From c74e7e80fd219f1502e37800bbf9907578619e30 Mon Sep 17 00:00:00 2001
From: sunsetsystems <sunsetsystems>
Date: Thu, 20 Oct 2005 01:22:04 +0000
Subject: [PATCH] added ability (for superuser only) to delete patients,
 encounters, issues

---
 acl_setup.php                                     |   3 +-
 interface/patient_file/deleter.php                | 152 ++++++++++++++++++++++
 interface/patient_file/encounter/forms.php        |  25 +++-
 interface/patient_file/history/encounters.php     |  32 +++--
 interface/patient_file/summary/add_edit_issue.php |  19 +++
 interface/patient_file/summary/demographics.php   |  21 ++-
 library/acl.inc                                   |   4 +-
 library/forms.inc                                 |   4 +-
 8 files changed, 243 insertions(+), 17 deletions(-)
 create mode 100644 interface/patient_file/deleter.php

diff --git a/acl_setup.php b/acl_setup.php
index 1a8f921e2..14c5b5cf9 100644
--- a/acl_setup.php
+++ b/acl_setup.php
@@ -36,6 +36,7 @@
 
  // Create Administration ACOs.
  //
+ $gacl->add_object ('admin', 'Superuser'                       , 'super'    , 10, 0, 'ACO');
  $gacl->add_object ('admin', 'Calendar Settings'               , 'calendar' , 10, 0, 'ACO');
  $gacl->add_object ('admin', 'Database Reporting'              , 'database' , 10, 0, 'ACO');
  $gacl->add_object ('admin', 'Forms Administration'            , 'forms'    , 10, 0, 'ACO');
@@ -87,7 +88,7 @@
  $gacl->add_acl(
   array(
    'acct'=>array('bill', 'eob', 'rep', 'rep_e'),
-   'admin'=>array('calendar', 'database', 'forms', 'practice', 'superbill', 'users'),
+   'admin'=>array('super', 'calendar', 'database', 'forms', 'practice', 'superbill', 'users'),
    'encounters'=>array('auth_a', 'coding_a', 'notes_a', 'date_a'),
    'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes')
   ),
diff --git a/interface/patient_file/deleter.php b/interface/patient_file/deleter.php
new file mode 100644
index 000000000..b57f65e09
--- /dev/null
+++ b/interface/patient_file/deleter.php
@@ -0,0 +1,152 @@
+<?
+ // Copyright (C) 2005 Rod Roark <rod@sunsetsystems.com>
+ //
+ // This program is free software; you can redistribute it and/or
+ // modify it under the terms of the GNU General Public License
+ // as published by the Free Software Foundation; either version 2
+ // of the License, or (at your option) any later version.
+
+ include_once("../globals.php");
+ include_once("$srcdir/log.inc");
+ include_once("$srcdir/acl.inc");
+
+ $patient   = $_REQUEST['patient'];
+ $encounter = $_REQUEST['encounter'];
+ $issue     = $_REQUEST['issue'];
+
+ $info_msg = "";
+
+ $thisauth = acl_check('admin', 'super');
+ if (! $thisauth) die("Not authorized!");
+
+ // Delete rows, with logging, for the specified table using the
+ // specified WHERE clause.
+ //
+ function row_delete($table, $where) {
+  $tres = sqlStatement("SELECT * FROM $table WHERE $where");
+  $count = 0;
+  while ($trow = sqlFetchArray($tres)) {
+   $logstring = "";
+   foreach ($trow as $key => $value) {
+    if (! $value || $value == '0000-00-00 00:00:00') continue;
+    if ($logstring) $logstring .= " ";
+    $logstring .= $key . "='" . addslashes($value) . "'";
+   }
+   newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], "$table: $logstring");
+   ++$count;
+  }
+  if ($count) {
+   $query = "DELETE FROM $table WHERE $where";
+   echo $query . "<br>\n";
+   sqlStatement($query);
+  }
+ }
+
+ // Deactivate rows, with logging, for the specified table using the
+ // specified SET and WHERE clauses.
+ //
+ function row_modify($table, $set, $where) {
+  if (sqlQuery("SELECT * FROM $table WHERE $where")) {
+   newEvent("deactivate", $_SESSION['authUser'], $_SESSION['authProvider'], "$table: $where");
+   $query = "UPDATE $table SET $set WHERE $where";
+   echo $query . "<br>\n";
+   sqlStatement($query);
+  }
+ }
+
+?>
+<html>
+<head>
+<title>Delete Patient, Encounter or Issue</title>
+<link rel=stylesheet href='<? echo $css_header ?>' type='text/css'>
+
+<style>
+td { font-size:10pt; }
+</style>
+
+</head>
+
+<body <?echo $top_bg_line;?>>
+<?
+ // If the delete is confirmed...
+ //
+ if ($_POST['form_submit']) {
+
+  if ($patient) {
+   row_modify("billing"       , "activity = 0", "pid = '$patient'");
+   row_modify("pnotes"        , "activity = 0", "pid = '$patient'");
+   row_modify("prescriptions" , "active = 0"  , "patient_id = '$patient'");
+
+   row_delete("openemr_postcalendar_events", "pc_pid = '$patient'");
+   row_delete("immunizations"  , "patient_id = '$patient'");
+   row_delete("issue_encounter", "pid = '$patient'");
+   row_delete("lists"          , "pid = '$patient'");
+   row_delete("transactions"   , "pid = '$patient'");
+   row_delete("employer_data"  , "pid = '$patient'");
+   row_delete("history_data"   , "pid = '$patient'");
+   row_delete("insurance_data" , "pid = '$patient'");
+   row_delete("patient_data"   , "pid = '$patient'");
+
+   $res = sqlStatement("SELECT * FROM forms WHERE pid = '$patient'");
+   while ($row = sqlFetchArray($res)) {
+    $formdir = ($row['formdir'] == 'newpatient') ? 'encounter' : $row['formdir'];
+    row_delete("form_$formdir", "id = '" . $row['form_id'] . "'");
+   }
+   row_delete("forms", "pid = '$patient'");
+  }
+  else if ($encounter) {
+   row_modify("billing", "activity = 0", "encounter = '$encounter'");
+   row_delete("issue_encounter", "encounter = '$encounter'");
+   $res = sqlStatement("SELECT * FROM forms WHERE encounter = '$encounter'");
+   while ($row = sqlFetchArray($res)) {
+    $formdir = ($row['formdir'] == 'newpatient') ? 'encounter' : $row['formdir'];
+    row_delete("form_$formdir", "id = '" . $row['form_id'] . "'");
+   }
+   row_delete("forms", "encounter = '$encounter'");
+  }
+  else if ($issue) {
+   row_delete("issue_encounter", "list_id = '$issue'");
+   row_delete("lists", "id = '$issue'");
+  }
+  else {
+   die("Nothing was specified to delete!");
+  }
+
+  if (! $info_msg) $info_msg = "Delete successful.";
+
+  // Close this window and tell our opener that it's done.
+  //
+  echo "<script language='JavaScript'>\n";
+  if ($info_msg) echo " alert('$info_msg');\n";
+  echo " window.close();\n";
+  echo " if (opener.imdeleted) opener.imdeleted();\n";
+  echo "</script></body></html>\n";
+  exit();
+ }
+?>
+
+<form method='post' action='deleter.php?patient=<? echo $patient ?>&encounter=<? echo $encounter ?>&issue=<? echo $issue ?>'>
+<center>
+
+<p>&nbsp;<br>
+Do you really want to delete
+
+<?php
+ if ($patient) {
+  echo "patient $patient";
+ } else if ($encounter) {
+  echo "encounter $encounter";
+ } else if ($issue) {
+  echo "issue $issue";
+ }
+?> and all subordinate data? This action will be logged!</p>
+<p>&nbsp;<br>
+<input type='submit' name='form_submit' value='Yes, Delete and Log' />
+&nbsp;
+<input type='button' value='No, Cancel' onclick='window.close()' />
+</p>
+
+</center>
+</form>
+</body>
+</html>
diff --git a/interface/patient_file/encounter/forms.php b/interface/patient_file/encounter/forms.php
index 33a41e0e8..9cf42bdb1 100644
--- a/interface/patient_file/encounter/forms.php
+++ b/interface/patient_file/encounter/forms.php
@@ -8,6 +8,24 @@
 
 <head>
 <link rel=stylesheet href="<?echo $css_header;?>" type="text/css">
+<script type="text/javascript" src="../../../library/dialog.js"></script>
+
+<script language="JavaScript">
+
+ // Process click on Delete link.
+ function deleteme() {
+  dlgopen('../deleter.php?encounter=<?php echo $encounter ?>', '_blank', 500, 450);
+  return false;
+ }
+
+ // Called by the deleteme.php window on a successful delete.
+ function imdeleted() {
+  top.Title.location.href = '../patient_file/encounter/encounter_title.php';
+  top.Main.location.href  = '../patient_file/encounter/patient_encounter.php?mode=new';
+ }
+
+</script>
+
 </head>
 
 <body <?echo $top_bg_line;?> topmargin=0 rightmargin=0 leftmargin=2 bottommargin=0 marginwidth=2 marginheight=0>
@@ -26,7 +44,12 @@
   }
  }
 
- echo ":<br>\n";
+ echo ":";
+ if (acl_check('admin', 'super')) {
+  echo "&nbsp;&nbsp;<a href='' onclick='return deleteme()'>" .
+   "<font class='more' style='color:red'>(Delete)</font></a>";
+ }
+ echo "<br>\n";
 
  if ($result = getFormByEncounter($pid, $encounter, "id, date, form_id, form_name,formdir,user")) {
   echo "<table>";
diff --git a/interface/patient_file/history/encounters.php b/interface/patient_file/history/encounters.php
index f93240102..aa5d79d90 100644
--- a/interface/patient_file/history/encounters.php
+++ b/interface/patient_file/history/encounters.php
@@ -9,6 +9,26 @@
 
  //maximum number of encounter entries to display on this page:
  $N = 12;
+
+ // Get relevant ACL info.
+ $auth_notes_a  = acl_check('encounters', 'notes_a');
+ $auth_notes    = acl_check('encounters', 'notes');
+ $auth_coding_a = acl_check('encounters', 'coding_a');
+ $auth_coding   = acl_check('encounters', 'coding');
+ $auth_relaxed  = acl_check('encounters', 'relaxed');
+ $auth_med      = acl_check('patients'  , 'med');
+ $auth_demo     = acl_check('patients'  , 'demo');
+
+ $tmp = getPatientData($pid, "squad");
+ if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
+  $auth_notes_a = $auth_notes = $auth_coding_a = $auth_coding = $auth_med = $auth_demo = $auth_relaxed = 0;
+
+ if (!($auth_notes_a || $auth_notes || $auth_coding_a || $auth_coding || $auth_med || $auth_relaxed)) {
+  echo "<body>\n<html>\n";
+  echo "<p>(Encounters not authorized)</p>\n";
+  echo "</body>\n</html>\n";
+  exit();
+ }
 ?>
 <html>
 <head>
@@ -36,18 +56,6 @@
 </tr>
 
 <?
- // Get relevant ACL info.
- $auth_notes_a  = acl_check('encounters', 'notes_a');
- $auth_notes    = acl_check('encounters', 'notes');
- $auth_coding_a = acl_check('encounters', 'coding_a');
- $auth_coding   = acl_check('encounters', 'coding');
- $auth_med      = acl_check('patients'  , 'med');
- $auth_demo     = acl_check('patients'  , 'demo');
-
- $tmp = getPatientData($pid, "squad");
- if ($tmp['squad'] && ! acl_check('squads', $tmp['squad']))
-  $auth_notes_a = $auth_notes = $auth_coding_a = $auth_coding = $auth_med = $auth_demo = 0;
-
 $count = 0;
 if ($result = getEncounters($pid)) {
   foreach ($result as $iter ) {
diff --git a/interface/patient_file/summary/add_edit_issue.php b/interface/patient_file/summary/add_edit_issue.php
index dd1dd3462..6d9d6b212 100644
--- a/interface/patient_file/summary/add_edit_issue.php
+++ b/interface/patient_file/summary/add_edit_issue.php
@@ -49,6 +49,7 @@ td { font-size:10pt; }
 <script type="text/javascript" src="../../../library/overlib_mini.js"></script>
 <script type="text/javascript" src="../../../library/calendar.js"></script>
 <script type="text/javascript" src="../../../library/textformat.js"></script>
+<script type="text/javascript" src="../../../library/dialog.js"></script>
 
 <script language="JavaScript">
 
@@ -97,6 +98,18 @@ td { font-size:10pt; }
   f.form_titles.selectedIndex = -1;
  }
 
+
+ // Process click on Delete link.
+ function deleteme() {
+  dlgopen('../deleter.php?issue=<?php echo $issue ?>', '_blank', 500, 450);
+  return false;
+ }
+
+ // Called by the deleteme.php window on a successful delete.
+ function imdeleted() {
+  window.close();
+ }
+
 </script>
 
 </head>
@@ -305,6 +318,12 @@ td { font-size:10pt; }
 
 <p>
 <input type='submit' name='form_save' value='Save' />
+
+<?php if ($issue && acl_check('admin', 'super')) { ?>
+&nbsp;
+<input type='button' value='Delete' style='color:red' onclick='deleteme()' />
+<?php } ?>
+
 &nbsp;
 <input type='button' value='Cancel' onclick='window.close()' />
 </p>
diff --git a/interface/patient_file/summary/demographics.php b/interface/patient_file/summary/demographics.php
index 46b74f67f..783829e16 100644
--- a/interface/patient_file/summary/demographics.php
+++ b/interface/patient_file/summary/demographics.php
@@ -9,12 +9,26 @@
 <link rel=stylesheet href="<?echo $css_header;?>" type="text/css">
 <script type="text/javascript" src="../../../library/dialog.js"></script>
 <script language="JavaScript">
+
  function oldEvt(eventid) {
   dlgopen('../../main/calendar/add_edit_event.php?eid=' + eventid, '_blank', 550, 270);
  }
+
  function refreshme() {
   location.reload();
  }
+
+ // Process click on Delete link.
+ function deleteme() {
+  dlgopen('../deleter.php?patient=<?php echo $pid ?>', '_blank', 500, 450);
+  return false;
+ }
+
+ // Called by the deleteme.php window on a successful delete.
+ function imdeleted() {
+  top.location.href = '../main/main_screen.php';
+ }
+
 </script>
 </head>
 
@@ -39,7 +53,12 @@
  if ($thisauth == 'write') {
   echo "<p><a href='demographics_full.php' target='Main'>" .
    "<font class='title'>Demographics</font>" .
-   "<font class='more'>$tmore</font></a></p>\n";
+   "<font class='more'>$tmore</font></a>";
+  if (acl_check('admin', 'super')) {
+   echo "&nbsp;&nbsp;<a href='' onclick='return deleteme()'>" .
+    "<font class='more' style='color:red'>(Delete)</font></a>";
+  }
+  echo "</p>\n";
  }
 ?>
 
diff --git a/library/acl.inc b/library/acl.inc
index 0dee0a73b..ea16a9a7c 100644
--- a/library/acl.inc
+++ b/library/acl.inc
@@ -10,7 +10,7 @@
   // These are the "things to be protected":
   //
   // Section "admin" (Administration):
-  //   acl         Access Control Administration
+  //   super       Superuser - can delete patients, encounters, issues
   //   calendar    Calendar Settings
   //   database    Database Reporting
   //   forms       Forms Administration
@@ -74,6 +74,8 @@
     // If you want custom access control but don't want to mess with phpGACL,
     // then you could customize the code below instead.
 
+    if ($section == 'admin' && $value == 'super') return 0;
+
     if ($_SESSION['userauthorized']) return 'write';
 
     if ($section == 'patients') {
diff --git a/library/forms.inc b/library/forms.inc
index 6fa7f87b2..06bf58deb 100644
--- a/library/forms.inc
+++ b/library/forms.inc
@@ -68,7 +68,9 @@ function authorizeForm($id, $authorized = "1")
 
 function getEncounters($pid)
 {
-	$res = sqlStatement("select distinct encounter from forms where pid='$pid' order by date desc;");
+	// $res = sqlStatement("select distinct encounter from forms where pid='$pid' order by date desc;");
+
+  $res = sqlStatement("select distinct encounter from form_encounter where pid = '$pid' order by date desc;");
 
 	for($iter=0; $row=sqlFetchArray($res); $iter++)
 	{
-- 
2.11.4.GIT