Fixed
[openemr.git] / gacl / admin / acl_admin.php
blob5c812676320561380bcd277de2909c614ce93dfd
1 <?php
2 //First make sure user has access
3 include_once("../../interface/globals.php");
4 include_once("$srcdir/acl.inc");
5 //ensure user has proper access
6 if (!acl_check('admin', 'acl')) {
7 echo xl('ACL Administration Not Authorized');
8 exit;
10 //ensure php is installed
11 if (!isset($phpgacl_location)) {
12 echo xl('php-GACL access controls are turned off');
13 exit;
16 require_once('gacl_admin.inc.php');
19 if (!isset($_POST['action']) ) {
20 $_POST['action'] = FALSE;
23 if (!isset($_GET['action']) ) {
24 $_GET['action'] = FALSE;
27 switch ($_POST['action']) {
28 case 'Delete':
29 break;
30 case 'Submit':
31 $gacl_api->debug_text('Submit!!');
32 //showarray($_POST['selected_aco']);
33 //showarray($_POST['selected_aro']);
35 //Parse the form values
36 foreach (array('aco','aro','axo') as $type) {
37 $type_array = 'selected_'. $type .'_array';
38 $$type_array = array();
39 if (is_array($_POST['selected_'. $type])) {
40 foreach ($_POST['selected_'. $type] as $value) {
41 $split_value = explode('^', $value);
42 ${$type_array}[$split_value[0]][] = $split_value[1];
45 //showarray($$type_array);
48 //Some sanity checks.
49 if (empty($selected_aco_array)) {
50 echo 'Must select at least one Access Control Object<br />' . "\n";
51 exit;
54 if (empty($selected_aro_array) AND empty($_POST['aro_groups'])) {
55 echo 'Must select at least one Access Request Object or Group<br />' . "\n";
56 exit;
59 $enabled = $_POST['enabled'];
60 if (empty($enabled)) {
61 $enabled = 0;
64 //function add_acl($aco_array, $aro_array, $aro_group_ids=NULL, $axo_array=NULL, $axo_group_ids=NULL, $allow=1, $enabled=1, $acl_id=FALSE ) {
65 if (!empty($_POST['acl_id'])) {
66 //Update existing ACL
67 $acl_id = $_POST['acl_id'];
68 if ($gacl_api->edit_acl($acl_id, $selected_aco_array, $selected_aro_array, $_POST['aro_groups'], $selected_axo_array, $_POST['axo_groups'], $_POST['allow'], $enabled, $_POST['return_value'], $_POST['note'], $_POST['acl_section']) == FALSE) {
69 echo 'ERROR editing ACL, possible conflict or error found...<br />' . "\n";
70 exit;
72 } else {
73 //Insert new ACL.
74 if ($gacl_api->add_acl($selected_aco_array, $selected_aro_array, $_POST['aro_groups'], $selected_axo_array, $_POST['axo_groups'], $_POST['allow'], $enabled, $_POST['return_value'], $_POST['note'], $_POST['acl_section']) == FALSE) {
75 echo 'ERROR adding ACL, possible conflict or error found...<br />' . "\n";
76 exit;
80 $gacl_api->return_page($_POST['return_page']);
81 break;
82 default:
83 //showarray($_GET);
84 if ($_GET['action'] == 'edit' AND !empty($_GET['acl_id'])) {
85 $gacl_api->debug_text('EDITING ACL');
87 //Grab ACL information
88 $query = '
89 SELECT id,section_value,allow,enabled,return_value,note
90 FROM '. $gacl_api->_db_table_prefix .'acl
91 WHERE id='. $db->qstr($_GET['acl_id']);
92 $acl_row = $db->GetRow($query);
93 list($acl_id, $acl_section_value, $allow, $enabled, $return_value, $note) = $acl_row;
95 //Grab selected objects
96 foreach (array('aco','aro','axo') as $type) {
97 $type_array = 'options_selected_'. $type;
98 $$type_array = array();
100 $query = '
101 SELECT a.section_value,a.value,c.name,b.name
102 FROM '. $gacl_api->_db_table_prefix . $type .'_map a
103 INNER JOIN '. $gacl_api->_db_table_prefix . $type .' b ON b.section_value=a.section_value AND b.value=a.value
104 INNER JOIN '. $gacl_api->_db_table_prefix . $type .'_sections c ON c.value=a.section_value
105 WHERE a.acl_id='. $db->qstr($acl_id);
106 $rs = $db->Execute($query);
108 if (is_object($rs)) {
109 while ($row = $rs->FetchRow()) {
110 list($section_value, $value, $section, $obj) = $row;
111 $gacl_api->debug_text("Section Value: $section_value Value: $value Section: $section ACO: $aco");
112 ${$type_array}[$section_value.'^'.$value] = $section.' > '.$obj;
115 //showarray($$type_array);
118 //Grab selected groups.
119 foreach (array('aro','axo') as $type) {
120 $type_array = 'selected_'. $type .'_groups';
122 $query = '
123 SELECT group_id
124 FROM '. $gacl_api->_db_table_prefix . $type .'_groups_map
125 WHERE acl_id='. $db->qstr($acl_id);
126 $$type_array = $db->GetCol($query);
127 //showarray($$type_array);
130 $show_axo = (!empty($selected_axo_groups) OR !empty($options_selected_axo));
131 } else {
132 $gacl_api->debug_text('NOT EDITING ACL');
133 $allow=1;
134 $enabled=1;
135 $acl_section_value='user';
137 $show_axo = isset($_COOKIE['show_axo']) && $_COOKIE['show_axo'] == '1';
140 //Grab sections for select boxes
141 foreach (array('acl','aco','aro','axo') as $type) {
142 $type_array = 'options_'. $type .'_sections';
143 $$type_array = array();
145 $query = '
146 SELECT value,name
147 FROM '. $gacl_api->_db_table_prefix . $type .'_sections
148 WHERE hidden=0
149 ORDER BY order_value,name';
150 $rs = $db->Execute($query);
152 if (is_object($rs)) {
153 while ($row = $rs->FetchRow()) {
154 ${$type_array}[$row[0]] = $row[1];
158 ${$type .'_section_id'} = reset($$type_array);
161 //Init the main js array
162 $js_array = 'var options = new Array();' . "\n";
164 //Grab objects for select boxes
165 foreach (array('aco','aro','axo') as $type) {
166 //Init the main object js array.
167 $js_array .= 'options[\''. $type .'\'] = new Array();' . "\n";
169 unset($tmp_section_value);
171 $query = '
172 SELECT section_value,value,name
173 FROM '. $gacl_api->_db_table_prefix . $type .'
174 WHERE hidden=0
175 ORDER BY section_value,order_value,name';
176 $rs = $db->SelectLimit($query,$gacl_api->_max_select_box_items);
178 if (is_object($rs)) {
179 while ($row = $rs->FetchRow()) {
180 $section_value = addslashes($row[0]);
181 $value = addslashes($row[1]);
182 $name = addslashes($row[2]);
184 //Prepare javascript code for dynamic select box.
185 //Init the javascript sub-array.
186 if (!isset($tmp_section_value) OR $section_value != $tmp_section_value) {
187 $i = 0;
188 $js_array .= 'options[\''. $type .'\'][\''. $section_value . '\'] = new Array();' . "\n";
189 $tmp_section_value = $section_value;
192 //Add each select option for the section
193 $js_array .= 'options[\''. $type .'\'][\''. $section_value .'\']['. $i .'] = new Array(\''. $value . '\', \''. $name . "');\n";
194 $i++;
199 //echo "Section ID: $section_id<br>\n";
200 //echo "Section Value: ". $acl_section_value ."<br>\n";
202 $smarty->assign('options_acl_sections', $options_acl_sections);
203 $smarty->assign('acl_section_value', $acl_section_value);
205 $smarty->assign('options_axo_sections', $options_axo_sections);
206 $smarty->assign('axo_section_value', $axo_section_value);
208 $smarty->assign('options_aro_sections', $options_aro_sections);
209 $smarty->assign('aro_section_value', $aro_section_value);
211 $smarty->assign('options_aco_sections', $options_aco_sections);
212 $smarty->assign('aco_section_value', $aco_section_value);
214 $smarty->assign('js_array', $js_array);
216 $smarty->assign('js_aco_array_name', 'aco');
217 $smarty->assign('js_aro_array_name', 'aro');
218 $smarty->assign('js_axo_array_name', 'axo');
220 //Grab formatted ARO Groups for select box
221 $smarty->assign('options_aro_groups', $gacl_api->format_groups($gacl_api->sort_groups('ARO')) );
222 $smarty->assign('selected_aro_groups', $selected_aro_groups);
224 //Grab formatted AXO Groups for select box
225 $smarty->assign('options_axo_groups', $gacl_api->format_groups($gacl_api->sort_groups('AXO')) );
226 $smarty->assign('selected_axo_groups', $selected_axo_groups);
228 $smarty->assign('allow', $allow);
229 $smarty->assign('enabled', $enabled);
230 $smarty->assign('return_value', $return_value);
231 $smarty->assign('note', $note);
233 if (isset($options_selected_aco)) {
234 $smarty->assign('options_selected_aco', $options_selected_aco);
236 $smarty->assign('selected_aco', @array_keys($options_selected_aco));
238 if (isset($options_selected_aro)) {
239 $smarty->assign('options_selected_aro', $options_selected_aro);
241 $smarty->assign('selected_aro', @array_keys($options_selected_aro));
243 if (isset($options_selected_axo)) {
244 $smarty->assign('options_selected_axo', $options_selected_axo);
246 $selected_axo = @array_keys($options_selected_axo);
248 $smarty->assign('selected_axo', $selected_axo);
250 //Show AXO layer if AXO's are selected.
251 $smarty->assign('show_axo', $show_axo);
253 if (isset($_GET['acl_id'])) {
254 $smarty->assign('acl_id', $_GET['acl_id'] );
257 break;
260 //$smarty->assign('return_page', urlencode($_SERVER[REQUEST_URI]) );
261 if (isset($_GET['return_page'])) {
262 $smarty->assign('return_page', $_GET['return_page']);
264 if (isset($_GET['action'])) {
265 $smarty->assign('action', $_GET['action']);
268 $smarty->assign('current','acl_admin');
269 $smarty->assign('page_title', 'ACL Admin');
271 $smarty->assign('phpgacl_version', $gacl_api->get_version() );
272 $smarty->assign('phpgacl_schema_version', $gacl_api->get_schema_version() );
273 $smarty->display('phpgacl/acl_admin.tpl');