sections[] = array(
 106                                                 'id' => $id,
 107                                                 'value' => $value,
 108                                                 'order' => $order_value,
 109                                                 'name' => $name
 110                                             );
 111         }
 112
 113         $new_sections = array();
 114
 115         for($i=0; $i < 5; $i++) {
 116                 $new_sections[] = array(
 117                                                 'id' => $i,
 118                                                 'value' => NULL,
 119                                                 'order' => NULL,
 120                                                 'name' => NULL
 121                                             );
 122         }
 123
 124         $smarty->assign('sections', $sections);
 125         $smarty->assign('new_sections', $new_sections);
 126
 127         $smarty->assign("paging_data", $gacl_api->get_paging_data($rs));
 128
 129         break;
 130 }
 131
 132 $smarty->assign('object_type', $object_type);
 133 $smarty->assign('object_type_escaped', attr($object_type));
 134
 135 $smarty->assign('return_page', $_SERVER['REQUEST_URI']);
 136
 137 $smarty->assign('current','edit_'. $object_type .'_sections');
 138 $smarty->assign('page_title', 'Edit '. strtoupper($object_type) .' Sections');
 139
 140 $smarty->assign("phpgacl_version", $gacl_api->get_version() );
 141 $smarty->assign("phpgacl_schema_version", $gacl_api->get_schema_version() );
 142
 143 $smarty->assign("CSRF_TOKEN_FORM", CsrfUtils::collectCsrfToken());
 144
 145 $smarty->display('phpgacl/edit_object_sections.tpl');
 146 ?>