From a5f58a71ada9a939f6c6087f01292282f795c6e8 Mon Sep 17 00:00:00 2001 From: bradymiller Date: Sat, 15 Sep 2012 00:57:02 -0700 Subject: [PATCH] Access Control enhancements: -Modified access control engine to support return values (write, addonly, wsome, etc). (adjusted acl_check function, which was adjusted in entire codebase; old function is still supported for legacy code) -Added the standard acls to also have wsome and view return values -Ability to upgrade access controls by OpenEMR version (tracked in version.php file) --- Documentation/README.phpgacl | 3 +- acl_setup.php | 68 +- acl_upgrade.php | 900 ++++++++++----------- contrib/forms/xmlformgen/xslt/common_objects.xslt | 28 +- contrib/forms/xmlformgen/xslt/show.php.xslt | 2 +- custom/import_xml.php | 3 +- gacl/gacl.class.php | 68 +- interface/forms/physical_exam/edit_diagnoses.php | 3 +- interface/main/calendar/add_edit_event.php | 7 +- interface/main/calendar/find_appt_popup.php | 6 +- interface/main/left_nav.php | 9 +- interface/main/main_navigation.php | 6 +- interface/main/main_title.php | 9 +- interface/new/new_comprehensive.php | 3 +- interface/patient_file/history/edit_billnote.php | 3 +- interface/patient_file/history/history.php | 14 +- interface/patient_file/history/history_full.php | 7 +- interface/patient_file/history/history_save.php | 7 +- interface/patient_file/navigation.php | 6 +- interface/patient_file/problem_encounter.php | 6 +- interface/patient_file/summary/add_edit_issue.php | 5 +- interface/patient_file/summary/demographics.php | 6 +- .../patient_file/summary/demographics_full.php | 5 +- .../patient_file/summary/demographics_print.php | 3 +- .../patient_file/summary/demographics_save.php | 5 +- interface/patient_file/summary/pnotes.php | 4 +- interface/patient_file/summary/pnotes_full.php | 9 +- interface/patient_file/summary/pnotes_full_add.php | 3 +- interface/patient_file/summary/stats_full.php | 11 +- library/acl.inc | 78 +- library/acl_upgrade_fx.php | 280 +++++++ library/classes/Installer.class.php | 2 +- sql/4_1_1-to-4_1_2_upgrade.sql | 4 + sql/database.sql | 5 +- version.php | 10 +- 35 files changed, 997 insertions(+), 591 deletions(-) rewrite acl_upgrade.php (94%) create mode 100644 library/acl_upgrade_fx.php diff --git a/Documentation/README.phpgacl b/Documentation/README.phpgacl index fabae2411..cc243ead0 100644 --- a/Documentation/README.phpgacl +++ b/Documentation/README.phpgacl @@ -27,7 +27,8 @@ also add it to the following three sites: 3. acl_upgrade.php file -Miscellaneous Information (the below information is only applicable +Miscellaneous Information +(the below information is only applicable to OpenEMR versions less than 2.9.0.3 or to users who choose to install an external version of phpGACL) diff --git a/acl_setup.php b/acl_setup.php index bf8d16341..3a896ec20 100644 --- a/acl_setup.php +++ b/acl_setup.php @@ -210,7 +210,7 @@ $breakglass = $gacl->add_group('breakglass' , 'Emergency Login' , $users, 'A } // Declare return terms for language translations - // xl('write') xl('wsome') xl('addonly') + // xl('write') xl('wsome') xl('addonly') xl('view') // Set permissions for administrators. // @@ -237,11 +237,27 @@ $breakglass = $gacl->add_group('breakglass' , 'Emergency Login' , $users, 'A 'placeholder'=>array('filler') ), NULL, array($doc), NULL, NULL, + 1, 1, 'view', 'Things that physicians can only read' + ); + // xl('Things that physicians can only read') + $gacl->add_acl( + array( + 'placeholder'=>array('filler') + ), + NULL, array($doc), NULL, NULL, 1, 1, 'addonly', 'Things that physicians can read and enter but not modify' ); // xl('Things that physicians can read and enter but not modify') $gacl->add_acl( array( + 'placeholder'=>array('filler') + ), + NULL, array($doc), NULL, NULL, + 1, 1, 'wsome', 'Things that physicians can read and partly modify' + ); + // xl('Things that physicians can read and partly modify') + $gacl->add_acl( + array( 'acct'=>array('disc', 'rep'), 'admin'=>array('drugs'), 'encounters'=>array('auth_a', 'coding_a', 'notes_a', 'date_a'), @@ -257,6 +273,14 @@ $breakglass = $gacl->add_group('breakglass' , 'Emergency Login' , $users, 'A // $gacl->add_acl( array( + 'placeholder'=>array('filler') + ), + NULL, array($clin), NULL, NULL, + 1, 1, 'view', 'Things that clinicians can only read' + ); + // xl('Things that clinicians can only read') + $gacl->add_acl( + array( 'encounters'=>array('notes', 'relaxed'), 'patients'=>array('demo', 'med', 'docs', 'notes'), 'sensitivities'=>array('normal') @@ -265,6 +289,15 @@ $breakglass = $gacl->add_group('breakglass' , 'Emergency Login' , $users, 'A 1, 1, 'addonly', 'Things that clinicians can read and enter but not modify' ); // xl('Things that clinicians can read and enter but not modify') + + $gacl->add_acl( + array( + 'placeholder'=>array('filler') + ), + NULL, array($clin), NULL, NULL, + 1, 1, 'wsome', 'Things that clinicians can read and partly modify' + ); + // xl('Things that clinicians can read and partly modify') $gacl->add_acl( array( 'admin'=>array('drugs'), @@ -283,11 +316,27 @@ $breakglass = $gacl->add_group('breakglass' , 'Emergency Login' , $users, 'A 'placeholder'=>array('filler') ), NULL, array($front), NULL, NULL, + 1, 1, 'view', 'Things that front office can only read' + ); + // xl('Things that front office can only read') + $gacl->add_acl( + array( + 'placeholder'=>array('filler') + ), + NULL, array($front), NULL, NULL, 1, 1, 'addonly', 'Things that front office can read and enter but not modify' ); // xl('Things that front office can read and enter but not modify') $gacl->add_acl( array( + 'placeholder'=>array('filler') + ), + NULL, array($front), NULL, NULL, + 1, 1, 'wsome', 'Things that front office can read and partly modify' + ); + // xl('Things that front office can read and partly modify') + $gacl->add_acl( + array( 'patients'=>array('appt', 'demo', 'trans', 'notes') ), NULL, array($front), NULL, NULL, @@ -302,11 +351,27 @@ $breakglass = $gacl->add_group('breakglass' , 'Emergency Login' , $users, 'A 'placeholder'=>array('filler') ), NULL, array($back), NULL, NULL, + 1, 1, 'view', 'Things that back office can only read' + ); + // xl('Things that back office can only read') + $gacl->add_acl( + array( + 'placeholder'=>array('filler') + ), + NULL, array($back), NULL, NULL, 1, 1, 'addonly', 'Things that back office can read and enter but not modify' ); // xl('Things that back office can read and enter but not modify') $gacl->add_acl( array( + 'placeholder'=>array('filler') + ), + NULL, array($back), NULL, NULL, + 1, 1, 'wsome', 'Things that back office can read and partly modify' + ); + // xl('Things that back office can read and partly modify') + $gacl->add_acl( + array( 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'), 'admin'=>array('practice', 'superbill'), 'encounters'=>array('auth_a', 'coding_a', 'date_a'), @@ -316,6 +381,7 @@ $breakglass = $gacl->add_group('breakglass' , 'Emergency Login' , $users, 'A 1, 1, 'write', 'Things that back office can read and modify' ); // xl('Things that back office can read and modify') + // Set permissions for Emergency Login. // $gacl->add_acl( diff --git a/acl_upgrade.php b/acl_upgrade.php dissimilarity index 94% index 4c96ab09c..54862178a 100644 --- a/acl_upgrade.php +++ b/acl_upgrade.php @@ -1,471 +1,429 @@ -Checking to ensure all the proper ACL(access control list) are present:
"; -//Get Administrator ACL ID number -$admin_write = getAclIdNumber('Administrators', 'write'); -//Get Doctor ACL ID Number -$doc_write = getAclIdNumber('Physicians', 'write'); -//Get Clinician ACL with write access ID number -$clin_write = getAclIdNumber('Clinicians', 'write'); -//Get Clinician ACL with addonly access ID number -$clin_addonly = getAclIdNumber('Clinicians', 'addonly'); -//Get Receptionist ACL ID number -$front_write = getAclIdNumber('Front Office', 'write'); -//Get Accountant ACL ID number -$back_write = getAclIdNumber('Accounting', 'write'); - -//Add new object Sections -echo "
Adding new object sections
"; -//Add 'Sensitivities' object section (added in 2.8.2) -addObjectSectionAcl('sensitivities', 'Sensitivities'); -//Add 'Lists' object section (added in 3.0.2) -addObjectSectionAcl('lists', 'Lists'); -//Add 'Placeholder' object section (added in 3.0.2) -addObjectSectionAcl('placeholder', 'Placeholder'); -//Add 'Nation Notes' object section (added in 4.1.0) -addObjectSectionAcl('nationnotes','Nation Notes'); -//Add 'Patient Portal' object section (added in 4.1.0) -addObjectSectionAcl('patientportal', 'Patient Portal'); - -//Add new Objects -echo "
Adding new objects
"; -//Add 'Normal' sensitivity object, order variable is default 10 (added in 2.8.2) -addObjectAcl('sensitivities', 'Sensitivities', 'normal', 'Normal'); -//Add 'High' sensitivity object, order variable is set to 20 (added in 2.8.2) -addObjectAclWithOrder('sensitivities', 'Sensitivities', 'high', 'High', 20); -//Add 'Pharmacy Dispensary' object (added in 2.8.4) -addObjectAcl('admin', 'Administration', 'drugs', 'Pharmacy Dispensary'); -//Add 'ACL Administration' object (added in 2.8.4) -addObjectAcl('admin', 'Administration', 'acl', 'ACL Administration'); -//Add 'Price Discounting' object (added in 2.8.4) -addObjectAcl('acct', 'Accounting', 'disc', 'Price Discounting'); -//Add 'Default List (write,addonly optional)' object (added in 3.0.2) -addObjectAcl('lists', 'Lists', 'default', 'Default List (write,addonly optional)'); -//Add 'State List (write,addonly optional)' object (added in 3.0.2) -addObjectAcl('lists', 'Lists', 'state', 'State List (write,addonly optional)'); -//Add 'Country List (write,addonly optional)' object (added in 3.0.2) -addObjectAcl('lists', 'Lists', 'country', 'Country List (write,addonly optional)'); -//Add 'Language List (write,addonly optional)' object (added in 3.0.2) -addObjectAcl('lists', 'Lists', 'language', 'Language List (write,addonly optional)'); -//Add 'Ethnicity-Race List (write,addonly optional)' object (added in 3.0.2) -addObjectAcl('lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)'); -//Add 'Placeholder (Maintains empty ACLs)' object (added in 3.0.2) -addObjectAcl('placeholder', 'Placeholder', 'filler', 'Placeholder (Maintains empty ACLs)'); -//Add 'Sign Lab Results (write,addonly optional)' object (added in 3.3.0) -addObjectAcl('patients', 'Patients', 'sign', 'Sign Lab Results (write,addonly optional)'); -//Add 'nationnotes' object (added in 4.1.0) -addObjectAcl('nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure'); -//Add 'patientportal' object (added in 4.1.0) -addObjectAcl('patientportal', 'Patient Portal', 'portal', 'Patient Portal'); - -//Update already existing Objects -echo "
Upgrading objects
"; -//Ensure that 'High' sensitivity object order variable is set to 20 -editObjectAcl('sensitivities', 'Sensitivities', 'high', 'High', 20); - -//Add new ACLs here (will return the ACL ID of newly created or already existant ACL) -// (will also place in the appropriate group and CREATE a new group if needed) -echo "
Adding ACLs(Access Control Lists) and groups
"; -//Add 'Physicians' ACL with 'addonly' and collect the ID number (added in 3.0.2) -$doc_addonly = addNewACL('Physicians', 'doc', 'addonly', 'Things that physicians can read and enter but not modify'); -//Add 'Front Office' ACL with 'addonly' and collect the ID number (added in 3.0.2) -$front_addonly = addNewACL('Front Office', 'front', 'addonly', 'Things that front office can read and enter but not modify'); -//Add 'Accounting' ACL with 'addonly' and collect the ID number (added in 3.0.2) -$back_addonly = addNewACL('Accounting', 'back', 'addonly', 'Things that back office can read and enter but not modify'); -//Add 'Emergency Login' ACL with 'write' and collect the ID number (added in 3.3.0) -$emergency_write = addNewACL('Emergency Login', 'breakglass', 'write', 'Things that can use for emergency login, can read and modify'); - -//Update the ACLs -echo "
Updating the ACLs(Access Control Lists)
"; -//Insert the 'super' object from the 'admin' section into the Administrators group write ACL (added in 2.8.2) -updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'super', 'Superuser', 'write'); -//Insert the 'high' object from the 'sensitivities' section into the Administrators group write ACL (added in 2.8.2) -updateAcl($admin_write, 'Administrators', 'sensitivities', 'Sensitivities', 'high', 'High', 'write'); -//Insert the 'normal' object from the 'sensitivities' section into the Administrators group write ACL (added in 2.8.2) -updateAcl($admin_write, 'Administrators', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write'); -//Insert the 'high' object from the 'sensitivities' section into the Physicians group write ACL (added in 2.8.2) -updateAcl($doc_write, 'Physicians', 'sensitivities', 'Sensitivities', 'high', 'High', 'write'); -//Insert the 'normal' object from the 'sensitivities' section into the Physicians group write ACL (added in 2.8.2) -updateAcl($doc_write, 'Physicians', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write'); -//Insert the 'normal' object from the 'sensitivities' section into the Clinicians group addonly ACL (added in 2.8.2) -updateAcl($clin_addonly, 'Clinicians', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'addonly'); -//Insert the 'drugs' object from the 'admin' section into the Administrators group write ACL (added in 2.8.4) -updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write'); -//Insert the 'drugs' object from the 'admin' section into the Physicians group write ACL (added in 2.8.4) -updateAcl($doc_write, 'Physicians', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write'); -//Insert the 'drugs' object from the 'admin' section into the Clinicians group write ACL (added in 2.8.4) -updateAcl($clin_write, 'Clinicians', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write'); -//Insert the 'acl' object from the 'admin' section into the Administrators group write ACL (added in 2.8.4) -updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'acl', 'ACL Administration', 'write'); -//Insert the 'disc' object from the 'acct' section into the Administrators group write ACL (added in 2.8.4) -updateAcl($admin_write, 'Administrators', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write'); -//Insert the 'disc' object from the 'acct' section into the Accounting group write ACL (added in 2.8.4) -updateAcl($back_write, 'Accounting', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write'); -//Insert the 'disc' object from the 'acct' section into the Physicians group write ACL (added in 2.8.4) -updateAcl($doc_write, 'Physicians', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write'); -//Insert the 'default' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2) -updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'default', 'Default List (write,addonly optional)', 'write'); -//Insert the 'state' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2) -updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'state', 'State List (write,addonly optional)', 'write'); -//Insert the 'country' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2) -updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'country', 'Country List (write,addonly optional)', 'write'); -//Insert the 'language' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2) -updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'language', 'Language List (write,addonly optional)', 'write'); -//Insert the 'race' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2) -updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)', 'write'); -//Update ACLs for Emergency Login -//Insert the 'disc' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write'); -//Insert the 'bill' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'bill', 'Billing (write optional)', 'write'); -//Insert the 'eob' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'eob', 'EOB Data Entry', 'write'); -//Insert the 'rep' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'rep', 'Financial Reporting - my encounters', 'write'); -//Insert the 'rep_a' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'rep_a', 'Financial Reporting - anything', 'write'); -//Insert the 'calendar' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'calendar', 'Calendar Settings', 'write'); -//Insert the 'database' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'database', 'Database Reporting', 'write'); -//Insert the 'forms' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'forms', 'Forms Administration', 'write'); -//Insert the 'practice' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'practice', 'Practice Settings', 'write'); -//Insert the 'superbill' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'superbill', 'Superbill Codes Administration', 'write'); -//Insert the 'users' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'users', 'Users/Groups/Logs Administration', 'write'); -//Insert the 'batchcom' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'batchcom', 'Batch Communication Tool', 'write'); -//Insert the 'language' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'language', 'Language Interface Tool', 'write'); -//Insert the 'super' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'super', 'Superuser', 'write'); -//Insert the 'drugs' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write'); -//Insert the 'acl' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'acl', 'ACL Administration', 'write'); -//Insert the 'auth_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'auth_a', 'Authorize - any encounters', 'write'); -//Insert the 'coding_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'coding_a', 'Coding - any encounters (write,wsome optional)', 'write'); -//Insert the 'notes_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'notes_a', 'Notes - any encounters (write,addonly optional)', 'write'); -//Insert the 'date_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'date_a', 'Fix encounter dates - any encounters', 'write'); -//Insert the 'default' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'default', 'Default List (write,addonly optional)', 'write'); -//Insert the 'state' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'state', 'State List (write,addonly optional)', 'write'); -//Insert the 'country' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'country', 'Country List (write,addonly optional)', 'write'); -//Insert the 'language' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'language', 'Language List (write,addonly optional)', 'write'); -//Insert the 'ethrace' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)', 'write'); -//Insert the 'appt' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'appt', 'Appointments (write,wsome optional)', 'write'); -//Insert the 'demo' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'demo', 'Demographics (write,addonly optional)', 'write'); -//Insert the 'med' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'med', 'Medical/History (write,addonly optional)', 'write'); -//Insert the 'trans' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'trans', 'Transactions (write optional)', 'write'); -//Insert the 'docs' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'docs', 'Documents (write,addonly optional)', 'write'); -//Insert the 'notes' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'notes', 'Patient Notes (write,addonly optional)', 'write'); -//Insert the 'high' object from the 'sensitivities' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'sensitivities', 'Sensitivities', 'high', 'High', 'write'); -//Insert the 'normal' object from the 'sensitivities' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write'); -//Insert the 'sign' object from the 'patients' section into the Physicians group write ACL (added in 3.3.0) -updateAcl($doc_write, 'Physicians', 'patients', 'Patients', 'sign', 'Sign Lab Results (write,addonly optional)', 'write'); -//Insert the 'sign' object from the 'nationnotes' section into the Administrators group write ACL (added in 3.3.0) -updateAcl($admin_write, 'Administrators','nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure','write'); -//Insert the 'sign' object from the 'nationnotes' section into the Emergency Login group write ACL (added in 3.3.0) -updateAcl($emergency_write, 'Emergency Login','nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure','write'); -//Insert the 'patientportal' object from the 'patientportal' section into the Administrators group write ACL (added in 4.1.0) -updateAcl($admin_write, 'Administrators','patientportal', 'Patient Portal', 'portal', 'Patient Portal','write'); -//Insert the 'patientportal' object from the 'patientportal' section into the Emergency Login group write ACL (added in 4.1.0) -updateAcl($emergency_write, 'Emergency Login','patientportal', 'Patient Portal', 'portal', 'Patient Portal','write'); - -//Function will return an array that contains the ACL ID number. -//It will also check to ensure the ACL exist and is not duplicated. -// $title = Title(string) of group. -// $return_value = What the acl returns (string), usually 'write' or 'addonly' -function getAclIdNumber($title, $return_value) { - global $gacl; - $temp_acl_id_array = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $title, FALSE, FALSE, FALSE, $return_value); - switch (count($temp_acl_id_array)) { - case 0: - echo "ERROR, '$title' group '$return_value' ACL does not exist.
"; - break; - case 1: - echo "'$title' group '$return_value' ACL is present.
"; - break; - default: - echo "ERROR, Multiple '$title' group '$return_value' ACLs are present.
"; - break; - } - return $temp_acl_id_array; -} - - -//Function will add an ACL (if doesn't already exist). -//It will also place the acl in the group, or will CREATE a new group. -//It will return the ID number of the acl (created or old) -// $title = Title(string) of group. -// $name = name of acl (string) -// $return_value = What the acl returns (string), usually 'write' or 'addonly' -// $note = description of acl (array) -function addNewACL($title, $name, $return_value, $note) { - global $gacl; - $temp_acl_id_array = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $title, FALSE, FALSE, FALSE, $return_value); - switch (count($temp_acl_id_array)) { - case 0: - $group_id = $gacl->get_group_id($name, $title, 'ARO'); - if ($group_id) { - //group already exist, so just create acl - $temp_acl_id = $gacl->add_acl(array("placeholder"=>array("filler")), NULL, array($group_id), NULL, NULL, 1, 1, $return_value, $note); - if ($temp_acl_id) { - echo "The '$title' group already exist.
"; - echo "The '$title' group '$return_value' ACL has been successfully added.
"; - $temp_acl_id_array = array($temp_acl_id); - } - else { - echo "The '$title' group already exist.
"; - echo "ERROR, Unable to create the '$title' group '$return_value' ACL.
"; - } - } - else { - //create group, then create acl - $parent_id = $gacl->get_root_group_id(); - $aro_id = $gacl->add_group($name, $title, $parent_id, 'ARO'); - $temp_acl_id = $gacl->add_acl(array("placeholder"=>array("filler")), NULL, array($aro_id), NULL, NULL, 1, 1, $return_value, $note); - if ($aro_id ) { - echo "The '$title' group has been successfully added.
"; - } - else { - echo "ERROR, Unable to create the '$title' group.
"; - } - if ($temp_acl_id) { - echo "The '$title' group '$return_value' ACL has been successfully added.
"; - $temp_acl_id_array = array($temp_acl_id); - } - else { - echo "ERROR, Unable to create the '$title' group '$return_value' ACL.
"; - } - } - break; - case 1: - echo "'$title' group '$return_value' ACL already exist.
"; - break; - - default: - echo "ERROR, Multiple '$title' group '$return_value' ACLs are present.
"; - break; - } - return $temp_acl_id_array; -} - - -//Function to add an object section. -//It will check to ensure the object section doesn't already exist. -// $name = Identifier(string) of section -// $title = Title(string) of object -function addObjectSectionAcl($name, $title) { - global $gacl; - if ($gacl->get_object_section_section_id($title, $name, 'ACO')) { - echo "The '$title' object section already exist.
"; - } - else { - $tmp_boolean = $gacl->add_object_section($title , $name, 10, 0, 'ACO'); - if ($tmp_boolean) { - echo "The '$title' object section has been successfully added.
"; - } - else { - echo "ERROR,unable to create the '$title' object section.
"; - } - } - return; -} - - -//Function to add an object. -//It will check to ensure the object doesn't already exist. -// $section_name = Identifier(string) of section -// $section_title = Title(string) of section -// $object_name = Identifier(string) of object -// $object_title = Title(string) of object -function addObjectAcl($section_name, $section_title, $object_name, $object_title) { - global $gacl; - if ($gacl->get_object_id($section_name, $object_name, 'ACO')) { - echo "The '$object_title' object in the '$section_title' section already exist.
"; - } - else { - $tmp_boolean = $gacl->add_object($section_name, $object_title, $object_name, 10, 0, 'ACO'); - if ($tmp_boolean) { - echo "The '$object_title' object in the '$section_title' section has been successfully added.
"; - } - else { - echo "ERROR,unable to create the '$object_title' object in the '$section_title' section.
"; - } - } - return; -} - - -//Function to add an object and set the 'order' variable. -//It will check to ensure the object doesn't already exist. -// $section_name = Identifier(string) of section -// $section_title = Title(string) of section -// $object_name = Identifier(string) of object -// $object_title = Title(string) of object -// $order_number = number to determine order in list. used in sensitivities to order the choices -// in openemr -function addObjectAclWithOrder($section_name, $section_title, $object_name, $object_title, $order_number) { - global $gacl; - if ($gacl->get_object_id($section_name, $object_name, 'ACO')) { - echo "The '$object_title' object in the '$section_title' section already exist.
"; - } - else { - $tmp_boolean = $gacl->add_object($section_name, $object_title, $object_name, $order_number, 0, 'ACO'); - if ($tmp_boolean) { - echo "The '$object_title' object in the '$section_title' section has been successfully added.
"; - } - else { - echo "ERROR,unable to create the '$object_title' object in the '$section_title' section.
"; - } - } - return; -} - - -//Function to edit an object and set the 'order' variable. -//It will check to ensure the object already exist, and hasn't been upgraded yet. -// $section_name = Identifier(string) of section -// $section_title = Title(string) of section -// $object_name = Identifier(string) of object -// $object_title = Title(string) of object -// $order_number = number to determine order in list. used in sensitivities to order the choices -// in openemr -function editObjectAcl($section_name, $section_title, $object_name, $object_title, $order_number) { - global $gacl; - $tmp_objectID = $gacl->get_object_id($section_name, $object_name, 'ACO'); - if ($tmp_objectID) { - $tmp_object = $gacl->get_object_data($tmp_objectID, 'ACO'); - if ($tmp_object[0][2] == $order_number && - $tmp_object[0][0] == $section_name && - $tmp_object[0][1] == $object_name && - $tmp_object[0][3] == $object_title) { - echo "The '$object_title' object in the '$section_title' section has already been updated.
"; - } - else { - $tmp_boolean = $gacl->edit_object($tmp_objectID, $section_name, $object_title, $object_name, $order_number, 0, 'ACO'); - if ($tmp_boolean) { - echo "The '$object_title' object in the '$section_title' section has been successfully updated.
"; - } - else { - echo "ERROR,unable to update the '$object_title' object in the '$section_title' section.
"; - } - } - } - else { - echo "ERROR, the '$object_title' object in the '$section_title' section does not exist.
"; - } - return; -} - - -//Update the ACL -//It will check to ensure the ACL hasn't already been updated. -// $array_acl_id_number = array containing hopefully one element, which is an integer, and is identifier of acl to be updated. -// $group_title = Title(string) of group. -// $object_section_name = Identifier(string) of section -// $object_section_title = Title(string) of section -// $object_name = Identifier(string) of object -// $object_title = Title(string) of object -// $acl_return_value = What the acl returns (string), usually 'write' or 'addonly' -function updateAcl($array_acl_id_number, $group_title, $section_name, $section_title, $object_name, $object_title, $return_value) { - global $gacl; - $tmp_array = $gacl->search_acl($section_name, $object_name, FALSE, FALSE, $group_title, FALSE, FALSE, FALSE, $return_value); - switch (count($tmp_array)) { - case 0: - $tmp_boolean = @$gacl->append_acl($array_acl_id_number[0], NULL, NULL, NULL, NULL, array($section_name=>array($object_name))); - if ($tmp_boolean){ - echo "Successfully placed the '$object_title' object of the '$section_title' section into the '$group_title' group '$return_value' ACL.
"; - } - else { - echo "ERROR,unable to place the '$object_title' object of the '$section_title' section into the '$group_title' group '$return_value' ACL.
"; - } - break; - case 1: - echo "The '$object_title' object of the '$section_title' section is already found in the '$group_title' group '$return_value' ACL.
"; - break; - default: - echo "ERROR, Multiple '$group_title' group '$return_value' ACLs with the '$object_title' object of the '$section_title' section are present.
"; - break; - } - return; -} - -//All done -echo "
ALL DONE"; - -?> +// Upgrade for acl_version +* $upgrade_acl = ; +* if ($acl_version < $upgrade_acl) { +* echo "UPGRADING ACCESS CONTROLS TO VERSION ".$upgrade_acl.":
"; +* +* //Collect the ACL ID numbers. +* echo "Checking to ensure all the proper ACL(access control list) are present:
"; +* +* //Add new object Sections +* echo "
Adding new object sections
"; +* +* //Add new Objects +* echo "
Adding new objects
"; +* +* //Update already existing Objects +* echo "
Upgrading objects
"; +* +* //Add new ACLs here (will return the ACL ID of newly created or already existant ACL) +* // (will also place in the appropriate group and CREATE a new group if needed) +* echo "
Adding ACLs(Access Control Lists) and groups
"; +* +* //Update the ACLs +* echo "
Updating the ACLs(Access Control Lists)
"; +* +* //DONE with upgrading to this version +* $acl_version = $upgrade_acl; +* } +* +* +* Updates included: +* 
---VERSION 1 ACL---
+*   2.8.2
+*     Section "sensitivities" (Sensitivities):
+*       ADD  normal   Normal              (Administrators, Physicians, Clinicians(addonly))
+*       ADD  high     High                (Administrators, Physicians)
+*     Section "admin"         (Administration):
+*       ADD  super    Superuser           (Adminstrators)
+*   2.8.4
+*     Section "admin"         (Administration):
+*       ADD  drugs    Pharmacy Dispensary (Administrators, Physicians, Clinicians(write))
+*       ADD  acl      ACL Administration (Administrators)
+*     Section "sensitivities" (Sensitivities):
+*       EDIT high     High               (ensure the order variable is '20')
+*     Section "acct"          (Accounting):
+*       ADD  disc     Price Discounting (Administrators, Physicians, Accounting(write))
+*   3.0.2
+*     ADD Section "lists" (Lists):
+*       ADD  default   Default List (write,addonly optional)  (Administrators)
+*       ADD  state     State List (write,addonly optional)  (Administrators)
+*       ADD  country   Country List (write,addonly optional)  (Administrators)
+*       ADD  language  Language List (write,addonly optional)  (Administrators)
+*       ADD  ethrace   Ethnicity-Race List (write,addonly optional)  (Administrators)
+*     ADD Section "placeholder" (Placeholder):
+*       ADD  filler    Placeholder (Maintains empty ACLs)
+*     ACL/Group  doc   addonly  "Physicians"   (filler aco)
+*     ACL/Group  front addonly  "Front Office" (filler aco)
+*     ACL/Group  back  addonly  "Accounting"   (filler aco)
+*   3.3.0
+*     Section "patients" (Patients):
+*       ADD  sign  Sign Lab Results (Physicians)
+*     ACL/Group  breakglass  write  "Emergency Login"  (added all aco's to it)
+*   4.1.0
+*     Section "nationnotes" (Nation Notes)
+*       ADD  nn_configure  Nation Notes Configure  (Administrators, Emergency Login)
+*     Section "patientportal" (Patient Portal)
+*       ADD  portal    Patient Portal     (Administrators, Emergency Login)
+*   4.1.1
+*     ACL/Group  doc   wsome  "Physicians"   (filler aco)
+*     ACL/Group  clin  wsome  "Clinicians"   (filler aco)
+*     ACL/Group  front wsome  "Front Office" (filler aco)
+*     ACL/Group  back  wsome  "Accounting"   (filler aco)
+*     ACL/Group  doc   view   "Physicians"   (filler aco)
+*     ACL/Group  clin  view   "Clinicians"   (filler aco)
+*     ACL/Group  front view   "Front Office" (filler aco)
+*     ACL/Group  back  view   "Accounting"   (filler aco)
+*
+* +* Copyright (C) 2012 Brady Miller +* +* LICENSE: This program is free software; you can redistribute it and/or +* modify it under the terms of the GNU General Public License +* as published by the Free Software Foundation; either version 2 +* of the License, or (at your option) any later version. +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* You should have received a copy of the GNU General Public License +* along with this program. If not, see . +* +* @package OpenEMR +* @author Brady Miller +* @link http://www.open-emr.org +*/ + +$ignoreAuth = true; // no login required + +require_once('interface/globals.php'); +require_once("$srcdir/acl_upgrade_fx.php"); + +//Ensure that phpGACL has been installed +include_once('library/acl.inc'); +if (isset ($phpgacl_location)) { + include_once("$phpgacl_location/gacl_api.class.php"); + $gacl = new gacl_api(); +} +else { + die("You must first set up library/acl.inc to use phpGACL!"); +} + +$acl_version = get_acl_version(); +if (empty($acl_version)) { +$acl_version = 0; +} + +// Upgrade for acl_version 1 +$upgrade_acl = 1; +if ($acl_version < $upgrade_acl) { + echo "UPGRADING ACCESS CONTROLS TO VERSION ".$upgrade_acl.":
"; + + //Collect the ACL ID numbers. + echo "Checking to ensure all the proper ACL(access control list) are present:
"; + //Get Administrator ACL ID number + $admin_write = getAclIdNumber('Administrators', 'write'); + //Get Doctor ACL ID Number + $doc_write = getAclIdNumber('Physicians', 'write'); + //Get Clinician ACL with write access ID number + $clin_write = getAclIdNumber('Clinicians', 'write'); + //Get Clinician ACL with addonly access ID number + $clin_addonly = getAclIdNumber('Clinicians', 'addonly'); + //Get Receptionist ACL ID number + $front_write = getAclIdNumber('Front Office', 'write'); + //Get Accountant ACL ID number + $back_write = getAclIdNumber('Accounting', 'write'); + + //Add new object Sections + echo "
Adding new object sections
"; + //Add 'Sensitivities' object section (added in 2.8.2) + addObjectSectionAcl('sensitivities', 'Sensitivities'); + //Add 'Lists' object section (added in 3.0.2) + addObjectSectionAcl('lists', 'Lists'); + //Add 'Placeholder' object section (added in 3.0.2) + addObjectSectionAcl('placeholder', 'Placeholder'); + //Add 'Nation Notes' object section (added in 4.1.0) + addObjectSectionAcl('nationnotes','Nation Notes'); + //Add 'Patient Portal' object section (added in 4.1.0) + addObjectSectionAcl('patientportal', 'Patient Portal'); + + //Add new Objects + echo "
Adding new objects
"; + //Add 'Normal' sensitivity object, order variable is default 10 (added in 2.8.2) + addObjectAcl('sensitivities', 'Sensitivities', 'normal', 'Normal'); + //Add 'High' sensitivity object, order variable is set to 20 (added in 2.8.2) + addObjectAclWithOrder('sensitivities', 'Sensitivities', 'high', 'High', 20); + //Add 'Pharmacy Dispensary' object (added in 2.8.4) + addObjectAcl('admin', 'Administration', 'drugs', 'Pharmacy Dispensary'); + //Add 'ACL Administration' object (added in 2.8.4) + addObjectAcl('admin', 'Administration', 'acl', 'ACL Administration'); + //Add 'Price Discounting' object (added in 2.8.4) + addObjectAcl('acct', 'Accounting', 'disc', 'Price Discounting'); + //Add 'Default List (write,addonly optional)' object (added in 3.0.2) + addObjectAcl('lists', 'Lists', 'default', 'Default List (write,addonly optional)'); + //Add 'State List (write,addonly optional)' object (added in 3.0.2) + addObjectAcl('lists', 'Lists', 'state', 'State List (write,addonly optional)'); + //Add 'Country List (write,addonly optional)' object (added in 3.0.2) + addObjectAcl('lists', 'Lists', 'country', 'Country List (write,addonly optional)'); + //Add 'Language List (write,addonly optional)' object (added in 3.0.2) + addObjectAcl('lists', 'Lists', 'language', 'Language List (write,addonly optional)'); + //Add 'Ethnicity-Race List (write,addonly optional)' object (added in 3.0.2) + addObjectAcl('lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)'); + //Add 'Placeholder (Maintains empty ACLs)' object (added in 3.0.2) + addObjectAcl('placeholder', 'Placeholder', 'filler', 'Placeholder (Maintains empty ACLs)'); + //Add 'Sign Lab Results (write,addonly optional)' object (added in 3.3.0) + addObjectAcl('patients', 'Patients', 'sign', 'Sign Lab Results (write,addonly optional)'); + //Add 'nationnotes' object (added in 4.1.0) + addObjectAcl('nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure'); + //Add 'patientportal' object (added in 4.1.0) + addObjectAcl('patientportal', 'Patient Portal', 'portal', 'Patient Portal'); + + //Update already existing Objects + echo "
Upgrading objects
"; + //Ensure that 'High' sensitivity object order variable is set to 20 + editObjectAcl('sensitivities', 'Sensitivities', 'high', 'High', 20); + + //Add new ACLs here (will return the ACL ID of newly created or already existant ACL) + // (will also place in the appropriate group and CREATE a new group if needed) + echo "
Adding ACLs(Access Control Lists) and groups
"; + //Add 'Physicians' ACL with 'addonly' and collect the ID number (added in 3.0.2) + $doc_addonly = addNewACL('Physicians', 'doc', 'addonly', 'Things that physicians can read and enter but not modify'); + //Add 'Front Office' ACL with 'addonly' and collect the ID number (added in 3.0.2) + $front_addonly = addNewACL('Front Office', 'front', 'addonly', 'Things that front office can read and enter but not modify'); + //Add 'Accounting' ACL with 'addonly' and collect the ID number (added in 3.0.2) + $back_addonly = addNewACL('Accounting', 'back', 'addonly', 'Things that back office can read and enter but not modify'); + //Add 'Emergency Login' ACL with 'write' and collect the ID number (added in 3.3.0) + $emergency_write = addNewACL('Emergency Login', 'breakglass', 'write', 'Things that can use for emergency login, can read and modify'); + + //Update the ACLs + echo "
Updating the ACLs(Access Control Lists)
"; + //Insert the 'super' object from the 'admin' section into the Administrators group write ACL (added in 2.8.2) + updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'super', 'Superuser', 'write'); + //Insert the 'high' object from the 'sensitivities' section into the Administrators group write ACL (added in 2.8.2) + updateAcl($admin_write, 'Administrators', 'sensitivities', 'Sensitivities', 'high', 'High', 'write'); + //Insert the 'normal' object from the 'sensitivities' section into the Administrators group write ACL (added in 2.8.2) + updateAcl($admin_write, 'Administrators', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write'); + //Insert the 'high' object from the 'sensitivities' section into the Physicians group write ACL (added in 2.8.2) + updateAcl($doc_write, 'Physicians', 'sensitivities', 'Sensitivities', 'high', 'High', 'write'); + //Insert the 'normal' object from the 'sensitivities' section into the Physicians group write ACL (added in 2.8.2) + updateAcl($doc_write, 'Physicians', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write'); + //Insert the 'normal' object from the 'sensitivities' section into the Clinicians group addonly ACL (added in 2.8.2) + updateAcl($clin_addonly, 'Clinicians', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'addonly'); + //Insert the 'drugs' object from the 'admin' section into the Administrators group write ACL (added in 2.8.4) + updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write'); + //Insert the 'drugs' object from the 'admin' section into the Physicians group write ACL (added in 2.8.4) + updateAcl($doc_write, 'Physicians', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write'); + //Insert the 'drugs' object from the 'admin' section into the Clinicians group write ACL (added in 2.8.4) + updateAcl($clin_write, 'Clinicians', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write'); + //Insert the 'acl' object from the 'admin' section into the Administrators group write ACL (added in 2.8.4) + updateAcl($admin_write, 'Administrators', 'admin', 'Administration', 'acl', 'ACL Administration', 'write'); + //Insert the 'disc' object from the 'acct' section into the Administrators group write ACL (added in 2.8.4) + updateAcl($admin_write, 'Administrators', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write'); + //Insert the 'disc' object from the 'acct' section into the Accounting group write ACL (added in 2.8.4) + updateAcl($back_write, 'Accounting', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write'); + //Insert the 'disc' object from the 'acct' section into the Physicians group write ACL (added in 2.8.4) + updateAcl($doc_write, 'Physicians', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write'); + //Insert the 'default' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2) + updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'default', 'Default List (write,addonly optional)', 'write'); + //Insert the 'state' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2) + updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'state', 'State List (write,addonly optional)', 'write'); + //Insert the 'country' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2) + updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'country', 'Country List (write,addonly optional)', 'write'); + //Insert the 'language' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2) + updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'language', 'Language List (write,addonly optional)', 'write'); + //Insert the 'race' object from the 'lists' section into the Administrators group write ACL (added in 3.0.2) + updateAcl($admin_write, 'Administrators', 'lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)', 'write'); + //Update ACLs for Emergency Login + //Insert the 'disc' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'disc', 'Price Discounting', 'write'); + //Insert the 'bill' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'bill', 'Billing (write optional)', 'write'); + //Insert the 'eob' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'eob', 'EOB Data Entry', 'write'); + //Insert the 'rep' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'rep', 'Financial Reporting - my encounters', 'write'); + //Insert the 'rep_a' object from the 'acct' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'acct', 'Accounting', 'rep_a', 'Financial Reporting - anything', 'write'); + //Insert the 'calendar' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'calendar', 'Calendar Settings', 'write'); + //Insert the 'database' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'database', 'Database Reporting', 'write'); + //Insert the 'forms' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'forms', 'Forms Administration', 'write'); + //Insert the 'practice' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'practice', 'Practice Settings', 'write'); + //Insert the 'superbill' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'superbill', 'Superbill Codes Administration', 'write'); + //Insert the 'users' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'users', 'Users/Groups/Logs Administration', 'write'); + //Insert the 'batchcom' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'batchcom', 'Batch Communication Tool', 'write'); + //Insert the 'language' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'language', 'Language Interface Tool', 'write'); + //Insert the 'super' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'super', 'Superuser', 'write'); + //Insert the 'drugs' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'drugs', 'Pharmacy Dispensary', 'write'); + //Insert the 'acl' object from the 'admin' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'admin', 'Administration', 'acl', 'ACL Administration', 'write'); + //Insert the 'auth_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'auth_a', 'Authorize - any encounters', 'write'); + //Insert the 'coding_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'coding_a', 'Coding - any encounters (write,wsome optional)', 'write'); + //Insert the 'notes_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'notes_a', 'Notes - any encounters (write,addonly optional)', 'write'); + //Insert the 'date_a' object from the 'encounters' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'encounters', 'Encounters', 'date_a', 'Fix encounter dates - any encounters', 'write'); + //Insert the 'default' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'default', 'Default List (write,addonly optional)', 'write'); + //Insert the 'state' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'state', 'State List (write,addonly optional)', 'write'); + //Insert the 'country' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'country', 'Country List (write,addonly optional)', 'write'); + //Insert the 'language' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'language', 'Language List (write,addonly optional)', 'write'); + //Insert the 'ethrace' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)', 'write'); + //Insert the 'appt' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'appt', 'Appointments (write,wsome optional)', 'write'); + //Insert the 'demo' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'demo', 'Demographics (write,addonly optional)', 'write'); + //Insert the 'med' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'med', 'Medical/History (write,addonly optional)', 'write'); + //Insert the 'trans' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'trans', 'Transactions (write optional)', 'write'); + //Insert the 'docs' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'docs', 'Documents (write,addonly optional)', 'write'); + //Insert the 'notes' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'notes', 'Patient Notes (write,addonly optional)', 'write'); + //Insert the 'high' object from the 'sensitivities' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'sensitivities', 'Sensitivities', 'high', 'High', 'write'); + //Insert the 'normal' object from the 'sensitivities' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login', 'sensitivities', 'Sensitivities', 'normal', 'Normal', 'write'); + //Insert the 'sign' object from the 'patients' section into the Physicians group write ACL (added in 3.3.0) + updateAcl($doc_write, 'Physicians', 'patients', 'Patients', 'sign', 'Sign Lab Results (write,addonly optional)', 'write'); + //Insert the 'sign' object from the 'nationnotes' section into the Administrators group write ACL (added in 3.3.0) + updateAcl($admin_write, 'Administrators','nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure','write'); + //Insert the 'sign' object from the 'nationnotes' section into the Emergency Login group write ACL (added in 3.3.0) + updateAcl($emergency_write, 'Emergency Login','nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure','write'); + //Insert the 'patientportal' object from the 'patientportal' section into the Administrators group write ACL (added in 4.1.0) + updateAcl($admin_write, 'Administrators','patientportal', 'Patient Portal', 'portal', 'Patient Portal','write'); + //Insert the 'patientportal' object from the 'patientportal' section into the Emergency Login group write ACL (added in 4.1.0) + updateAcl($emergency_write, 'Emergency Login','patientportal', 'Patient Portal', 'portal', 'Patient Portal','write'); + + //DONE with upgrading to this version + $acl_version = $upgrade_acl; +} + +// Upgrade for acl_version 2 +$upgrade_acl = 2; +if ($acl_version < $upgrade_acl) { + echo "UPGRADING ACCESS CONTROLS TO VERSION ".$upgrade_acl.":
"; + + //Collect the ACL ID numbers. + echo "Checking to ensure all the proper ACL(access control list) are present:
"; + + //Add new object Sections + echo "
Adding new object sections
"; + + //Add new Objects + echo "
Adding new objects
"; + + //Update already existing Objects + echo "
Upgrading objects
"; + + //Add new ACLs here (will return the ACL ID of newly created or already existant ACL) + // (will also place in the appropriate group and CREATE a new group if needed) + echo "
Adding ACLs(Access Control Lists) and groups
"; + addNewACL('Physicians', 'doc', 'wsome', 'Things that physicians can read and partly modify'); + addNewACL('Clinicians', 'clin', 'wsome', 'Things that clinicians can read and partly modify'); + addNewACL('Front Office', 'front', 'wsome', 'Things that front office can read and partly modify'); + addNewACL('Accounting', 'back', 'wsome', 'Things that back office can read and partly modify'); + addNewACL('Physicians', 'doc', 'view', 'Things that physicians can only read'); + addNewACL('Clinicians', 'clin', 'view', 'Things that clinicians can only read'); + addNewACL('Front Office', 'front', 'view', 'Things that front office can only read'); + addNewACL('Accounting', 'back', 'view', 'Things that back office can only read'); + + //Update the ACLs + echo "
Updating the ACLs(Access Control Lists)
"; + + //DONE with upgrading to this version + $acl_version = $upgrade_acl; +} + +/* This is a template for a new revision, when needed +// Upgrade for acl_version 3 +$upgrade_acl = 3; +if ($acl_version < $upgrade_acl) { + echo "UPGRADING ACCESS CONTROLS TO VERSION ".$upgrade_acl.":
"; + + //Collect the ACL ID numbers. + echo "Checking to ensure all the proper ACL(access control list) are present:
"; + + //Add new object Sections + echo "
Adding new object sections
"; + + //Add new Objects + echo "
Adding new objects
"; + + //Update already existing Objects + echo "
Upgrading objects
"; + + //Add new ACLs here (will return the ACL ID of newly created or already existant ACL) + // (will also place in the appropriate group and CREATE a new group if needed) + echo "
Adding ACLs(Access Control Lists) and groups
"; + + //Update the ACLs + echo "
Updating the ACLs(Access Control Lists)
"; + + //DONE with upgrading to this version + $acl_version = $upgrade_acl; +} +*/ + +/* This is a template for a new revision, when needed +// Upgrade for acl_version 4 +$upgrade_acl = 4; +if ($acl_version < $upgrade_acl) { + echo "UPGRADING ACCESS CONTROLS TO VERSION ".$upgrade_acl.":
"; + + //Collect the ACL ID numbers. + echo "Checking to ensure all the proper ACL(access control list) are present:
"; + + //Add new object Sections + echo "
Adding new object sections
"; + + //Add new Objects + echo "
Adding new objects
"; + + //Update already existing Objects + echo "
Upgrading objects
"; + + //Add new ACLs here (will return the ACL ID of newly created or already existant ACL) + // (will also place in the appropriate group and CREATE a new group if needed) + echo "
Adding ACLs(Access Control Lists) and groups
"; + + //Update the ACLs + echo "
Updating the ACLs(Access Control Lists)
"; + + //DONE with upgrading to this version + $acl_version = $upgrade_acl; +} +*/ + +//All done +set_acl_version($acl_version); +echo "
ALL DONE"; + +?> diff --git a/contrib/forms/xmlformgen/xslt/common_objects.xslt b/contrib/forms/xmlformgen/xslt/common_objects.xslt index 230b414fe..146ac0c6b 100644 --- a/contrib/forms/xmlformgen/xslt/common_objects.xslt +++ b/contrib/forms/xmlformgen/xslt/common_objects.xslt @@ -142,31 +142,39 @@ $table_name = ']]> + +if (!acl_check(']]> - - - + + + + + - + diff --git a/contrib/forms/xmlformgen/xslt/show.php.xslt b/contrib/forms/xmlformgen/xslt/show.php.xslt index 13e9d81fd..f57caca27 100644 --- a/contrib/forms/xmlformgen/xslt/show.php.xslt +++ b/contrib/forms/xmlformgen/xslt/show.php.xslt @@ -92,7 +92,7 @@ function PrintForm() {
diff --git a/custom/import_xml.php b/custom/import_xml.php index 5c820cb12..b07e343cb 100644 --- a/custom/import_xml.php +++ b/custom/import_xml.php @@ -47,8 +47,7 @@ } // Check authorization. - $thisauth = acl_check('patients', 'demo'); - if ($thisauth != 'write') + if (!acl_check('patients', 'demo','','write')) die("Updating demographics is not authorized."); if ($_POST['form_import']) { diff --git a/gacl/gacl.class.php b/gacl/gacl.class.php index a1db3a790..48fc9b7b9 100644 --- a/gacl/gacl.class.php +++ b/gacl/gacl.class.php @@ -321,11 +321,12 @@ class gacl { * @param string The value of the ARO group (optional) * @param string The value of the AXO group (optional) * @param boolean Debug the operation if true (optional) + * @param boolean Option to return all applicable ACL's rather than just one. (optional) (Added by OpenEMR) * @return array Returns as much information as possible about the ACL so other functions can trim it down and omit unwanted data. */ - function acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL, $root_aro_group=NULL, $root_axo_group=NULL, $debug=NULL) { + function acl_query($aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value=NULL, $axo_value=NULL, $root_aro_group=NULL, $root_axo_group=NULL, $debug=NULL, $return_all=FALSE) { - $cache_id = 'acl_query_'.$aco_section_value.'-'.$aco_value.'-'.$aro_section_value.'-'.$aro_value.'-'.$axo_section_value.'-'.$axo_value.'-'.$root_aro_group.'-'.$root_axo_group.'-'.$debug; + $cache_id = 'acl_query_'.$aco_section_value.'-'.$aco_value.'-'.$aro_section_value.'-'.$aro_value.'-'.$axo_section_value.'-'.$axo_value.'-'.$root_aro_group.'-'.$root_axo_group.'-'.$debug.'-'.$return_all; $retarr = $this->get_cache($cache_id); @@ -351,7 +352,8 @@ class gacl { * This query is where all the magic happens. * The ordering is very important here, as well very tricky to get correct. * Currently there can be duplicate ACLs, or ones that step on each other toes. In this case, the ACL that was last updated/created - * is used. + * is used; unless the $return_all parameter is set to TRUE, then will return the entire array of applicable ACL information (this + * option was added by OpenEMR) * * This is probably where the most optimizations can be made. */ @@ -466,6 +468,8 @@ class gacl { * The ordering is always very tricky and makes all the difference in the world. * Order (ar.value IS NOT NULL) DESC should put ACLs given to specific AROs * ahead of any ACLs given to groups. This works well for exceptions to groups. + * If the $return_all parameter is set to TRUE, then will return the entire + * array of applicable ACL information (this option was added by OpenEMR) */ $order_by[] = 'a.updated_date DESC'; @@ -474,35 +478,61 @@ class gacl { ORDER BY '. implode (',', $order_by) . ' '; - // we are only interested in the first row - $rs = $this->db->SelectLimit($query, 1); + // we are only interested in the first row unless $return_all is set + if ($return_all) { + $rs = $this->db->Execute($query); + } + else { + $rs = $this->db->SelectLimit($query, 1); + } if (!is_object($rs)) { $this->debug_db('acl_query'); return FALSE; } - $row =& $rs->FetchRow(); + if ($return_all) { + while ($arr =& $rs->fetchRow()) { + $row[] = $arr; + } + } + else { + $row =& $rs->FetchRow(); + } + /* * Return ACL ID. This is the key to "hooking" extras like pricing assigned to ACLs etc... Very useful. */ if (is_array($row)) { - // Permission granted? - // This below oneliner is very confusing. - //$allow = (isset($row[1]) AND $row[1] == 1); - - //Prefer this. - if ( isset($row[1]) AND $row[1] == 1 ) { - $allow = TRUE; - } else { - $allow = FALSE; - } - $retarr = array('acl_id' => &$row[0], 'return_value' => &$row[2], 'allow' => $allow); + if ($return_all) { + foreach ($row as $single_row) { + if ( isset($single_row[1]) AND $single_row[1] == 1 ) { + $allow = TRUE; + } else { + $allow = FALSE; + } + $retarr[] = array('acl_id' => &$single_row[0], 'return_value' => &$single_row[2], 'allow' => $allow); + } + } + else { + if ( isset($row[1]) AND $row[1] == 1 ) { + $allow = TRUE; + } else { + $allow = FALSE; + } + $retarr = array('acl_id' => &$row[0], 'return_value' => &$row[2], 'allow' => $allow); + } } else { - // Permission denied. - $retarr = array('acl_id' => NULL, 'return_value' => NULL, 'allow' => FALSE); + if ($return_all) { + // Permission denied. + $retarr[] = array('acl_id' => NULL, 'return_value' => NULL, 'allow' => FALSE); + } + else { + // Permission denied. + $retarr = array('acl_id' => NULL, 'return_value' => NULL, 'allow' => FALSE); + } } /* diff --git a/interface/forms/physical_exam/edit_diagnoses.php b/interface/forms/physical_exam/edit_diagnoses.php index e82c47aa9..e0d5c9bd8 100644 --- a/interface/forms/physical_exam/edit_diagnoses.php +++ b/interface/forms/physical_exam/edit_diagnoses.php @@ -12,8 +12,7 @@ $line_id = $_REQUEST['lineid']; $info_msg = ""; - $thisauth = acl_check('patients', 'med'); - if ($issue && $thisauth != 'write') die("Edit is not authorized!"); + if ($issue && !acl_check('patients', 'med','','write')) die("Edit is not authorized!"); ?> diff --git a/interface/main/calendar/add_edit_event.php b/interface/main/calendar/add_edit_event.php index aea5e9838..48225280f 100644 --- a/interface/main/calendar/add_edit_event.php +++ b/interface/main/calendar/add_edit_event.php @@ -32,11 +32,8 @@ require_once("$srcdir/encounter_events.inc.php"); require_once("$srcdir/acl.inc"); - $my_permission = acl_check('patients', 'appt'); -// Add these restrictions back using new acl return value parameter when -// that mechanism is added to codebase. -// if ($my_permission !== 'write' && $my_permission !== 'wsome') - if (!$my_permission) + //Check access control + if (!acl_check('patients','appt','',array('write','wsome') )) die(xl('Access not allowed')); // Things that might be passed by our opener. diff --git a/interface/main/calendar/find_appt_popup.php b/interface/main/calendar/find_appt_popup.php index b4c3b8417..fae82493c 100644 --- a/interface/main/calendar/find_appt_popup.php +++ b/interface/main/calendar/find_appt_popup.php @@ -9,8 +9,8 @@ include_once("../../globals.php"); include_once("$srcdir/patient.inc"); - $my_permission = acl_check('patients', 'appt'); - if ($my_permission != 'write' && $my_permission != 'wsome') + // check access controls + if (!acl_check('patients','appt','',array('write','wsome') )) die(xl('Access not allowed')); // If the caller is updating an existing event, then get its ID so @@ -418,7 +418,7 @@ $(document).ready(function(){ }); - + if (confirm('')) { opener.top.restoreSession(); opener.document.forms[0].submit(); diff --git a/interface/main/left_nav.php b/interface/main/left_nav.php index 51a91a18c..0c1be19dc 100644 --- a/interface/main/left_nav.php +++ b/interface/main/left_nav.php @@ -158,16 +158,15 @@ $disallowed['bil'] = !(acl_check('acct', 'rep') || acl_check('acct', 'eob') || acl_check('acct', 'bill')); - $tmp = acl_check('patients', 'demo'); - $disallowed['new'] = !($tmp == 'write' || $tmp == 'addonly'); + $disallowed['new'] = !(acl_check('patients','demo','',array('write','addonly') )); $disallowed['fax'] = !($GLOBALS['enable_hylafax'] || $GLOBALS['enable_scanner']); $disallowed['ros'] = !$GLOBALS['athletic_team']; - $disallowed['iss'] = !((acl_check('encounters', 'notes') == 'write' || - acl_check('encounters', 'notes_a') == 'write') && - acl_check('patients', 'med') == 'write'); + $disallowed['iss'] = !((acl_check('encounters','notes','','write') || + acl_check('encounters','notes_a','','write') ) && + acl_check('patients','med','','write') ); $disallowed['imp'] = $disallowed['new'] || !is_readable("$webserver_root/custom/import.php"); diff --git a/interface/main/main_navigation.php b/interface/main/main_navigation.php index f29b5323f..b9a31bcc3 100644 --- a/interface/main/main_navigation.php +++ b/interface/main/main_navigation.php @@ -35,8 +35,7 @@ include_once("../../library/acl.inc");   @@ -82,8 +81,7 @@ include_once("../../library/acl.inc"); diff --git a/interface/main/main_title.php b/interface/main/main_title.php index 5553dd621..71eeddd78 100644 --- a/interface/main/main_title.php +++ b/interface/main/main_title.php @@ -73,10 +73,15 @@ $res = sqlQuery("select * from users where username='".$_SESSION{"authUser"}."'" -
+ + + + + +
- +
diff --git a/interface/new/new_comprehensive.php b/interface/new/new_comprehensive.php index 8d239cf8e..cd7f069a8 100644 --- a/interface/new/new_comprehensive.php +++ b/interface/new/new_comprehensive.php @@ -13,8 +13,7 @@ require_once("$srcdir/patient.inc"); require_once("$srcdir/erx_javascript.inc.php"); // Check authorization. -$thisauth = acl_check('patients', 'demo'); -if ($thisauth != 'write' && $thisauth != 'addonly') +if (!acl_check('patients','demo','',array('write',addonly) )) die("Adding demographics is not authorized."); $CPR = 4; // cells per row diff --git a/interface/patient_file/history/edit_billnote.php b/interface/patient_file/history/edit_billnote.php index 30f9f8e91..0a43defd2 100644 --- a/interface/patient_file/history/edit_billnote.php +++ b/interface/patient_file/history/edit_billnote.php @@ -22,8 +22,7 @@ $fake_register_globals=false; $info_msg = ""; - $thisauth = (acl_check('acct', 'bill') == 'write'); - if (! $thisauth) die(htmlspecialchars(xl('Not authorized'),ENT_NOQUOTES)); + if (!acl_check('acct', 'bill','','write')) die(htmlspecialchars(xl('Not authorized'),ENT_NOQUOTES)); ?> diff --git a/interface/patient_file/history/history.php b/interface/patient_file/history/history.php index fdf10e0e2..4d357c55b 100644 --- a/interface/patient_file/history/history.php +++ b/interface/patient_file/history/history.php @@ -34,13 +34,15 @@ $(document).ready(function(){ (".htmlspecialchars(xl('History not authorized'),ENT_NOQUOTES).")

\n"; + echo "\n\n"; + exit(); + } } - if (!$thisauth) { + else { echo "

(".htmlspecialchars(xl('History not authorized'),ENT_NOQUOTES).")

\n"; echo "\n\n"; exit(); @@ -53,7 +55,7 @@ $(document).ready(function(){ } ?> - +
diff --git a/interface/patient_file/history/history_full.php b/interface/patient_file/history/history_full.php index ddb6e3c1b..e074dd3e8 100644 --- a/interface/patient_file/history/history_full.php +++ b/interface/patient_file/history/history_full.php @@ -17,13 +17,12 @@ require_once("$srcdir/options.inc.php"); $CPR = 4; // cells per row // Check authorization. -$thisauth = acl_check('patients', 'med'); -if ($thisauth) { +if (acl_check('patients','med')) { $tmp = getPatientData($pid, "squad"); if ($tmp['squad'] && ! acl_check('squads', $tmp['squad'])) - $thisauth = 0; + die(htmlspecialchars(xl("Not authorized for this squad."),ENT_NOQUOTES)); } -if ($thisauth != 'write' && $thisauth != 'addonly') +if ( !acl_check('patients','med','',array('write','addonly') )) die(htmlspecialchars(xl("Not authorized"),ENT_NOQUOTES)); ?> diff --git a/interface/patient_file/history/history_save.php b/interface/patient_file/history/history_save.php index 6fbcfdea1..a5484c638 100644 --- a/interface/patient_file/history/history_save.php +++ b/interface/patient_file/history/history_save.php @@ -15,13 +15,12 @@ $fake_register_globals=false; include_once("$srcdir/options.inc.php"); // Check authorization. - $thisauth = acl_check('patients', 'med'); - if ($thisauth) { + if (acl_check('patients','med')) { $tmp = getPatientData($pid, "squad"); if ($tmp['squad'] && ! acl_check('squads', $tmp['squad'])) - $thisauth = 0; + die(htmlspecialchars(xl("Not authorized for this squad."),ENT_NOQUOTES)); } - if ($thisauth != 'write' && $thisauth != 'addonly') + if ( !acl_check('patients','med','',array('write','addonly') )) die(htmlspecialchars(xl("Not authorized"),ENT_NOQUOTES)); foreach ($_POST as $key => $val) { diff --git a/interface/patient_file/navigation.php b/interface/patient_file/navigation.php index 69b1febd4..c9ff2e8e2 100644 --- a/interface/patient_file/navigation.php +++ b/interface/patient_file/navigation.php @@ -2,9 +2,9 @@ include_once("../globals.php"); include_once("$srcdir/acl.inc"); - $ie_auth = ((acl_check('encounters', 'notes') == 'write' || - acl_check('encounters', 'notes_a') == 'write') && - acl_check('patients', 'med') == 'write'); + $ie_auth = ((acl_check('encounters','notes','','write') || + acl_check('encounters','notes_a','','write')) && + acl_check('patients','med','','write')); ?> diff --git a/interface/patient_file/problem_encounter.php b/interface/patient_file/problem_encounter.php index 310a41cc6..17f16f324 100644 --- a/interface/patient_file/problem_encounter.php +++ b/interface/patient_file/problem_encounter.php @@ -13,9 +13,9 @@ $patdata = getPatientData($pid, "fname,lname,squad"); - $thisauth = ((acl_check('encounters', 'notes') == 'write' || - acl_check('encounters', 'notes_a') == 'write') && - acl_check('patients', 'med') == 'write'); + $thisauth = ((acl_check('encounters','notes','','write') || + acl_check('encounters','notes_a','','write')) && + acl_check('patients','med','','write')); if ($patdata['squad'] && ! acl_check('squads', $patdata['squad'])) $thisauth = 0; diff --git a/interface/patient_file/summary/add_edit_issue.php b/interface/patient_file/summary/add_edit_issue.php index fa68af173..6b50a7489 100644 --- a/interface/patient_file/summary/add_edit_issue.php +++ b/interface/patient_file/summary/add_edit_issue.php @@ -45,9 +45,8 @@ $thisenc = 0 + (empty($_REQUEST['thisenc']) ? 0 : $_REQUEST['thisenc']); // A nonempty thistype is an issue type to be forced for a new issue. $thistype = empty($_REQUEST['thistype']) ? '' : $_REQUEST['thistype']; -$thisauth = acl_check('patients', 'med'); -if ($issue && $thisauth != 'write') die(xlt("Edit is not authorized!")); -if ($thisauth != 'write' && $thisauth != 'addonly') die(xlt("Add is not authorized!")); +if ($issue && !acl_check('patients','med','','write') ) die(xlt("Edit is not authorized!")); +if ( !acl_check('patients','med','',array('write','addonly') )) die(xlt("Add is not authorized!")); $tmp = getPatientData($thispid, "squad"); if ($tmp['squad'] && ! acl_check('squads', $tmp['squad'])) diff --git a/interface/patient_file/summary/demographics.php b/interface/patient_file/summary/demographics.php index a604a1863..9b1d42ece 100644 --- a/interface/patient_file/summary/demographics.php +++ b/interface/patient_file/summary/demographics.php @@ -456,13 +456,11 @@ $(window).load(function() { if ($result['squad'] && ! acl_check('squads', $result['squad'])) $thisauth = 0; } - if (!$thisauth) { echo "

(" . htmlspecialchars(xl('Demographics not authorized'),ENT_NOQUOTES) . ")

\n"; echo "\n\n"; exit(); } - if ($thisauth) { echo "
" . htmlspecialchars(getPatientName($pid),ENT_NOQUOTES) . @@ -634,7 +632,7 @@ $widgetButtonLink = "demographics_full.php"; $widgetButtonClass = ""; $linkMethod = "html"; $bodyClass = ""; -$widgetAuth = ($thisauth == "write"); +$widgetAuth = acl_check('patients', 'demo', '', 'write'); $fixedWidth = true; expand_collapse_widget($widgetTitle, $widgetLabel, $widgetButtonLabel, $widgetButtonLink, $widgetButtonClass, $linkMethod, $bodyClass, @@ -676,7 +674,7 @@ if ( $insurance_count > 0 ) { $widgetButtonClass = ""; $linkMethod = "html"; $bodyClass = ""; - $widgetAuth = ($thisauth == "write"); + $widgetAuth = acl_check('patients', 'demo', '', 'write'); $fixedWidth = true; expand_collapse_widget($widgetTitle, $widgetLabel, $widgetButtonLabel, $widgetButtonLink, $widgetButtonClass, $linkMethod, $bodyClass, diff --git a/interface/patient_file/summary/demographics_full.php b/interface/patient_file/summary/demographics_full.php index 5976e67a8..b29fa6d62 100644 --- a/interface/patient_file/summary/demographics_full.php +++ b/interface/patient_file/summary/demographics_full.php @@ -24,14 +24,13 @@ require_once("$srcdir/erx_javascript.inc.php"); $result2 = getEmployerData($pid); // Check authorization. - $thisauth = acl_check('patients', 'demo'); if ($pid) { - if ($thisauth != 'write') + if (!acl_check('patients', 'demo', '', 'write')) die(xl('Updating demographics is not authorized.')); if ($result['squad'] && ! acl_check('squads', $result['squad'])) die(xl('You are not authorized to access this squad.')); } else { - if ($thisauth != 'write' && $thisauth != 'addonly') + if (!acl_check('patients', 'demo', '', array('write','addonly') )) die(xl('Adding demographics is not authorized.')); } diff --git a/interface/patient_file/summary/demographics_print.php b/interface/patient_file/summary/demographics_print.php index b9c96da3e..da9961b27 100644 --- a/interface/patient_file/summary/demographics_print.php +++ b/interface/patient_file/summary/demographics_print.php @@ -21,9 +21,8 @@ $CPR = 4; // cells per row $result = getPatientData($pid, "*, DATE_FORMAT(DOB,'%Y-%m-%d') as DOB_YMD"); $result2 = getEmployerData($pid); // Check authorization. -$thisauth = acl_check('patients', 'demo'); if ($pid) { - if (!$thisauth != 'write') + if (!acl_check('patients','demo','','write')) die(xl('Demographics not authorized.')); if ($result['squad'] && ! acl_check('squads', $result['squad'])) die(xl('You are not authorized to access this squad.')); diff --git a/interface/patient_file/summary/demographics_save.php b/interface/patient_file/summary/demographics_save.php index cf09220d0..7460f00dc 100644 --- a/interface/patient_file/summary/demographics_save.php +++ b/interface/patient_file/summary/demographics_save.php @@ -6,15 +6,14 @@ include_once("$srcdir/options.inc.php"); include_once("$srcdir/formdata.inc.php"); // Check authorization. -$thisauth = acl_check('patients', 'demo'); if ($pid) { - if ($thisauth != 'write') + if ( !acl_check('patients','demo','','write') ) die(xl('Updating demographics is not authorized.')); $tmp = getPatientData($pid, "squad"); if ($tmp['squad'] && ! acl_check('squads', $tmp['squad'])) die(xl('You are not authorized to access this squad.')); } else { - if ($thisauth != 'write' && $thisauth != 'addonly') + if (!acl_check('patients','demo','',array('write','addonly') )) die(xl('Adding demographics is not authorized.')); } diff --git a/interface/patient_file/summary/pnotes.php b/interface/patient_file/summary/pnotes.php index d4fc063af..e8e34d229 100644 --- a/interface/patient_file/summary/pnotes.php +++ b/interface/patient_file/summary/pnotes.php @@ -44,7 +44,7 @@ $fake_register_globals=false;
- + @@ -168,7 +168,7 @@ $(document).ready(function(){ }); var EditNote = function(note) { - + top.restoreSession(); top.Main.location.href = "pnotes_full.php?docid=¬eid=" + note.id + "&active=1"; diff --git a/interface/patient_file/summary/pnotes_full.php b/interface/patient_file/summary/pnotes_full.php index 2815f1eb2..d876dfec1 100644 --- a/interface/patient_file/summary/pnotes_full.php +++ b/interface/patient_file/summary/pnotes_full.php @@ -28,8 +28,7 @@ if ($GLOBALS['concurrent_layout'] && $_GET['set_pid']) { } // Check authorization. -$thisauth = acl_check('patients', 'notes'); -if ($thisauth != 'write' && $thisauth != 'addonly') +if (!acl_check('patients','notes','',array('write','addonly') )) die(htmlspecialchars( xl('Not authorized'), ENT_NOQUOTES)); $tmp = getPatientData($pid, "squad"); if ($tmp['squad'] && ! acl_check('squads', $tmp['squad'])) @@ -373,8 +372,7 @@ if ($result != "") { // display, or not, a button to delete the note // if the user is an admin or if they are the author of the note, they can delete it - $thisauth = acl_check('admin', 'super'); - if (($iter['user'] == $_SESSION['authUser']) || ($thisauth == 'write')) { + if (($iter['user'] == $_SESSION['authUser']) || (acl_check('admin','super','','write'))) { echo " " . htmlspecialchars( xl('Delete'), ENT_NOQUOTES) . "\n"; @@ -517,8 +515,7 @@ if ($result_sent != "") { // display, or not, a button to delete the note // if the user is an admin or if they are the author of the note, they can delete it - $thisauth = acl_check('admin', 'super'); - if (($iter['user'] == $_SESSION['authUser']) || ($thisauth == 'write')) { + if (($iter['user'] == $_SESSION['authUser']) || (acl_check('admin','super','','write'))) { echo " " . htmlspecialchars( xl('Delete'), ENT_NOQUOTES) . "\n"; diff --git a/interface/patient_file/summary/pnotes_full_add.php b/interface/patient_file/summary/pnotes_full_add.php index c48a1f17e..2b5f38098 100644 --- a/interface/patient_file/summary/pnotes_full_add.php +++ b/interface/patient_file/summary/pnotes_full_add.php @@ -26,8 +26,7 @@ if ($GLOBALS['concurrent_layout'] && $_GET['set_pid']) { setpid($_GET['set_pid']); } // Check authorization. -$thisauth = acl_check('patients', 'notes'); -if ($thisauth != 'write' && $thisauth != 'addonly') +if (!acl_check('patients','notes','',array('write','addonly') )) die(htmlspecialchars( xl('Not authorized'), ENT_NOQUOTES)); $tmp = getPatientData($pid, "squad"); if ($tmp['squad'] && ! acl_check('squads', $tmp['squad'])) diff --git a/interface/patient_file/summary/stats_full.php b/interface/patient_file/summary/stats_full.php index 86d6242b0..9d7ad03cf 100644 --- a/interface/patient_file/summary/stats_full.php +++ b/interface/patient_file/summary/stats_full.php @@ -21,13 +21,14 @@ require_once("../../../custom/code_types.inc.php"); require_once("$srcdir/options.inc.php"); // Check authorization. - $thisauth = acl_check('patients', 'med'); - if ($thisauth) { + if (acl_check('patients','med')) { $tmp = getPatientData($pid, "squad"); if ($tmp['squad'] && ! acl_check('squads', $tmp['squad'])) - $thisauth = 0; + die(htmlspecialchars( xl('Not authorized'), ENT_NOQUOTES) ); + } + else { + die(htmlspecialchars( xl('Not authorized'), ENT_NOQUOTES) ); } - if (!$thisauth) die(htmlspecialchars( xl('Not authorized'), ENT_NOQUOTES) ); // Collect parameter(s) $category = empty($_REQUEST['category']) ? '' : $_REQUEST['category']; @@ -54,7 +55,7 @@ function refreshIssue(issue, title) { } function dopclick(id,category) { - + if (category == 0) category = ''; dlgopen('add_edit_issue.php?issue=' + encodeURIComponent(id) + '&thistype=' + encodeURIComponent(category), '_blank', 550, 400); diff --git a/library/acl.inc b/library/acl.inc index efbd788e5..3b0b3a894 100644 --- a/library/acl.inc +++ b/library/acl.inc @@ -96,24 +96,88 @@ $section_aro_value = 'users'; } - // acl_check should return 0 if access is denied. Otherwise it may - // return anything that evaluates to true. In addition if any of the - // following types of access are applicable, then the corresponding value - // must be returned if and only if such access is granted (ony one may - // be specified): + // acl_check should return FALSE if access is denied and will return TRUE + // if access is allowed. The following return_value(s) can be evaluated + // for by placing in the $return_value parameter; it can be placed + // as a single value or can send as an array of values (so $return_value + // can be a string or an array). // + // * view - the user may view but not add or modify entries // * write - the user may add or modify the ACO // * wsome - the user has limited add/modify access to the ACO // * addonly - the user may view and add but not modify entries // - function acl_check($section, $value, $user = '') { + function acl_check($section, $value, $user = '', $return_value = '') { global $gacl_object, $phpgacl_location, $section_aro_value; if (! $user) $user = $_SESSION['authUser']; if ($phpgacl_location) { - return $gacl_object->acl_check($section, $value, $section_aro_value, $user); + // This will return all pertinent ACL's (including return_values and whether allow/deny) + // Walk through them to assess for access + $acl_results = $gacl_object->acl_query($section, $value, $section_aro_value, $user,NULL,NULL,NULL,NULL,NULL,TRUE); + if (empty($acl_results)) { + return FALSE; //deny access + } + $access=FALSE; //flag + $deny=FALSE; //flag + foreach ($acl_results as $acl_result) { + if (empty($acl_result['acl_id'])) return FALSE; //deny access, since this happens if no pertinent ACL's are returned + if (is_array($return_value)) { + foreach ($return_value as $single_return_value) { + if (empty($single_return_value)) { + // deal with case if not looking for specific return value + if ($acl_result['allow']) { + $access=TRUE; + } + else { + $deny=TRUE; + } + } + else { //!empty($single_return_value) + // deal with case if looking for specific return value + if ($acl_result['return_value'] == $single_return_value) { + if ($acl_result['allow']) { + $access=TRUE; + } + else{ + $deny=TRUE; + } + } + } + } + } + else { // $return_value is not an array (either empty or with one value) + if (empty($return_value)) { + // deal with case if not looking for specific return value + if ($acl_result['allow']) { + $access=TRUE; + } + else { + $deny=TRUE; + } + } + else { //!empty($return_value) + // deal with case if looking for specific return value + if ($acl_result['return_value'] == $return_value) { + if ($acl_result['allow']) { + $access=TRUE; + } + else{ + $deny=TRUE; + } + } + } + } + } + + // Now decide whether user has access + // (Note a denial takes precedence) + if ($deny) return FALSE; + if ($access) return TRUE; + return FALSE; } + // If no phpgacl, then apply the old static rules whereby "authorized" // users (providers) can do anything, and other users can do most things. // If you want custom access control but don't want to mess with phpGACL, diff --git a/library/acl_upgrade_fx.php b/library/acl_upgrade_fx.php new file mode 100644 index 000000000..588020cfc --- /dev/null +++ b/library/acl_upgrade_fx.php @@ -0,0 +1,280 @@ + +* +* LICENSE: This program is free software; you can redistribute it and/or +* modify it under the terms of the GNU General Public License +* as published by the Free Software Foundation; either version 2 +* of the License, or (at your option) any later version. +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* You should have received a copy of the GNU General Public License +* along with this program. If not, see . +* +* @package OpenEMR +* @author Brady Miller +* @link http://www.open-emr.org +*/ + +/** + * Returns the current access control version. + * + * @return integer The current access control version. + */ +function get_acl_version() { + $acl_version = sqlQuery("SELECT `v_acl` FROM `version`"); + return $acl_version['v_acl']; +} + +/** + * Records the access control version. + * + * @param integer $acl_version access control version + */ +function set_acl_version($acl_version) { + sqlStatement("UPDATE `version` SET `v_acl` = ?", array($acl_version) ); +} + +/** + * Function will return an array that contains the ACL ID number. It will also check to ensure + * the ACL exist and is not duplicated. + * + * @param string $title Title of group. + * @param string $return_value What the acl returns), usually 'write' or 'addonly' + * @return array An array that contains the ACL ID number. + */ +function getAclIdNumber($title, $return_value) { + global $gacl; + $temp_acl_id_array = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $title, FALSE, FALSE, FALSE, $return_value); + switch (count($temp_acl_id_array)) { + case 0: + echo "ERROR, '$title' group '$return_value' ACL does not exist.
"; + break; + case 1: + echo "'$title' group '$return_value' ACL is present.
"; + break; + default: + echo "ERROR, Multiple '$title' group '$return_value' ACLs are present.
"; + break; + } + return $temp_acl_id_array; +} + +/** + * Function will add an ACL (if doesn't already exist). + * It will also place the acl in the group, or will CREATE a new group. + * It will return the ID number of the acl (created or old) + * + * @param string $title Title of group. + * @param string $name name of acl + * @param string $return_value What the acl returns, usually 'write' or 'addonly' + * @param string $note description of acl + * @return array ID number of the acl (created or old) + */ +function addNewACL($title, $name, $return_value, $note) { + global $gacl; + $temp_acl_id_array = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $title, FALSE, FALSE, FALSE, $return_value); + switch (count($temp_acl_id_array)) { + case 0: + $group_id = $gacl->get_group_id($name, $title, 'ARO'); + if ($group_id) { + //group already exist, so just create acl + $temp_acl_id = $gacl->add_acl(array("placeholder"=>array("filler")), NULL, array($group_id), NULL, NULL, 1, 1, $return_value, $note); + if ($temp_acl_id) { + echo "The '$title' group already exist.
"; + echo "The '$title' group '$return_value' ACL has been successfully added.
"; + $temp_acl_id_array = array($temp_acl_id); + } + else { + echo "The '$title' group already exist.
"; + echo "ERROR, Unable to create the '$title' group '$return_value' ACL.
"; + } + } + else { + //create group, then create acl + $parent_id = $gacl->get_root_group_id(); + $aro_id = $gacl->add_group($name, $title, $parent_id, 'ARO'); + $temp_acl_id = $gacl->add_acl(array("placeholder"=>array("filler")), NULL, array($aro_id), NULL, NULL, 1, 1, $return_value, $note); + if ($aro_id ) { + echo "The '$title' group has been successfully added.
"; + } + else { + echo "ERROR, Unable to create the '$title' group.
"; + } + if ($temp_acl_id) { + echo "The '$title' group '$return_value' ACL has been successfully added.
"; + $temp_acl_id_array = array($temp_acl_id); + } + else { + echo "ERROR, Unable to create the '$title' group '$return_value' ACL.
"; + } + } + break; + case 1: + echo "'$title' group '$return_value' ACL already exist.
"; + break; + + default: + echo "ERROR, Multiple '$title' group '$return_value' ACLs are present.
"; + break; + } + return $temp_acl_id_array; +} + +/** + * Function to add an object section. + * It will check to ensure the object section doesn't already exist. + * + * @param string $name identifier of section + * @param string $title Title o object. + */ +function addObjectSectionAcl($name, $title) { + global $gacl; + if ($gacl->get_object_section_section_id($title, $name, 'ACO')) { + echo "The '$title' object section already exist.
"; + } + else { + $tmp_boolean = $gacl->add_object_section($title , $name, 10, 0, 'ACO'); + if ($tmp_boolean) { + echo "The '$title' object section has been successfully added.
"; + } + else { + echo "ERROR,unable to create the '$title' object section.
"; + } + } + return; +} + + +/** + * Function to add an object. + * It will check to ensure the object doesn't already exist. + * + * @param string $section_name Identifier of section + * @param string $section_title Title of section + * @param string $object_name Identifier of object + * @param string $object_title Title of object + */ +function addObjectAcl($section_name, $section_title, $object_name, $object_title) { + global $gacl; + if ($gacl->get_object_id($section_name, $object_name, 'ACO')) { + echo "The '$object_title' object in the '$section_title' section already exist.
"; + } + else { + $tmp_boolean = $gacl->add_object($section_name, $object_title, $object_name, 10, 0, 'ACO'); + if ($tmp_boolean) { + echo "The '$object_title' object in the '$section_title' section has been successfully added.
"; + } + else { + echo "ERROR,unable to create the '$object_title' object in the '$section_title' section.
"; + } + } + return; +} + +/** + * Function to add an object and set the 'order' variable. + * It will check to ensure the object doesn't already exist. + * + * @param string $section_name Identifier of section + * @param string $section_title Title of section + * @param string $object_name Identifier of object + * @param string $object_title Title of object + * @param string $order_number number to determine order in list. used in sensitivities to order the choices in openemr + */ +function addObjectAclWithOrder($section_name, $section_title, $object_name, $object_title, $order_number) { + global $gacl; + if ($gacl->get_object_id($section_name, $object_name, 'ACO')) { + echo "The '$object_title' object in the '$section_title' section already exist.
"; + } + else { + $tmp_boolean = $gacl->add_object($section_name, $object_title, $object_name, $order_number, 0, 'ACO'); + if ($tmp_boolean) { + echo "The '$object_title' object in the '$section_title' section has been successfully added.
"; + } + else { + echo "ERROR,unable to create the '$object_title' object in the '$section_title' section.
"; + } + } + return; +} + +/** + * Function to edit an object and set the 'order' variable. + * It will check to ensure the object doesn't already exist, and hasn't been upgraded yet. + * + * @param string $section_name Identifier of section + * @param string $section_title Title of section + * @param string $object_name Identifier of object + * @param string $object_title Title of object + * @param string $order_number number to determine order in list. used in sensitivities to order the choices in openemr + */ +function editObjectAcl($section_name, $section_title, $object_name, $object_title, $order_number) { + global $gacl; + $tmp_objectID = $gacl->get_object_id($section_name, $object_name, 'ACO'); + if ($tmp_objectID) { + $tmp_object = $gacl->get_object_data($tmp_objectID, 'ACO'); + if ($tmp_object[0][2] == $order_number && + $tmp_object[0][0] == $section_name && + $tmp_object[0][1] == $object_name && + $tmp_object[0][3] == $object_title) { + echo "The '$object_title' object in the '$section_title' section has already been updated.
"; + } + else { + $tmp_boolean = $gacl->edit_object($tmp_objectID, $section_name, $object_title, $object_name, $order_number, 0, 'ACO'); + if ($tmp_boolean) { + echo "The '$object_title' object in the '$section_title' section has been successfully updated.
"; + } + else { + echo "ERROR,unable to update the '$object_title' object in the '$section_title' section.
"; + } + } + } + else { + echo "ERROR, the '$object_title' object in the '$section_title' section does not exist.
"; + } + return; +} + +/** + * Update the ACL. + * It will check to ensure the ACL hasn't already been updated. + * + * @param array $array_acl_id_number Array containing hopefully one element, which is an integer, and is identifier of acl to be updated. + * @param string $group_title Title of group. + * @param string $object_section_name Identifier of section + * @param string $object_section_title Title of section + * @param string $object_name Identifier of object + * @param string $object_title Title of object + * @param string $acl_return_value What the acl returns (string), usually 'write', 'addonly', 'wsome' or 'view' + */ +function updateAcl($array_acl_id_number, $group_title, $section_name, $section_title, $object_name, $object_title, $return_value) { + global $gacl; + $tmp_array = $gacl->search_acl($section_name, $object_name, FALSE, FALSE, $group_title, FALSE, FALSE, FALSE, $return_value); + switch (count($tmp_array)) { + case 0: + $tmp_boolean = @$gacl->append_acl($array_acl_id_number[0], NULL, NULL, NULL, NULL, array($section_name=>array($object_name))); + if ($tmp_boolean){ + echo "Successfully placed the '$object_title' object of the '$section_title' section into the '$group_title' group '$return_value' ACL.
"; + } + else { + echo "ERROR,unable to place the '$object_title' object of the '$section_title' section into the '$group_title' group '$return_value' ACL.
"; + } + break; + case 1: + echo "The '$object_title' object of the '$section_title' section is already found in the '$group_title' group '$return_value' ACL.
"; + break; + default: + echo "ERROR, Multiple '$group_title' group '$return_value' ACLs with the '$object_title' object of the '$section_title' section are present.
"; + break; + } + return; +} +?> diff --git a/library/classes/Installer.class.php b/library/classes/Installer.class.php index 8a2722bec..89e176c1a 100644 --- a/library/classes/Installer.class.php +++ b/library/classes/Installer.class.php @@ -191,7 +191,7 @@ class Installer public function add_version_info() { include dirname(__FILE__) . "/../../version.php"; - if ($this->execute_sql("UPDATE version SET v_major = '$v_major', v_minor = '$v_minor', v_patch = '$v_patch', v_realpatch = '$v_realpatch', v_tag = '$v_tag', v_database = '$v_database'") == FALSE) { + if ($this->execute_sql("UPDATE version SET v_major = '$v_major', v_minor = '$v_minor', v_patch = '$v_patch', v_realpatch = '$v_realpatch', v_tag = '$v_tag', v_database = '$v_database', v_acl = '$v_acl'") == FALSE) { $this->error_message = "ERROR. Unable insert version information into database\n" . "

".mysql_error()." (#".mysql_errno().")\n"; return FALSE; diff --git a/sql/4_1_1-to-4_1_2_upgrade.sql b/sql/4_1_1-to-4_1_2_upgrade.sql index bd3a0f8aa..1d927c4a7 100644 --- a/sql/4_1_1-to-4_1_2_upgrade.sql +++ b/sql/4_1_1-to-4_1_2_upgrade.sql @@ -66,3 +66,7 @@ CREATE TABLE `report_results` ( ) ENGINE=MyISAM; #EndIf +#IfMissingColumn version v_acl +ALTER TABLE `version` ADD COLUMN `v_acl` int(11) NOT NULL DEFAULT 0; +#EndIf + diff --git a/sql/database.sql b/sql/database.sql index 022fcf66d..fec8e72b2 100644 --- a/sql/database.sql +++ b/sql/database.sql @@ -5489,9 +5489,10 @@ CREATE TABLE version ( v_patch int(11) NOT NULL DEFAULT 0, v_realpatch int(11) NOT NULL DEFAULT 0, v_tag varchar(31) NOT NULL DEFAULT '', - v_database int(11) NOT NULL DEFAULT 0 + v_database int(11) NOT NULL DEFAULT 0, + v_acl int(11) NOT NULL DEFAULT 0 ) ENGINE=MyISAM; -INSERT INTO version (v_major, v_minor, v_patch, v_realpatch, v_tag, v_database) VALUES (0, 0, 0, 0, '', 0); +INSERT INTO version (v_major, v_minor, v_patch, v_realpatch, v_tag, v_database, v_acl) VALUES (0, 0, 0, 0, '', 0, 0); -- -------------------------------------------------------- -- diff --git a/version.php b/version.php index f0c115880..d3b7d5aa3 100644 --- a/version.php +++ b/version.php @@ -17,5 +17,13 @@ $v_realpatch = '0'; // is a database change in the course of development. It is used // internally to determine when a database upgrade is needed. // -$v_database = 81; +$v_database = 82; + +// Access control version identifier, this is to be incremented whenever there +// is a access control change in the course of development. It is used +// during installation to determine what the installed version of the access +// controls is (subsequently the acl_upgrade.php script then is used to +// upgrade and track this value) +// +$v_acl = 2; ?> -- 2.11.4.GIT