library/ajax/adminacl_ajax.php

   1 <?php
   2 // Copyright (C) 2007 Brady Miller <brady@sparmy.com>
   3 //
   4 // This program is free software; you can redistribute it and/or
   5 // modify it under the terms of the GNU General Public License
   6 // as published by the Free Software Foundation; either version 2
   7 // of the License, or (at your option) any later version.
   8 //
   9 //
  10 // This file contains functions that service ajax requests for
  11 // ACL(php-gacl) administration within OpenEMR. All returns are
  12 // done via xml.
  13 //
  14 include_once("../../interface/globals.php");
  15 include_once("$srcdir/acl.inc");
  16
  17 header("Content-type: text/xml");
  18 header("Cache-Control: no-cache");
  19
  20 //initiate error array
  21 $error = array();
  22
  23 //PENDING, need to clean this up on client side
  24 //ensure user has proper access
  25 if (!acl_check('admin', 'acl')) {
  26 echo error_xml(xl('ACL Administration Not Authorized'));
  27 exit;
  28 }
  29 //ensure php is installed
  30 if (!isset($phpgacl_location)) {
  31 echo error_xml(xl('PHP-gacl is not installed'));
  32 exit;
  33 }
  34
  35
  36 //PROCESS USERNAME REQUESTS
  37 if ($_POST["control"] == "username") {
  38  if ($_POST["action"] == "list") {
  39   //return username list with alert if user is not joined to group
  40   echo username_listings_xml($error);
  41  }
  42 }
  43
  44
  45 //PROCESS MEMBERSHIP REQUESTS
  46 if ($_POST["control"] == "membership") {
  47  if ($_POST["action"] == "list") {
  48   //return membership data
  49   echo user_group_listings_xml($_POST["name"], $error);
  50  }
  51
  52  if ($_POST["action"] == "add") {
  53   if ($_POST["selection"][0] == "null") {
  54    //no selection, return soft error, and just return membership data
  55    array_push($error, (xl('No group was selected') . "!"));
  56    echo user_group_listings_xml($_POST["name"], $error);
  57    exit;
  58   }
  59   //add the group, then return updated membership data
  60   add_user_aros($_POST["name"], $_POST["selection"]);
  61   echo user_group_listings_xml($_POST["name"], $error);
  62  }
  63
  64  if ($_POST["action"] == "remove") {
  65   if ($_POST["selection"][0] == "null") {
  66    //no selection, return soft error, and just return membership data
  67    array_push($error, (xl('No group was selected') . "!"));
  68    echo user_group_listings_xml($_POST["name"], $error);
  69    exit;
  70   }
  71   if (count(acl_get_group_titles($_POST["name"])) == count($_POST["selection"])) {
  72    //trying to remove from all groups, send soft error, and return data
  73    array_push($error, (xl('User has to be a member of at least one group') . "!"));
  74    echo user_group_listings_xml($_POST["name"], $error);
  75    exit;
  76   }
  77   if (($_POST["name"] == "admin") && in_array("Administrators",$_POST["selection"])) {
  78    //unable to remove admin user from administrators group, process remove,
  79    // send soft error, then return data
  80    array_push($error, (xl('Not allowed to remove the admin user from the Administrators group') . "!"));
  81    remove_user_aros($_POST["name"], $_POST["selection"]);
  82    echo user_group_listings_xml($_POST["name"], $error);
  83    exit;
  84   }
  85   //remove the group(s), then return updated membership data
  86   remove_user_aros($_POST["name"], $_POST["selection"]);
  87   echo user_group_listings_xml($_POST["name"], $error);
  88  }
  89 }
  90
  91
  92 //PROCESS ACL REQUESTS
  93 if ($_POST["control"] == "acl") {
  94  if ($_POST["action"] == "list") {
  95   //return acl titles with return values
  96   echo acl_listings_xml($error);
  97  }
  98
  99  if ($_POST["action"] == "add") {
 100   //validate form data
 101   $form_error = false;
 102   if (empty($_POST["title"])) {
 103    $form_error = true;
 104    array_push($error, ("title_" . xl('Need to enter title') . "!"));
 105   }
 106   else if (!ctype_alpha(str_replace(' ', '', $_POST["title"]))) {
 107    $form_error = true;
 108    array_push($error, ("title_" . xl('Please only use alphabetic characters') . "!"));
 109   }
 110   else if (acl_exist($_POST["title"], FALSE, $_POST["return_value"])) {
 111    $form_error = true;
 112    array_push($error, ("title_" . xl('Already used, choose another title') . "!"));
 113   }
 114   if (empty($_POST["identifier"])) {
 115    $form_error = true;
 116    array_push($error, ("identifier_" . xl('Need to enter identifier') . "!"));
 117   }
 118   else if (!ctype_alpha($_POST["identifier"])) {
 119    $form_error = true;
 120    array_push($error, ("identifier_" . xl('Please only use alphabetic characters with no spaces') . "!"));
 121   }
 122   else if (acl_exist(FALSE, $_POST["identifier"], $_POST["return_value"])) {
 123    $form_error = true;
 124    array_push($error, ("identifier_" . xl('Already used, choose another identifier') . "!"));
 125   }
 126   if (empty($_POST["return_value"])) {
 127    $form_error = true;
 128    array_push($error, ("return_" . xl('Need to enter a Return Value') . "!"));
 129   }
 130   if (empty($_POST["description"])) {
 131    $form_error = true;
 132    array_push($error, ("description_" . xl('Need to enter a description') . "!"));
 133   }
 134   else if (!ctype_alpha(str_replace(' ', '', $_POST["description"]))) {
 135    $form_error = true;
 136    array_push($error, ("description_" . xl('Please only use alphabetic characters') . "!"));
 137   }
 138   //process if data is valid
 139   if (!$form_error) {
 140    acl_add($_POST["title"], $_POST["identifier"], $_POST["return_value"], $_POST["description"]);
 141    echo "<?xml version=\"1.0\"?>\n" .
 142     "<response>\n" .
 143     "\t<success>SUCCESS</success>\n" .
 144     "</response>\n";
 145   }
 146   else { //$form_error = true, so return errors
 147    echo error_xml($error);
 148   }
 149  }
 150
 151  if ($_POST["action"] == "remove") {
 152   //validate form data
 153   $form_error = false;
 154   if ($_POST["title"] == "Administrators") {
 155    $form_error = true;
 156    array_push($error, ("aclTitle_" . xl('Not allowed to delete the Administrators group') . "!"));
 157   }
 158   //process if data is valid
 159   if (!$form_error) {
 160    acl_remove($_POST["title"], $_POST["return_value"]);
 161    echo "<?xml version=\"1.0\"?>\n" .
 162     "<response>\n" .
 163     "\t<success>SUCCESS</success>\n" .
 164     "</response>\n";
 165   }
 166   else { //$form_error = true, so return errors
 167    echo error_xml($error);
 168   }
 169  }
 170
 171  if ($_POST["action"] == "returns") {
 172   //simply return all the possible acl return_values
 173   echo return_values_xml($error);
 174  }
 175 }
 176
 177
 178 //PROCESS ACO REQUESTS
 179 if ($_POST["control"] == "aco") {
 180  if ($_POST["action"] == "list") {
 181   //send acl data
 182   echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
 183  }
 184
 185  if ($_POST["action"] == "add") {
 186   if ($_POST["selection"][0] == "null") {
 187    //no selection, return soft error, and just return data
 188    array_push($error, (xl('Nothing was selected') . "!"));
 189    echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
 190    exit;
 191   }
 192   //add the aco, then return updated membership data
 193   acl_add_acos($_POST["name"], $_POST["return_value"], $_POST["selection"]);
 194   echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
 195  }
 196
 197  if ($_POST["action"] == "remove") {
 198   if ($_POST["selection"][0] == "null") {
 199    //no selection, return soft error, and just return data
 200    array_push($error, (xl('Nothing was selected') . "!"));
 201    echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
 202    exit;
 203   }
 204   if ($_POST["name"] == "Administrators") {
 205    //will not allow removal of acos from Administrators ACL
 206    array_push($error, (xl('Not allowed to inactivate anything from the Administrators ACL') . "!"));
 207    echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
 208    exit;
 209   }
 210   if (count($_POST["selection"]) == acl_count_acos($_POST["name"], $_POST["return_value"])) {
 211    //will not allow removal of all aco objects
 212    array_push($error, (xl('Not allowed to inactivate all security objects') . "!"));
 213    echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
 214    exit;
 215   }
 216   //remove the acos, then return updated data
 217   acl_remove_acos($_POST["name"], $_POST["return_value"], $_POST["selection"]);
 218   echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
 219  }
 220 }
 221
 222
 223 //
 224 // Returns username listings via xml message.
 225 // It will also include alert if user is not joined
 226 // to a group yet
 227 //   $err = error strings (array)
 228 //
 229 function username_listings_xml($err) {
 230  $message = "<?xml version=\"1.0\"?>\n" .
 231   "<response>\n";
 232  $res = sqlStatement("select * from users where username != '' order by username");
 233  for ($iter = 0;$row = sqlFetchArray($res);$iter++)
 234   $result4[$iter] = $row;
 235  foreach ($result4 as $iter) {
 236   $message .= "\t<user>\n" .
 237     "\t\t<username>" . $iter{"username"} . "</username>\n";
 238   $username_acl_groups = acl_get_group_titles($iter{"username"});
 239   if (!$username_acl_groups) {
 240    //not joined to any group, so send alert
 241    $message .= "\t\t<alert>no membership</alert>\n";
 242   }
 243   $message .= "\t</user>\n";
 244  }
 245  if (isset($err)) {
 246   foreach ($err as $value) {
 247    $message .= "\t<error>" . $value . "</error>\n";
 248   }
 249  }
 250  $message .= "</response>\n";
 251  return $message;
 252 }
 253
 254 //
 255 // Returns user group listings(active and inactive lists)
 256 // via xml message.
 257 //   $username = username
 258 //   $err = error strings (array)
 259 //
 260 function user_group_listings_xml($username, $err) {
 261  $list_acl_groups = acl_get_group_title_list();
 262  $username_acl_groups = acl_get_group_titles($username);
 263
 264  $message = "<?xml version=\"1.0\"?>\n" .
 265   "<response>\n" .
 266   "\t<inactive>\n";
 267  foreach ($list_acl_groups as $value) {
 268   if (!in_array($value, $username_acl_groups)) {
 269    $message .= "\t\t<group>" . $value . "</group>\n";
 270   }
 271  }
 272  $message .= "\t</inactive>\n" .
 273   "\t<active>\n";
 274  foreach ($username_acl_groups as $value) {
 275   $message .= "\t\t<group>" . $value . "</group>\n";
 276  }
 277  $message .= "\t</active>\n";
 278  if (isset($err)) {
 279   foreach ($err as $value) {
 280    $message .= "\t<error>" . $value . "</error>\n";
 281   }
 282  }
 283  $message .= "</response>\n";
 284  return $message;
 285 }
 286
 287 //
 288 // Returns acl listings(including return value) via xml message.
 289 //   $err = error strings (array)
 290 //
 291 function acl_listings_xml($err) {
 292  global $phpgacl_location;
 293  include_once("$phpgacl_location/gacl_api.class.php");
 294  $gacl = new gacl_api();
 295
 296  $message = "<?xml version=\"1.0\"?>\n" .
 297   "<response>\n";
 298  foreach (acl_get_group_title_list() as $value) {
 299   $acl_id = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $value, FALSE, FALSE, FALSE, FALSE);
 300   foreach ($acl_id as $value2) {
 301    $acl = $gacl->get_acl($value2);
 302    $ret = $acl["return_value"];
 303    $note = $acl["note"];
 304    $message .= "\t<acl>\n" .
 305     "\t\t<title>" . $value . "</title>\n" .
 306     "\t\t<return>" . $ret  . "</return>\n" .
 307     "\t\t<note>" . $note  . "</note>\n" .
 308     "\t</acl>\n";
 309   }
 310  }
 311  if (isset($err)) {
 312   foreach ($err as $value) {
 313    $message .= "\t<error>" . $value . "</error>\n";
 314   }
 315  }
 316  $message .= "</response>\n";
 317  return $message;
 318 }
 319
 320 //
 321 // Return aco listings by sections(active and inactive lists)
 322 // via xml message.
 323 //   $group = group title (string)
 324 //   $return_value = return value (string)
 325 //   $err = error strings (array)
 326 //
 327 function aco_listings_xml($group, $return_value, $err) {
 328  global $phpgacl_location;
 329  include_once("$phpgacl_location/gacl_api.class.php");
 330  $gacl = new gacl_api();
 331
 332  //collect and sort all aco objects
 333  $list_aco_objects = $gacl->get_objects(NULL, 0, 'ACO');
 334  foreach ($list_aco_objects as $key => $value) {
 335   asort($list_aco_objects[$key]);
 336  }
 337
 338  //collect aco objects within the specified acl(already sorted)
 339  $acl_id = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $group, FALSE, FALSE, FALSE, $return_value);
 340  $acl = $gacl->get_acl($acl_id[0]);
 341  $active_aco_objects = $acl["aco"];
 342
 343  $message = "<?xml version=\"1.0\"?>\n" .
 344   "<response>\n" .
 345   "\t<inactive>\n";
 346  foreach ($list_aco_objects as $key => $value) {
 347   $counter = 0;
 348   foreach($list_aco_objects[$key] as $value2) {
 349    if (!in_array($value2, $active_aco_objects[$key])) {
 350     if ($counter == 0) {
 351      $counter = $counter + 1;
 352      $message .= "\t\t<section>\n" .
 353      "\t\t\t<name>" . $key . "</name>\n";
 354     }
 355     $aco_id = $gacl->get_object_id($key, $value2,'ACO');
 356     $aco_data = $gacl->get_object_data($aco_id, 'ACO');
 357     $aco_title = $aco_data[0][3];
 358     $message .= "\t\t\t<aco>\n";
 359     $message .= "\t\t\t\t<title>" . $aco_title . "</title>\n";
 360     $message .= "\t\t\t\t<id>" . $aco_id . "</id>\n";
 361     $message .= "\t\t\t</aco>\n";
 362    }
 363   }
 364   if ($counter != 0) {
 365    $message .= "\t\t</section>\n";
 366   }
 367  }
 368  $message .= "\t</inactive>\n" .
 369   "\t<active>\n";
 370  foreach ($active_aco_objects as $key => $value) {
 371   $message .= "\t\t<section>\n" .
 372    "\t\t\t<name>" . $key . "</name>\n";
 373   foreach($active_aco_objects[$key] as $value2) {
 374    $aco_id = $gacl->get_object_id($key, $value2,'ACO');
 375    $aco_data = $gacl->get_object_data($aco_id, 'ACO');
 376    $aco_title = $aco_data[0][3];
 377    $message .= "\t\t\t<aco>\n";
 378    $message .= "\t\t\t\t<title>" . $aco_title . "</title>\n";
 379    $message .= "\t\t\t\t<id>" . $aco_id . "</id>\n";
 380    $message .= "\t\t\t</aco>\n";
 381   }
 382   $message .= "\t\t</section>\n";
 383  }
 384  $message .= "\t</active>\n";
 385  if (isset($err)) {
 386   foreach ($err as $value) {
 387    $message .= "\t<error>" . $value . "</error>\n";
 388   }
 389  }
 390  $message .= "</response>\n";
 391  return $message;
 392 }
 393
 394 //
 395 // Returns listing of all possible return values via xml message.
 396 //   $err = error strings (array)
 397 //
 398 function return_values_xml($err) {
 399  global $phpgacl_location;
 400  include_once("$phpgacl_location/gacl_api.class.php");
 401  $gacl = new gacl_api();
 402  $returns = array();
 403
 404  $message = "<?xml version=\"1.0\"?>\n" .
 405   "<response>\n";
 406  foreach(acl_get_group_title_list() as $value) {
 407   $acl_id = $gacl->search_acl(FALSE, FALSE, FALSE, FALSE, $value, FALSE, FALSE, FALSE, FALSE);
 408    foreach($acl_id as $value2){
 409     $acl = $gacl->get_acl($value2);
 410     $ret = $acl["return_value"];
 411     if (!in_array($ret, $returns)) {
 412      $message .= "\t<return>" . $ret . "</return>\n";
 413      array_push($returns, $ret);
 414     }
 415    }
 416  }
 417  if (isset($err)) {
 418   foreach ($err as $value) {
 419    $message .= "\t<error>" . $value . "</error>\n";
 420    }
 421  }
 422  $message .= "</response>\n";
 423  return $message;
 424 }
 425
 426 //
 427 // Returns error string(s) via xml
 428 //   $err = error (string or array)
 429 //
 430 function error_xml($err) {
 431  $message = "<?xml version=\"1.0\"?>\n" .
 432   "<response>\n";
 433  if (is_array($err)){
 434   foreach ($err as $value){
 435    $message .= "\t<error>" . $value . "</error>\n";
 436   }
 437  }
 438  else {
 439  $message .= "\t<error>" . $err . "</error>\n";
 440  }
 441  $message .= "</response>\n";
 442  return $message;
 443 }
 444 ?>