3 * This program is run by the OpenEMR setup.php script to install phpGACL
4 * and creates the Access Control Objects and their sections.
5 * See src/Common/Acl/AclMain.php file for the list of
6 * currently supported Access Control Objects(ACO), which this
7 * script will install. This script also creates several
8 * ARO groups, an "admin" ARO, and some reasonable ACL entries for
12 * Physicians (Doctors)
13 * Clinicians (Nurses, Physician Assistants, etc.)
14 * Front Office (Receptionist)
18 * When upgrading to a new version of OpenEMR, run the acl_upgrade.php
19 * script to update the phpGACL access controls. This is required to
20 * ensure the database includes all the required Access Control
24 * @link http://www.open-emr.org
25 * @author Rod Roark <rod@sunsetsystems.com>
26 * @author Brady Miller <brady.g.miller@gmail.com>
27 * @copyright Copyright (c) 2005-2017 Rod Roark <rod@sunsetsystems.com>
28 * @copyright Copyright (c) 2017 Brady Miller <brady.g.miller@gmail.com>
29 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
32 use OpenEMR\Gacl\GaclApi
;
34 $gacl = new GaclApi();
36 // Create the ACO sections. Every ACO must have a section.
38 if ($gacl->add_object_section('Accounting', 'acct', 10, 0, 'ACO') === false) {
39 echo "Unable to create the access controls for OpenEMR. You have likely already run this script (acl_setup.php) successfully.<br />Other possible problems include php-GACL configuration file errors (gacl.ini.php or Gacl.php).<br>";
43 $gacl->add_object_section('Administration', 'admin', 10, 0, 'ACO');
44 // xl('Administration')
45 $gacl->add_object_section('Encounters', 'encounters', 10, 0, 'ACO');
47 $gacl->add_object_section('Lists', 'lists', 10, 0, 'ACO');
49 $gacl->add_object_section('Patients', 'patients', 10, 0, 'ACO');
51 $gacl->add_object_section('Squads', 'squads', 10, 0, 'ACO');
53 $gacl->add_object_section('Sensitivities', 'sensitivities', 10, 0, 'ACO');
54 // xl('Sensitivities')
55 $gacl->add_object_section('Placeholder', 'placeholder', 10, 0, 'ACO');
57 $gacl->add_object_section('Nation Notes', 'nationnotes', 10, 0, 'ACO');
59 $gacl->add_object_section('Patient Portal', 'patientportal', 10, 0, 'ACO');
60 // xl('Patient Portal')
61 $gacl->add_object_section('Menus', 'menus', 10, 0, 'ACO');
63 $gacl->add_object_section('Groups', 'groups', 10, 0, 'ACO');
68 // Create Accounting ACOs.
70 $gacl->add_object('acct', 'Billing (write optional)', 'bill', 10, 0, 'ACO');
71 // xl('Billing (write optional)')
72 $gacl->add_object('acct', 'Price Discounting', 'disc', 10, 0, 'ACO');
73 // xl('Price Discounting')
74 $gacl->add_object('acct', 'EOB Data Entry', 'eob', 10, 0, 'ACO');
75 // xl('EOB Data Entry')
76 $gacl->add_object('acct', 'Financial Reporting - my encounters', 'rep', 10, 0, 'ACO');
77 // xl('Financial Reporting - my encounters')
78 $gacl->add_object('acct', 'Financial Reporting - anything', 'rep_a', 10, 0, 'ACO');
79 // xl('Financial Reporting - anything')
81 // Create Administration ACOs.
83 $gacl->add_object('admin', 'Superuser', 'super', 10, 0, 'ACO');
85 $gacl->add_object('admin', 'Calendar Settings', 'calendar', 10, 0, 'ACO');
86 // xl('Calendar Settings')
87 $gacl->add_object('admin', 'Database Reporting', 'database', 10, 0, 'ACO');
88 // xl('Database Reporting')
89 $gacl->add_object('admin', 'Forms Administration', 'forms', 10, 0, 'ACO');
90 // xl('Forms Administration')
91 $gacl->add_object('admin', 'Practice Settings', 'practice', 10, 0, 'ACO');
92 // xl('Practice Settings')
93 $gacl->add_object('admin', 'Superbill Codes Administration', 'superbill', 10, 0, 'ACO');
94 // xl('Superbill Codes Administration')
95 $gacl->add_object('admin', 'Users/Groups/Logs Administration', 'users', 10, 0, 'ACO');
96 // xl('Users/Groups/Logs Administration')
97 $gacl->add_object('admin', 'Batch Communication Tool', 'batchcom', 10, 0, 'ACO');
98 // xl('Batch Communication Tool')
99 $gacl->add_object('admin', 'Language Interface Tool', 'language', 10, 0, 'ACO');
100 // xl('Language Interface Tool')
101 $gacl->add_object('admin', 'Pharmacy Dispensary', 'drugs', 10, 0, 'ACO');
102 // xl('Pharmacy Dispensary')
103 $gacl->add_object('admin', 'ACL Administration', 'acl', 10, 0, 'ACO');
104 // xl('ACL Administration')
105 $gacl->add_object('admin', 'Multipledb', 'multipledb', 10, 0, 'ACO');
107 $gacl->add_object('admin', 'Menu', 'menu', 10, 0, 'ACO');
109 $gacl->add_object('admin', 'Manage modules', 'manage_modules', 10, 0, 'ACO');
110 // xl('Manage modules')
113 // Create ACOs for encounters.
115 $gacl->add_object('encounters', 'Authorize - my encounters', 'auth', 10, 0, 'ACO');
116 // xl('Authorize - my encounters')
117 $gacl->add_object('encounters', 'Authorize - any encounters', 'auth_a', 10, 0, 'ACO');
118 // xl('Authorize - any encounters')
119 $gacl->add_object('encounters', 'Coding - my encounters (write,wsome optional)', 'coding', 10, 0, 'ACO');
120 // xl('Coding - my encounters (write,wsome optional)')
121 $gacl->add_object('encounters', 'Coding - any encounters (write,wsome optional)', 'coding_a', 10, 0, 'ACO');
122 // xl('Coding - any encounters (write,wsome optional)')
123 $gacl->add_object('encounters', 'Notes - my encounters (write,addonly optional)', 'notes', 10, 0, 'ACO');
124 // xl('Notes - my encounters (write,addonly optional)')
125 $gacl->add_object('encounters', 'Notes - any encounters (write,addonly optional)', 'notes_a', 10, 0, 'ACO');
126 // xl('Notes - any encounters (write,addonly optional)')
127 $gacl->add_object('encounters', 'Fix encounter dates - any encounters', 'date_a', 10, 0, 'ACO');
128 // xl('Fix encounter dates - any encounters')
129 $gacl->add_object('encounters', 'Less-private information (write,addonly optional)', 'relaxed', 10, 0, 'ACO');
130 // xl('Less-private information (write,addonly optional)')
132 // Create ACOs for lists.
134 $gacl->add_object('lists', 'Default List (write,addonly optional)', 'default', 10, 0, 'ACO');
135 // xl('Default List (write,addonly optional)')
136 $gacl->add_object('lists', 'State List (write,addonly optional)', 'state', 10, 0, 'ACO');
137 // xl('State List (write,addonly optional)')
138 $gacl->add_object('lists', 'Country List (write,addonly optional)', 'country', 10, 0, 'ACO');
139 // xl('Country List (write,addonly optional)')
140 $gacl->add_object('lists', 'Language List (write,addonly optional)', 'language', 10, 0, 'ACO');
141 // xl('Language List (write,addonly optional)')
142 $gacl->add_object('lists', 'Ethnicity-Race List (write,addonly optional)', 'ethrace', 10, 0, 'ACO');
143 // xl('Ethnicity-Race List (write,addonly optional)')
145 // Create ACOs for patientportal.
147 $gacl->add_object('patientportal', 'Patient Portal', 'portal', 10, 0, 'ACO');
148 // xl('Patient Portal')
150 // Create ACOs for modules.
152 $gacl->add_object('menus', 'Modules', 'modle', 10, 0, 'ACO');
155 // Create ACOs for patients.
157 $gacl->add_object('patients', 'Appointments (write,wsome optional)', 'appt', 10, 0, 'ACO');
158 // xl('Appointments (write,wsome optional)')
159 $gacl->add_object('patients', 'Demographics (write,addonly optional)', 'demo', 10, 0, 'ACO');
160 // xl('Demographics (write,addonly optional)')
161 $gacl->add_object('patients', 'Medical/History (write,addonly optional)', 'med', 10, 0, 'ACO');
162 // xl('Medical/History (write,addonly optional)')
163 $gacl->add_object('patients', 'Transactions (write optional)', 'trans', 10, 0, 'ACO');
164 // xl('Transactions (write optional)')
165 $gacl->add_object('patients', 'Documents (write,addonly optional)', 'docs', 10, 0, 'ACO');
166 // xl('Documents (write,addonly optional)')
167 $gacl->add_object('patients', 'Documents Delete', 'docs_rm', 10, 0, 'ACO');
168 // xl('Documents Delete')
169 $gacl->add_object('patients', 'Patient Notes (write,addonly optional)', 'notes', 10, 0, 'ACO');
170 // xl('Patient Notes (write,addonly optional)')
171 $gacl->add_object('patients', 'Sign Lab Results (write,addonly optional)', 'sign', 10, 0, 'ACO');
172 // xl('Sign Lab Results (write,addonly optional)')
173 $gacl->add_object('patients', 'Patient Reminders (write,addonly optional)', 'reminder', 10, 0, 'ACO');
174 // xl('Patient Reminders (write,addonly optional)')
175 $gacl->add_object('patients', 'Clinical Reminders/Alerts (write,addonly optional)', 'alert', 10, 0, 'ACO');
176 // xl('Clinical Reminders/Alerts (write,addonly optional)')
177 $gacl->add_object('patients', 'Disclosures (write,addonly optional)', 'disclosure', 10, 0, 'ACO');
178 // xl('Disclosures (write,addonly optional)')
179 $gacl->add_object('patients', 'Prescriptions (write,addonly optional)', 'rx', 10, 0, 'ACO');
180 // xl('Prescriptions (write,addonly optional)')
181 $gacl->add_object('patients', 'Amendments (write,addonly optional)', 'amendment', 10, 0, 'ACO');
182 // xl('Amendments (write,addonly optional)')
183 $gacl->add_object('patients', 'Lab Results (write,addonly optional)', 'lab', 10, 0, 'ACO');
184 // xl('Lab Results (write,addonly optional)')
185 $gacl->add_object('patients', 'Patient Report', 'pat_rep', 10, 0, 'ACO');
186 // xl('Patient Report')
189 $gacl->add_object('groups', 'View/Add/Update groups', 'gadd', 10, 0, 'ACO');
190 // xl('View/Add/Update groups')
191 $gacl->add_object('groups', 'View/Create/Update groups appointment in calendar', 'gcalendar', 10, 0, 'ACO');
192 // xl('View/Create/Update groups appointment in calendar')
193 $gacl->add_object('groups', 'Group encounter log', 'glog', 10, 0, 'ACO');
194 // xl('Group encounter log')
195 $gacl->add_object('groups', 'Group detailed log of appointment in patient record', 'gdlog', 10, 0, 'ACO');
196 // xl('Group detailed log of appointment in patient record')
197 $gacl->add_object('groups', 'Send message from the permanent group therapist to the personal therapist', 'gm', 10, 0, 'ACO');
198 // xl('Send message from the permanent group therapist to the personal therapist')
200 // Create ACOs for sensitivities.
202 $gacl->add_object('sensitivities', 'Normal', 'normal', 10, 0, 'ACO');
204 $gacl->add_object('sensitivities', 'High', 'high', 20, 0, 'ACO');
207 // Create ACO for placeholder.
209 $gacl->add_object('placeholder', 'Placeholder (Maintains empty ACLs)', 'filler', 10, 0, 'ACO');
210 // xl('Placeholder (Maintains empty ACLs)')
212 // Create ACO for nationnotes.
214 $gacl->add_object('nationnotes', 'Nation Notes Configure', 'nn_configure', 10, 0, 'ACO');
215 // xl('Nation Notes Configure')
217 // Create ARO groups.
219 $users = $gacl->add_group('users', 'OpenEMR Users', 0, 'ARO');
220 // xl('OpenEMR Users')
221 $admin = $gacl->add_group('admin', 'Administrators', $users, 'ARO');
222 // xl('Administrators')
223 $clin = $gacl->add_group('clin', 'Clinicians', $users, 'ARO');
225 $doc = $gacl->add_group('doc', 'Physicians', $users, 'ARO');
227 $front = $gacl->add_group('front', 'Front Office', $users, 'ARO');
228 // xl('Front Office')
229 $back = $gacl->add_group('back', 'Accounting', $users, 'ARO');
231 $breakglass = $gacl->add_group('breakglass', 'Emergency Login', $users, 'ARO');
232 // xl('Emergency Login')
235 // Create a Users section for the AROs (humans).
237 $gacl->add_object_section('Users', 'users', 10, 0, 'ARO');
240 // Create the Administrator in the above-created "users" section
241 // and add him/her to the above-created "admin" group.
242 // If this script is being used by OpenEMR's setup, then will
243 // incorporate the installation values. Otherwise will
244 // hardcode the 'admin' user.
245 if (isset($this) && isset($this->iuser
)) {
246 $gacl->add_object('users', $this->iuname
, $this->iuser
, 10, 0, 'ARO');
247 $gacl->add_group_object($admin, 'users', $this->iuser
, 'ARO');
249 $gacl->add_object('users', 'Administrator', 'admin', 10, 0, 'ARO');
250 $gacl->add_group_object($admin, 'users', 'admin', 'ARO');
253 // Declare return terms for language translations
254 // xl('write') xl('wsome') xl('addonly') xl('view')
256 // Set permissions for administrators.
260 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
261 'admin'=>array('calendar', 'database', 'forms', 'practice', 'superbill', 'users', 'batchcom', 'language', 'super', 'drugs', 'acl','multipledb','menu','manage_modules'),
262 'encounters'=>array('auth_a', 'auth', 'coding_a', 'coding', 'notes_a', 'notes', 'date_a', 'relaxed'),
263 'lists'=>array('default','state','country','language','ethrace'),
264 'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes', 'sign', 'reminder', 'alert', 'disclosure', 'rx', 'amendment', 'lab', 'docs_rm','pat_rep'),
265 'sensitivities'=>array('normal', 'high'),
266 'nationnotes'=>array('nn_configure'),
267 'patientportal'=>array('portal'),
268 'menus'=>array('modle'),
269 'groups'=>array('gadd','gcalendar','glog','gdlog','gm')
278 'Administrators can do anything'
280 // xl('Administrators can do anything')
282 // Set permissions for physicians.
286 'patients'=>array('pat_rep')
295 'Things that physicians can only read'
297 // xl('Things that physicians can only read')
300 'placeholder'=>array('filler')
309 'Things that physicians can read and enter but not modify'
311 // xl('Things that physicians can read and enter but not modify')
314 'placeholder'=>array('filler')
323 'Things that physicians can read and partly modify'
325 // xl('Things that physicians can read and partly modify')
328 'acct'=>array('disc', 'rep'),
329 'admin'=>array('drugs'),
330 'encounters'=>array('auth_a', 'auth', 'coding_a', 'coding', 'notes_a', 'notes', 'date_a', 'relaxed'),
331 'patients' => array('appt', 'demo', 'med', 'trans', 'docs', 'notes', 'sign', 'reminder', 'alert',
332 'disclosure', 'rx', 'amendment', 'lab'),
333 'sensitivities'=>array('normal', 'high'),
334 'groups'=>array('gcalendar','glog')
343 'Things that physicians can read and modify'
345 // xl('Things that physicians can read and modify')
347 // Set permissions for clinicians.
351 'patients'=>array('pat_rep')
360 'Things that clinicians can only read'
362 // xl('Things that clinicians can only read')
365 'encounters'=>array('notes', 'relaxed'),
366 'patients'=>array('demo', 'med', 'docs', 'notes','trans', 'reminder', 'alert', 'disclosure', 'rx', 'amendment', 'lab'),
367 'sensitivities'=>array('normal')
376 'Things that clinicians can read and enter but not modify'
378 // xl('Things that clinicians can read and enter but not modify')
381 'placeholder'=>array('filler')
390 'Things that clinicians can read and partly modify'
392 // xl('Things that clinicians can read and partly modify')
395 'admin'=>array('drugs'),
396 'encounters'=>array('coding'),
397 'patients'=>array('appt'),
398 'groups'=>array('gcalendar','glog')
407 'Things that clinicians can read and modify'
409 // xl('Things that clinicians can read and modify')
411 // Set permissions for front office staff.
415 'patients'=>array('alert','pat_rep')
424 'Things that front office can only read'
426 // xl('Things that front office can only read')
429 'placeholder'=>array('filler')
438 'Things that front office can read and enter but not modify'
440 // xl('Things that front office can read and enter but not modify')
443 'placeholder'=>array('filler')
452 'Things that front office can read and partly modify'
454 // xl('Things that front office can read and partly modify')
457 'patients'=>array('appt', 'demo', 'trans', 'notes'),
458 'groups'=>array('gcalendar')
467 'Things that front office can read and modify'
469 // xl('Things that front office can read and modify')
471 // Set permissions for back office staff.
475 'patients'=>array('alert','pat_rep')
484 'Things that back office can only read'
486 // xl('Things that back office can only read')
489 'placeholder'=>array('filler')
498 'Things that back office can read and enter but not modify'
500 // xl('Things that back office can read and enter but not modify')
503 'placeholder'=>array('filler')
512 'Things that back office can read and partly modify'
514 // xl('Things that back office can read and partly modify')
517 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
518 'admin'=>array('practice', 'superbill'),
519 'encounters'=>array('auth_a', 'coding_a', 'date_a'),
520 'patients'=>array('appt', 'demo')
529 'Things that back office can read and modify'
531 // xl('Things that back office can read and modify')
533 // Set permissions for Emergency Login.
537 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
538 'admin'=>array('calendar', 'database', 'forms', 'practice', 'superbill', 'users', 'batchcom', 'language', 'super', 'drugs', 'acl','multipledb','menu','manage_modules'),
539 'encounters'=>array('auth_a', 'auth', 'coding_a', 'coding', 'notes_a', 'notes', 'date_a', 'relaxed'),
540 'lists'=>array('default','state','country','language','ethrace'),
541 'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes', 'sign', 'reminder', 'alert', 'disclosure', 'rx', 'amendment', 'lab', 'docs_rm','pat_rep'),
542 'sensitivities'=>array('normal', 'high'),
543 'nationnotes'=>array('nn_configure'),
544 'patientportal'=>array('portal'),
545 'menus'=>array('modle'),
546 'groups'=>array('gadd','gcalendar','glog','gdlog','gm')
555 'Emergency Login user can do anything'
557 // xl('Emergency Login user can do anything')
562 <title
>OpenEMR ACL Setup
</title
>
563 <link rel
=STYLESHEET href
="interface/themes/style_blue.css">
566 <b
>OpenEMR ACL Setup
</b
>
568 All done configuring
and installing access
controls (php
-GACL
)!