2 //First make sure user has access
3 require_once("../../interface/globals.php");
5 use OpenEMR\Common\Acl\AclMain
;
6 use OpenEMR\Common\Csrf\CsrfUtils
;
7 use OpenEMR\Common\Twig\TwigContainer
;
10 if (!CsrfUtils
::verifyCsrfToken($_POST["csrf_token_form"])) {
11 CsrfUtils
::csrfNotVerified();
15 //ensure user has proper access
16 if (!AclMain
::aclCheckCore('admin', 'acl')) {
17 echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("ACL Administration")]);
21 require_once("gacl_admin.inc.php");
23 //GET takes precedence.
24 if ( isset($_GET['object_type']) AND $_GET['object_type'] != '' ) {
25 $object_type = $_GET['object_type'];
27 $object_type = $_POST['object_type'];
30 switch(strtolower(trim($object_type))) {
33 $object_sections_table = $gacl_api->_db_table_prefix
. 'aco_sections';
37 $object_sections_table = $gacl_api->_db_table_prefix
. 'aro_sections';
41 $object_sections_table = $gacl_api->_db_table_prefix
. 'axo_sections';
45 $object_sections_table = $gacl_api->_db_table_prefix
. 'acl_sections';
48 echo "ERROR: Must select an object type<br />\n";
53 $postAction = $_POST['action'] ??
null;
54 switch ($postAction) {
57 if (count($_POST['delete_sections']) > 0) {
58 foreach($_POST['delete_sections'] as $id) {
59 $gacl_api->del_object_section($id, $object_type, TRUE);
64 $gacl_api->return_page($_POST['return_page']);
68 $gacl_api->debug_text("Submit!!");
71 foreach ($_POST['sections'] as $row) {
72 list($id, $value, $order, $name) = $row;
73 $gacl_api->edit_object_section($id, $name, $value, $order,0,$object_type );
81 foreach ($_POST['new_sections'] as $row) {
82 list($value, $order, $name) = $row;
84 if (!empty($value) AND !empty($order) AND !empty($name)) {
86 $object_section_id = $gacl_api->add_object_section($name, $value, $order, 0, $object_type);
87 $gacl_api->debug_text("Section ID: $object_section_id");
90 $gacl_api->debug_text("return_page: ". $_POST['return_page']);
91 $gacl_api->return_page($_POST['return_page']);
95 $query = "select id,value,order_value,name from $object_sections_table order by order_value";
97 $rs = $db->pageexecute($query, $gacl_api->_items_per_page
, ($_GET['page'] ??
null));
98 $rows = $rs->GetRows();
102 foreach ($rows as $row) {
103 list($id, $value, $order_value, $name) = $row;
108 'order' => $order_value,
113 $new_sections = array();
115 for($i=0; $i < 5; $i++
) {
116 $new_sections[] = array(
124 $smarty->assign('sections', $sections);
125 $smarty->assign('new_sections', $new_sections);
127 $smarty->assign("paging_data", $gacl_api->get_paging_data($rs));
132 $smarty->assign('object_type', $object_type);
133 $smarty->assign('object_type_escaped', attr($object_type));
135 $smarty->assign('return_page', $_SERVER['REQUEST_URI']);
137 $smarty->assign('current','edit_'. $object_type .'_sections');
138 $smarty->assign('page_title', 'Edit '. strtoupper($object_type) .' Sections');
140 $smarty->assign("phpgacl_version", $gacl_api->get_version() );
141 $smarty->assign("phpgacl_schema_version", $gacl_api->get_schema_version() );
143 $smarty->assign("CSRF_TOKEN_FORM", CsrfUtils
::collectCsrfToken());
145 $smarty->display('phpgacl/edit_object_sections.tpl');