search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix merge
[openemr.git] / acl_setup.php
blobdff865e8ced2a343a8d736310dfdf8ce262207e7
1 <?php
2 /**
3 * This program is run by the OpenEMR setup.php script to install phpGACL
4 * and creates the Access Control Objects and their sections.
5 * See src/Common/Acl/AclMain.php file for the list of
6 * currently supported Access Control Objects(ACO), which this
7 * script will install. This script also creates several
8 * ARO groups, an "admin" ARO, and some reasonable ACL entries for
9 * the groups.
10 * ARO groups include:
11 * Administrators
12 * Physicians (Doctors)
13 * Clinicians (Nurses, Physician Assistants, etc.)
14 * Front Office (Receptionist)
15 * Accounting
16 *
17 * Upgrade Howto
18 * When upgrading to a new version of OpenEMR, run the acl_upgrade.php
19 * script to update the phpGACL access controls. This is required to
20 * ensure the database includes all the required Access Control
21 * Objects(ACO).
22 *
23 * @package OpenEMR
24 * @link http://www.open-emr.org
25 * @author Rod Roark <rod@sunsetsystems.com>
26 * @author Brady Miller <brady.g.miller@gmail.com>
27 * @copyright Copyright (c) 2005-2017 Rod Roark <rod@sunsetsystems.com>
28 * @copyright Copyright (c) 2017 Brady Miller <brady.g.miller@gmail.com>
29 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
30 */
31
32 use OpenEMR\Gacl\GaclApi;
33
34 $gacl = new GaclApi();
35
36 // Create the ACO sections. Every ACO must have a section.
37 //
38 if ($gacl->add_object_section('Accounting', 'acct', 10, 0, 'ACO') === false) {
39 echo "Unable to create the access controls for OpenEMR. You have likely already run this script (acl_setup.php) successfully.<br />Other possible problems include php-GACL configuration file errors (gacl.ini.php or Gacl.php).<br>";
40 return;
41 }
42 // xl('Accounting')
43 $gacl->add_object_section('Administration', 'admin', 10, 0, 'ACO');
44 // xl('Administration')
45 $gacl->add_object_section('Encounters', 'encounters', 10, 0, 'ACO');
46 // xl('Encounters')
47 $gacl->add_object_section('Lists', 'lists', 10, 0, 'ACO');
48 // xl('Lists')
49 $gacl->add_object_section('Patients', 'patients', 10, 0, 'ACO');
50 // xl('Patients')
51 $gacl->add_object_section('Squads', 'squads', 10, 0, 'ACO');
52 // xl('Squads')
53 $gacl->add_object_section('Sensitivities', 'sensitivities', 10, 0, 'ACO');
54 // xl('Sensitivities')
55 $gacl->add_object_section('Placeholder', 'placeholder', 10, 0, 'ACO');
56 // xl('Placeholder')
57 $gacl->add_object_section('Nation Notes', 'nationnotes', 10, 0, 'ACO');
58 // xl('Nation Notes')
59 $gacl->add_object_section('Patient Portal', 'patientportal', 10, 0, 'ACO');
60 // xl('Patient Portal')
61 $gacl->add_object_section('Menus', 'menus', 10, 0, 'ACO');
62 // xl('Menus')
63 $gacl->add_object_section('Groups', 'groups', 10, 0, 'ACO');
64 // xl('Groups')
65
66
67
68 // Create Accounting ACOs.
69 //
70 $gacl->add_object('acct', 'Billing (write optional)', 'bill', 10, 0, 'ACO');
71 // xl('Billing (write optional)')
72 $gacl->add_object('acct', 'Price Discounting', 'disc', 10, 0, 'ACO');
73 // xl('Price Discounting')
74 $gacl->add_object('acct', 'EOB Data Entry', 'eob', 10, 0, 'ACO');
75 // xl('EOB Data Entry')
76 $gacl->add_object('acct', 'Financial Reporting - my encounters', 'rep', 10, 0, 'ACO');
77 // xl('Financial Reporting - my encounters')
78 $gacl->add_object('acct', 'Financial Reporting - anything', 'rep_a', 10, 0, 'ACO');
79 // xl('Financial Reporting - anything')
80
81 // Create Administration ACOs.
82 //
83 $gacl->add_object('admin', 'Superuser', 'super', 10, 0, 'ACO');
84 // xl('Superuser')
85 $gacl->add_object('admin', 'Calendar Settings', 'calendar', 10, 0, 'ACO');
86 // xl('Calendar Settings')
87 $gacl->add_object('admin', 'Database Reporting', 'database', 10, 0, 'ACO');
88 // xl('Database Reporting')
89 $gacl->add_object('admin', 'Forms Administration', 'forms', 10, 0, 'ACO');
90 // xl('Forms Administration')
91 $gacl->add_object('admin', 'Practice Settings', 'practice', 10, 0, 'ACO');
92 // xl('Practice Settings')
93 $gacl->add_object('admin', 'Superbill Codes Administration', 'superbill', 10, 0, 'ACO');
94 // xl('Superbill Codes Administration')
95 $gacl->add_object('admin', 'Users/Groups/Logs Administration', 'users', 10, 0, 'ACO');
96 // xl('Users/Groups/Logs Administration')
97 $gacl->add_object('admin', 'Batch Communication Tool', 'batchcom', 10, 0, 'ACO');
98 // xl('Batch Communication Tool')
99 $gacl->add_object('admin', 'Language Interface Tool', 'language', 10, 0, 'ACO');
100 // xl('Language Interface Tool')
101 $gacl->add_object('admin', 'Pharmacy Dispensary', 'drugs', 10, 0, 'ACO');
102 // xl('Pharmacy Dispensary')
103 $gacl->add_object('admin', 'ACL Administration', 'acl', 10, 0, 'ACO');
104 // xl('ACL Administration')
105 $gacl->add_object('admin', 'Multipledb', 'multipledb', 10, 0, 'ACO');
106 // xl('Multipledb')
107 $gacl->add_object('admin', 'Menu', 'menu', 10, 0, 'ACO');
108 // xl('Menu')
109 $gacl->add_object('admin', 'Manage modules', 'manage_modules', 10, 0, 'ACO');
110 // xl('Manage modules')
111
112
113 // Create ACOs for encounters.
114 //
115 $gacl->add_object('encounters', 'Authorize - my encounters', 'auth', 10, 0, 'ACO');
116 // xl('Authorize - my encounters')
117 $gacl->add_object('encounters', 'Authorize - any encounters', 'auth_a', 10, 0, 'ACO');
118 // xl('Authorize - any encounters')
119 $gacl->add_object('encounters', 'Coding - my encounters (write,wsome optional)', 'coding', 10, 0, 'ACO');
120 // xl('Coding - my encounters (write,wsome optional)')
121 $gacl->add_object('encounters', 'Coding - any encounters (write,wsome optional)', 'coding_a', 10, 0, 'ACO');
122 // xl('Coding - any encounters (write,wsome optional)')
123 $gacl->add_object('encounters', 'Notes - my encounters (write,addonly optional)', 'notes', 10, 0, 'ACO');
124 // xl('Notes - my encounters (write,addonly optional)')
125 $gacl->add_object('encounters', 'Notes - any encounters (write,addonly optional)', 'notes_a', 10, 0, 'ACO');
126 // xl('Notes - any encounters (write,addonly optional)')
127 $gacl->add_object('encounters', 'Fix encounter dates - any encounters', 'date_a', 10, 0, 'ACO');
128 // xl('Fix encounter dates - any encounters')
129 $gacl->add_object('encounters', 'Less-private information (write,addonly optional)', 'relaxed', 10, 0, 'ACO');
130 // xl('Less-private information (write,addonly optional)')
131
132 // Create ACOs for lists.
133 //
134 $gacl->add_object('lists', 'Default List (write,addonly optional)', 'default', 10, 0, 'ACO');
135 // xl('Default List (write,addonly optional)')
136 $gacl->add_object('lists', 'State List (write,addonly optional)', 'state', 10, 0, 'ACO');
137 // xl('State List (write,addonly optional)')
138 $gacl->add_object('lists', 'Country List (write,addonly optional)', 'country', 10, 0, 'ACO');
139 // xl('Country List (write,addonly optional)')
140 $gacl->add_object('lists', 'Language List (write,addonly optional)', 'language', 10, 0, 'ACO');
141 // xl('Language List (write,addonly optional)')
142 $gacl->add_object('lists', 'Ethnicity-Race List (write,addonly optional)', 'ethrace', 10, 0, 'ACO');
143 // xl('Ethnicity-Race List (write,addonly optional)')
144
145 // Create ACOs for patientportal.
146 //
147 $gacl->add_object('patientportal', 'Patient Portal', 'portal', 10, 0, 'ACO');
148 // xl('Patient Portal')
149
150 // Create ACOs for modules.
151 //
152 $gacl->add_object('menus', 'Modules', 'modle', 10, 0, 'ACO');
153 // xl('Modules')
154
155 // Create ACOs for patients.
156 //
157 $gacl->add_object('patients', 'Appointments (write,wsome optional)', 'appt', 10, 0, 'ACO');
158 // xl('Appointments (write,wsome optional)')
159 $gacl->add_object('patients', 'Demographics (write,addonly optional)', 'demo', 10, 0, 'ACO');
160 // xl('Demographics (write,addonly optional)')
161 $gacl->add_object('patients', 'Medical/History (write,addonly optional)', 'med', 10, 0, 'ACO');
162 // xl('Medical/History (write,addonly optional)')
163 $gacl->add_object('patients', 'Transactions (write optional)', 'trans', 10, 0, 'ACO');
164 // xl('Transactions (write optional)')
165 $gacl->add_object('patients', 'Documents (write,addonly optional)', 'docs', 10, 0, 'ACO');
166 // xl('Documents (write,addonly optional)')
167 $gacl->add_object('patients', 'Documents Delete', 'docs_rm', 10, 0, 'ACO');
168 // xl('Documents Delete')
169 $gacl->add_object('patients', 'Patient Notes (write,addonly optional)', 'notes', 10, 0, 'ACO');
170 // xl('Patient Notes (write,addonly optional)')
171 $gacl->add_object('patients', 'Sign Lab Results (write,addonly optional)', 'sign', 10, 0, 'ACO');
172 // xl('Sign Lab Results (write,addonly optional)')
173 $gacl->add_object('patients', 'Patient Reminders (write,addonly optional)', 'reminder', 10, 0, 'ACO');
174 // xl('Patient Reminders (write,addonly optional)')
175 $gacl->add_object('patients', 'Clinical Reminders/Alerts (write,addonly optional)', 'alert', 10, 0, 'ACO');
176 // xl('Clinical Reminders/Alerts (write,addonly optional)')
177 $gacl->add_object('patients', 'Disclosures (write,addonly optional)', 'disclosure', 10, 0, 'ACO');
178 // xl('Disclosures (write,addonly optional)')
179 $gacl->add_object('patients', 'Prescriptions (write,addonly optional)', 'rx', 10, 0, 'ACO');
180 // xl('Prescriptions (write,addonly optional)')
181 $gacl->add_object('patients', 'Amendments (write,addonly optional)', 'amendment', 10, 0, 'ACO');
182 // xl('Amendments (write,addonly optional)')
183 $gacl->add_object('patients', 'Lab Results (write,addonly optional)', 'lab', 10, 0, 'ACO');
184 // xl('Lab Results (write,addonly optional)')
185 $gacl->add_object('patients', 'Patient Report', 'pat_rep', 10, 0, 'ACO');
186 // xl('Patient Report')
187
188
189 $gacl->add_object('groups', 'View/Add/Update groups', 'gadd', 10, 0, 'ACO');
190 // xl('View/Add/Update groups')
191 $gacl->add_object('groups', 'View/Create/Update groups appointment in calendar', 'gcalendar', 10, 0, 'ACO');
192 // xl('View/Create/Update groups appointment in calendar')
193 $gacl->add_object('groups', 'Group encounter log', 'glog', 10, 0, 'ACO');
194 // xl('Group encounter log')
195 $gacl->add_object('groups', 'Group detailed log of appointment in patient record', 'gdlog', 10, 0, 'ACO');
196 // xl('Group detailed log of appointment in patient record')
197 $gacl->add_object('groups', 'Send message from the permanent group therapist to the personal therapist', 'gm', 10, 0, 'ACO');
198 // xl('Send message from the permanent group therapist to the personal therapist')
199
200 // Create ACOs for sensitivities.
201 //
202 $gacl->add_object('sensitivities', 'Normal', 'normal', 10, 0, 'ACO');
203 // xl('Normal')
204 $gacl->add_object('sensitivities', 'High', 'high', 20, 0, 'ACO');
205 // xl('High')
206
207 // Create ACO for placeholder.
208 //
209 $gacl->add_object('placeholder', 'Placeholder (Maintains empty ACLs)', 'filler', 10, 0, 'ACO');
210 // xl('Placeholder (Maintains empty ACLs)')
211
212 // Create ACO for nationnotes.
213 //
214 $gacl->add_object('nationnotes', 'Nation Notes Configure', 'nn_configure', 10, 0, 'ACO');
215 // xl('Nation Notes Configure')
216
217 // Create ARO groups.
218 //
219 $users = $gacl->add_group('users', 'OpenEMR Users', 0, 'ARO');
220 // xl('OpenEMR Users')
221 $admin = $gacl->add_group('admin', 'Administrators', $users, 'ARO');
222 // xl('Administrators')
223 $clin = $gacl->add_group('clin', 'Clinicians', $users, 'ARO');
224 // xl('Clinicians')
225 $doc = $gacl->add_group('doc', 'Physicians', $users, 'ARO');
226 // xl('Physicians')
227 $front = $gacl->add_group('front', 'Front Office', $users, 'ARO');
228 // xl('Front Office')
229 $back = $gacl->add_group('back', 'Accounting', $users, 'ARO');
230 // xl('Accounting')
231 $breakglass = $gacl->add_group('breakglass', 'Emergency Login', $users, 'ARO');
232 // xl('Emergency Login')
233
234
235 // Create a Users section for the AROs (humans).
236 //
237 $gacl->add_object_section('Users', 'users', 10, 0, 'ARO');
238 // xl('Users')
239
240 // Create the Administrator in the above-created "users" section
241 // and add him/her to the above-created "admin" group.
242 // If this script is being used by OpenEMR's setup, then will
243 // incorporate the installation values. Otherwise will
244 // hardcode the 'admin' user.
245 if (isset($this) && isset($this->iuser)) {
246 $gacl->add_object('users', $this->iuname, $this->iuser, 10, 0, 'ARO');
247 $gacl->add_group_object($admin, 'users', $this->iuser, 'ARO');
248 } else {
249 $gacl->add_object('users', 'Administrator', 'admin', 10, 0, 'ARO');
250 $gacl->add_group_object($admin, 'users', 'admin', 'ARO');
251 }
252
253 // Declare return terms for language translations
254 // xl('write') xl('wsome') xl('addonly') xl('view')
255
256 // Set permissions for administrators.
257 //
258 $gacl->add_acl(
259 array(
260 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
261 'admin'=>array('calendar', 'database', 'forms', 'practice', 'superbill', 'users', 'batchcom', 'language', 'super', 'drugs', 'acl','multipledb','menu','manage_modules'),
262 'encounters'=>array('auth_a', 'auth', 'coding_a', 'coding', 'notes_a', 'notes', 'date_a', 'relaxed'),
263 'lists'=>array('default','state','country','language','ethrace'),
264 'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes', 'sign', 'reminder', 'alert', 'disclosure', 'rx', 'amendment', 'lab', 'docs_rm','pat_rep'),
265 'sensitivities'=>array('normal', 'high'),
266 'nationnotes'=>array('nn_configure'),
267 'patientportal'=>array('portal'),
268 'menus'=>array('modle'),
269 'groups'=>array('gadd','gcalendar','glog','gdlog','gm')
270 ),
271 null,
272 array($admin),
273 null,
274 null,
275 1,
276 1,
277 'write',
278 'Administrators can do anything'
279 );
280 // xl('Administrators can do anything')
281
282 // Set permissions for physicians.
283 //
284 $gacl->add_acl(
285 array(
286 'patients'=>array('pat_rep')
287 ),
288 null,
289 array($doc),
290 null,
291 null,
292 1,
293 1,
294 'view',
295 'Things that physicians can only read'
296 );
297 // xl('Things that physicians can only read')
298 $gacl->add_acl(
299 array(
300 'placeholder'=>array('filler')
301 ),
302 null,
303 array($doc),
304 null,
305 null,
306 1,
307 1,
308 'addonly',
309 'Things that physicians can read and enter but not modify'
310 );
311 // xl('Things that physicians can read and enter but not modify')
312 $gacl->add_acl(
313 array(
314 'placeholder'=>array('filler')
315 ),
316 null,
317 array($doc),
318 null,
319 null,
320 1,
321 1,
322 'wsome',
323 'Things that physicians can read and partly modify'
324 );
325 // xl('Things that physicians can read and partly modify')
326 $gacl->add_acl(
327 array(
328 'acct'=>array('disc', 'rep'),
329 'admin'=>array('drugs'),
330 'encounters'=>array('auth_a', 'auth', 'coding_a', 'coding', 'notes_a', 'notes', 'date_a', 'relaxed'),
331 'patients' => array('appt', 'demo', 'med', 'trans', 'docs', 'notes', 'sign', 'reminder', 'alert',
332 'disclosure', 'rx', 'amendment', 'lab'),
333 'sensitivities'=>array('normal', 'high'),
334 'groups'=>array('gcalendar','glog')
335 ),
336 null,
337 array($doc),
338 null,
339 null,
340 1,
341 1,
342 'write',
343 'Things that physicians can read and modify'
344 );
345 // xl('Things that physicians can read and modify')
346
347 // Set permissions for clinicians.
348 //
349 $gacl->add_acl(
350 array(
351 'patients'=>array('pat_rep')
352 ),
353 null,
354 array($clin),
355 null,
356 null,
357 1,
358 1,
359 'view',
360 'Things that clinicians can only read'
361 );
362 // xl('Things that clinicians can only read')
363 $gacl->add_acl(
364 array(
365 'encounters'=>array('notes', 'relaxed'),
366 'patients'=>array('demo', 'med', 'docs', 'notes','trans', 'reminder', 'alert', 'disclosure', 'rx', 'amendment', 'lab'),
367 'sensitivities'=>array('normal')
368 ),
369 null,
370 array($clin),
371 null,
372 null,
373 1,
374 1,
375 'addonly',
376 'Things that clinicians can read and enter but not modify'
377 );
378 // xl('Things that clinicians can read and enter but not modify')
379 $gacl->add_acl(
380 array(
381 'placeholder'=>array('filler')
382 ),
383 null,
384 array($clin),
385 null,
386 null,
387 1,
388 1,
389 'wsome',
390 'Things that clinicians can read and partly modify'
391 );
392 // xl('Things that clinicians can read and partly modify')
393 $gacl->add_acl(
394 array(
395 'admin'=>array('drugs'),
396 'encounters'=>array('coding'),
397 'patients'=>array('appt'),
398 'groups'=>array('gcalendar','glog')
399 ),
400 null,
401 array($clin),
402 null,
403 null,
404 1,
405 1,
406 'write',
407 'Things that clinicians can read and modify'
408 );
409 // xl('Things that clinicians can read and modify')
410
411 // Set permissions for front office staff.
412 //
413 $gacl->add_acl(
414 array(
415 'patients'=>array('alert','pat_rep')
416 ),
417 null,
418 array($front),
419 null,
420 null,
421 1,
422 1,
423 'view',
424 'Things that front office can only read'
425 );
426 // xl('Things that front office can only read')
427 $gacl->add_acl(
428 array(
429 'placeholder'=>array('filler')
430 ),
431 null,
432 array($front),
433 null,
434 null,
435 1,
436 1,
437 'addonly',
438 'Things that front office can read and enter but not modify'
439 );
440 // xl('Things that front office can read and enter but not modify')
441 $gacl->add_acl(
442 array(
443 'placeholder'=>array('filler')
444 ),
445 null,
446 array($front),
447 null,
448 null,
449 1,
450 1,
451 'wsome',
452 'Things that front office can read and partly modify'
453 );
454 // xl('Things that front office can read and partly modify')
455 $gacl->add_acl(
456 array(
457 'patients'=>array('appt', 'demo', 'trans', 'notes'),
458 'groups'=>array('gcalendar')
459 ),
460 null,
461 array($front),
462 null,
463 null,
464 1,
465 1,
466 'write',
467 'Things that front office can read and modify'
468 );
469 // xl('Things that front office can read and modify')
470
471 // Set permissions for back office staff.
472 //
473 $gacl->add_acl(
474 array(
475 'patients'=>array('alert','pat_rep')
476 ),
477 null,
478 array($back),
479 null,
480 null,
481 1,
482 1,
483 'view',
484 'Things that back office can only read'
485 );
486 // xl('Things that back office can only read')
487 $gacl->add_acl(
488 array(
489 'placeholder'=>array('filler')
490 ),
491 null,
492 array($back),
493 null,
494 null,
495 1,
496 1,
497 'addonly',
498 'Things that back office can read and enter but not modify'
499 );
500 // xl('Things that back office can read and enter but not modify')
501 $gacl->add_acl(
502 array(
503 'placeholder'=>array('filler')
504 ),
505 null,
506 array($back),
507 null,
508 null,
509 1,
510 1,
511 'wsome',
512 'Things that back office can read and partly modify'
513 );
514 // xl('Things that back office can read and partly modify')
515 $gacl->add_acl(
516 array(
517 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
518 'admin'=>array('practice', 'superbill'),
519 'encounters'=>array('auth_a', 'coding_a', 'date_a'),
520 'patients'=>array('appt', 'demo')
521 ),
522 null,
523 array($back),
524 null,
525 null,
526 1,
527 1,
528 'write',
529 'Things that back office can read and modify'
530 );
531 // xl('Things that back office can read and modify')
532
533 // Set permissions for Emergency Login.
534 //
535 $gacl->add_acl(
536 array(
537 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
538 'admin'=>array('calendar', 'database', 'forms', 'practice', 'superbill', 'users', 'batchcom', 'language', 'super', 'drugs', 'acl','multipledb','menu','manage_modules'),
539 'encounters'=>array('auth_a', 'auth', 'coding_a', 'coding', 'notes_a', 'notes', 'date_a', 'relaxed'),
540 'lists'=>array('default','state','country','language','ethrace'),
541 'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes', 'sign', 'reminder', 'alert', 'disclosure', 'rx', 'amendment', 'lab', 'docs_rm','pat_rep'),
542 'sensitivities'=>array('normal', 'high'),
543 'nationnotes'=>array('nn_configure'),
544 'patientportal'=>array('portal'),
545 'menus'=>array('modle'),
546 'groups'=>array('gadd','gcalendar','glog','gdlog','gm')
547 ),
548 null,
549 array($breakglass),
550 null,
551 null,
552 1,
553 1,
554 'write',
555 'Emergency Login user can do anything'
556 );
557 // xl('Emergency Login user can do anything')
558
559 ?>
560 <html>
561 <head>
562 <title>OpenEMR ACL Setup</title>
563 <link rel=STYLESHEET href="interface/themes/style_blue.css">
564 </head>
565 <body>
566 <b>OpenEMR ACL Setup</b>
567 <br />
568 All done configuring and installing access controls (php-GACL)!
569 </body>
570 </html>
Mirror of official OpenEMR Sourceforge repository