search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Eye module improvements with other minor improvements
[openemr.git] / library / ajax / adminacl_ajax.php
blob077db70aab3d5cfec2b5585d4e64db093ce9debd
1 <?php
2 /**
3 * This file contains functions that service ajax requests for
4 * ACL(php-gacl) administration within OpenEMR. All returns are
5 * done via xml.
6 *
7 * Important - Ensure that display_errors=Off in php.ini settings.
8 *
9 * @package OpenEMR
10 * @link http://www.open-emr.org
11 * @author Brady Miller <brady.g.miller@gmail.com>
12 * @copyright Copyright (c) 2007-2017 Brady Miller <brady.g.miller@gmail.com>
13 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
14 */
15
16 require_once("../../interface/globals.php");
17 require_once("$srcdir/acl.inc");
18 require_once("$srcdir/user.inc");
19 require_once("$srcdir/calendar.inc");
20
21 header("Content-type: text/xml");
22 header("Cache-Control: no-cache");
23
24 //initiate error array
25 $error = array();
26
27 //PENDING, need to clean this up on client side
28 //ensure user has proper access
29 if (!acl_check('admin', 'acl')) {
30 echo error_xml(xl('ACL Administration Not Authorized'));
31 exit;
32 }
33
34 //ensure php is installed
35 if (!isset($phpgacl_location)) {
36 echo error_xml(xl('PHP-gacl is not installed'));
37 exit;
38 }
39
40 //Display red alert if Emergency Login ACL is activated for a user.
41 if ($_POST["action"] == "add") {
42 if (is_array($_POST["selection"]) && in_array("Emergency Login", $_POST["selection"])) {
43 array_push($error, (xl('Emergency Login ACL is chosen. The user is still in active state, please de-activate the user and activate the same when required during emergency situations. Visit Administration->Users for activation or de-activation.') ));
44 }
45 }
46
47 //PROCESS USERNAME REQUESTS
48 if ($_POST["control"] == "username") {
49 if ($_POST["action"] == "list") {
50 //return username list with alert if user is not joined to group
51 echo username_listings_xml($error);
52 }
53 }
54
55
56 //PROCESS MEMBERSHIP REQUESTS
57 if ($_POST["control"] == "membership") {
58 if ($_POST["action"] == "list") {
59 //return membership data
60 echo user_group_listings_xml($_POST["name"], $error);
61 }
62
63 if ($_POST["action"] == "add") {
64 if ($_POST["selection"][0] == "null") {
65 //no selection, return soft error, and just return membership data
66 array_push($error, (xl('No group was selected') . "!"));
67 echo user_group_listings_xml($_POST["name"], $error);
68 exit;
69 }
70
71 //add the group, then return updated membership data
72 add_user_aros($_POST["name"], $_POST["selection"]);
73 echo user_group_listings_xml($_POST["name"], $error);
74 }
75
76 if ($_POST["action"] == "remove") {
77 if ($_POST["selection"][0] == "null") {
78 //no selection, return soft error, and just return membership data
79 array_push($error, (xl('No group was selected') . "!"));
80 echo user_group_listings_xml($_POST["name"], $error);
81 exit;
82 }
83
84 // check if user is protected. If so, then state message unable to remove from admin group.
85 $userNametoID = getIDfromUser($_POST["name"]);
86 if (checkUserSetting("gacl_protect", "1", $userNametoID) || ($_POST["name"] == "admin")) {
87 $gacl_protect = true;
88 } else {
89 $gacl_protect = false;
90 }
91
92 if ($gacl_protect && in_array("Administrators", $_POST["selection"])) {
93 //unable to remove admin user from administrators group, process remove,
94 // send soft error, then return data
95 array_push($error, (xl('Not allowed to remove this user from the Administrators group') . "!"));
96 remove_user_aros($_POST["name"], $_POST["selection"]);
97 echo user_group_listings_xml($_POST["name"], $error);
98 exit;
99 }
100
101 //remove the group(s), then return updated membership data
102 remove_user_aros($_POST["name"], $_POST["selection"]);
103 echo user_group_listings_xml($_POST["name"], $error);
104 }
105 }
106
107
108 //PROCESS ACL REQUESTS
109 if ($_POST["control"] == "acl") {
110 if ($_POST["action"] == "list") {
111 //return acl titles with return values
112 echo acl_listings_xml($error);
113 }
114
115 if ($_POST["action"] == "add") {
116 //validate form data
117 $form_error = false;
118 if (empty($_POST["title"])) {
119 $form_error = true;
120 array_push($error, ("title_" . xl('Need to enter title') . "!"));
121 } else if (!ctype_alpha(str_replace(' ', '', $_POST["title"]))) {
122 $form_error = true;
123 array_push($error, ("title_" . xl('Please only use alphabetic characters') . "!"));
124 } else if (acl_exist($_POST["title"], false, $_POST["return_value"])) {
125 $form_error = true;
126 array_push($error, ("title_" . xl('Already used, choose another title') . "!"));
127 }
128
129 if (empty($_POST["identifier"])) {
130 $form_error = true;
131 array_push($error, ("identifier_" . xl('Need to enter identifier') . "!"));
132 } else if (!ctype_alpha($_POST["identifier"])) {
133 $form_error = true;
134 array_push($error, ("identifier_" . xl('Please only use alphabetic characters with no spaces') . "!"));
135 } else if (acl_exist(false, $_POST["identifier"], $_POST["return_value"])) {
136 $form_error = true;
137 array_push($error, ("identifier_" . xl('Already used, choose another identifier') . "!"));
138 }
139
140 if (empty($_POST["return_value"])) {
141 $form_error = true;
142 array_push($error, ("return_" . xl('Need to enter a Return Value') . "!"));
143 }
144
145 if (empty($_POST["description"])) {
146 $form_error = true;
147 array_push($error, ("description_" . xl('Need to enter a description') . "!"));
148 } else if (!ctype_alpha(str_replace(' ', '', $_POST["description"]))) {
149 $form_error = true;
150 array_push($error, ("description_" . xl('Please only use alphabetic characters') . "!"));
151 }
152
153 //process if data is valid
154 if (!$form_error) {
155 acl_add($_POST["title"], $_POST["identifier"], $_POST["return_value"], $_POST["description"]);
156 echo "<?xml version=\"1.0\"?>\n" .
157 "<response>\n" .
158 "\t<success>SUCCESS</success>\n" .
159 "</response>\n";
160 } else { //$form_error = true, so return errors
161 echo error_xml($error);
162 }
163 }
164
165 if ($_POST["action"] == "remove") {
166 //validate form data
167 $form_error = false;
168 if (empty($_POST["title"])) {
169 $form_error = true;
170 array_push($error, ("aclTitle_" . xl('Need to enter title') . "!"));
171 }
172
173 if ($_POST["title"] == "Administrators") {
174 $form_error = true;
175 array_push($error, ("aclTitle_" . xl('Not allowed to delete the Administrators group') . "!"));
176 }
177
178 //process if data is valid
179 if (!$form_error) {
180 acl_remove($_POST["title"], $_POST["return_value"]);
181 echo "<?xml version=\"1.0\"?>\n" .
182 "<response>\n" .
183 "\t<success>SUCCESS</success>\n" .
184 "</response>\n";
185 } else { //$form_error = true, so return errors
186 echo error_xml($error);
187 }
188 }
189
190 if ($_POST["action"] == "returns") {
191 //simply return all the possible acl return_values
192 echo return_values_xml($error);
193 }
194 }
195
196
197 //PROCESS ACO REQUESTS
198 if ($_POST["control"] == "aco") {
199 if ($_POST["action"] == "list") {
200 //send acl data
201 echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
202 }
203
204 if ($_POST["action"] == "add") {
205 if ($_POST["selection"][0] == "null") {
206 //no selection, return soft error, and just return data
207 array_push($error, (xl('Nothing was selected') . "!"));
208 echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
209 exit;
210 }
211
212 //add the aco, then return updated membership data
213 acl_add_acos($_POST["name"], $_POST["return_value"], $_POST["selection"]);
214 echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
215 }
216
217 if ($_POST["action"] == "remove") {
218 if ($_POST["selection"][0] == "null") {
219 //no selection, return soft error, and just return data
220 array_push($error, (xl('Nothing was selected') . "!"));
221 echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
222 exit;
223 }
224
225 if ($_POST["name"] == "Administrators") {
226 //will not allow removal of acos from Administrators ACL
227 array_push($error, (xl('Not allowed to inactivate anything from the Administrators ACL') . "!"));
228 echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
229 exit;
230 }
231
232 //remove the acos, then return updated data
233 acl_remove_acos($_POST["name"], $_POST["return_value"], $_POST["selection"]);
234 echo aco_listings_xml($_POST["name"], $_POST["return_value"], $error);
235 }
236 }
237
238
239 //
240 // Returns username listings via xml message.
241 // It will also include alert if user is not joined
242 // to a group yet
243 // $err = error strings (array)
244 //
245 function username_listings_xml($err)
246 {
247 $message = "<?xml version=\"1.0\"?>\n" .
248 "<response>\n";
249 $res = sqlStatement("select * from users where username != '' and active = 1 order by username");
250 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
251 $result4[$iter] = $row;
252 }
253
254 foreach ($result4 as $iter) {
255 $message .= "\t<user>\n" .
256 "\t\t<username>" . $iter{"username"} . "</username>\n";
257 $username_acl_groups = acl_get_group_titles($iter{"username"});
258 if (!$username_acl_groups) {
259 //not joined to any group, so send alert
260 $message .= "\t\t<alert>no membership</alert>\n";
261 }
262
263 $message .= "\t</user>\n";
264 }
265
266 if (isset($err)) {
267 foreach ($err as $value) {
268 $message .= "\t<error>" . $value . "</error>\n";
269 }
270 }
271
272 $message .= "</response>\n";
273 return $message;
274 }
275
276 //
277 // Returns user group listings(active and inactive lists)
278 // via xml message.
279 // $username = username
280 // $err = error strings (array)
281 //
282 function user_group_listings_xml($username, $err)
283 {
284 $list_acl_groups = acl_get_group_title_list();
285 $username_acl_groups = acl_get_group_titles($username);
286 //note acl_get_group_titles() returns a 0 if user in no groups
287
288 $message = "<?xml version=\"1.0\"?>\n" .
289 "<response>\n" .
290 "\t<inactive>\n";
291 foreach ($list_acl_groups as $value) {
292 if ((!$username_acl_groups) || (!(in_array($value, $username_acl_groups)))) {
293 $message .= "\t\t<group>\n";
294 $message .= "\t\t\t<value>" . $value . "</value>\n";
295
296 // Modified 6-2009 by BM - Translate gacl group name if applicable
297 $message .= "\t\t\t<label>" . xl_gacl_group($value) . "</label>\n";
298
299 $message .= "\t\t</group>\n";
300 }
301 }
302
303 $message .= "\t</inactive>\n" .
304 "\t<active>\n";
305 if ($username_acl_groups) {
306 foreach ($username_acl_groups as $value) {
307 $message .= "\t\t<group>\n";
308 $message .= "\t\t\t<value>" . $value . "</value>\n";
309
310 // Modified 6-2009 by BM - Translate gacl group name if applicable
311 $message .= "\t\t\t<label>" . xl_gacl_group($value) . "</label>\n";
312
313 $message .= "\t\t</group>\n";
314 }
315 }
316
317 $message .= "\t</active>\n";
318 if (isset($err)) {
319 foreach ($err as $value) {
320 $message .= "\t<error>" . $value . "</error>\n";
321 }
322 }
323
324 $message .= "</response>\n";
325 return $message;
326 }
327
328 //
329 // Returns acl listings(including return value) via xml message.
330 // $err = error strings (array)
331 //
332 function acl_listings_xml($err)
333 {
334 global $phpgacl_location;
335 include_once("$phpgacl_location/gacl_api.class.php");
336 $gacl = new gacl_api();
337
338 $message = "<?xml version=\"1.0\"?>\n" .
339 "<response>\n";
340 foreach (acl_get_group_title_list() as $value) {
341 $acl_id = $gacl->search_acl(false, false, false, false, $value, false, false, false, false);
342 foreach ($acl_id as $value2) {
343 $acl = $gacl->get_acl($value2);
344 $ret = $acl["return_value"];
345 $note = $acl["note"];
346
347 // Modified 6-2009 by BM - Translate gacl group name if applicable
348 // Translate return value
349 // Translate description
350 $message .= "\t<acl>\n" .
351 "\t\t<value>" . $value . "</value>\n" .
352 "\t\t<title>" . xl_gacl_group($value) . "</title>\n" .
353 "\t\t<returnid>" . $ret . "</returnid>\n" .
354 "\t\t<returntitle>" . xl($ret) . "</returntitle>\n" .
355 "\t\t<note>" . xl($note) . "</note>\n" .
356 "\t</acl>\n";
357 }
358 }
359
360 if (isset($err)) {
361 foreach ($err as $value) {
362 $message .= "\t<error>" . $value . "</error>\n";
363 }
364 }
365
366 $message .= "</response>\n";
367 return $message;
368 }
369
370 //
371 // Return aco listings by sections(active and inactive lists)
372 // via xml message.
373 // $group = group title (string)
374 // $return_value = return value (string)
375 // $err = error strings (array)
376 //
377 function aco_listings_xml($group, $return_value, $err)
378 {
379 global $phpgacl_location;
380 include_once("$phpgacl_location/gacl_api.class.php");
381 $gacl = new gacl_api();
382
383 //collect and sort all aco objects
384 $list_aco_objects = $gacl->get_objects(null, 0, 'ACO');
385 foreach ($list_aco_objects as $key => $value) {
386 asort($list_aco_objects[$key]);
387 }
388
389 //collect aco objects within the specified acl(already sorted)
390 $acl_id = $gacl->search_acl(false, false, false, false, $group, false, false, false, $return_value);
391 $acl = $gacl->get_acl($acl_id[0]);
392 $active_aco_objects = $acl["aco"];
393
394 $message = "<?xml version=\"1.0\"?>\n" .
395 "<response>\n" .
396 "\t<inactive>\n";
397 foreach ($list_aco_objects as $key => $value) {
398 $counter = 0;
399 foreach ($list_aco_objects[$key] as $value2) {
400 if (!array_key_exists($key, $active_aco_objects) || !in_array($value2, $active_aco_objects[$key])) {
401 if ($counter == 0) {
402 $counter = $counter + 1;
403 $aco_section_data = $gacl->get_section_data($key, 'ACO');
404 $aco_section_title = $aco_section_data[3];
405
406 // Modified 6-2009 by BM - Translate gacl aco section name
407 $message .= "\t\t<section>\n" .
408 "\t\t\t<name>" . xl($aco_section_title) . "</name>\n";
409 }
410
411 $aco_id = $gacl->get_object_id($key, $value2, 'ACO');
412 $aco_data = $gacl->get_object_data($aco_id, 'ACO');
413 $aco_title = $aco_data[0][3];
414 $message .= "\t\t\t<aco>\n";
415
416 // Modified 6-2009 by BM - Translate gacl aco name
417 $message .= "\t\t\t\t<title>" . xl($aco_title) . "</title>\n";
418
419 $message .= "\t\t\t\t<id>" . $aco_id . "</id>\n";
420 $message .= "\t\t\t</aco>\n";
421 }
422 }
423
424 if ($counter != 0) {
425 $message .= "\t\t</section>\n";
426 }
427 }
428
429 $message .= "\t</inactive>\n" .
430 "\t<active>\n";
431 foreach ($active_aco_objects as $key => $value) {
432 $aco_section_data = $gacl->get_section_data($key, 'ACO');
433 $aco_section_title = $aco_section_data[3];
434
435 // Modified 6-2009 by BM - Translate gacl aco section name
436 $message .= "\t\t<section>\n" .
437 "\t\t\t<name>" . xl($aco_section_title) . "</name>\n";
438
439 foreach ($active_aco_objects[$key] as $value2) {
440 $aco_id = $gacl->get_object_id($key, $value2, 'ACO');
441 $aco_data = $gacl->get_object_data($aco_id, 'ACO');
442 $aco_title = $aco_data[0][3];
443 $message .= "\t\t\t<aco>\n";
444
445 // Modified 6-2009 by BM - Translate gacl aco name
446 $message .= "\t\t\t\t<title>" . xl($aco_title) . "</title>\n";
447
448 $message .= "\t\t\t\t<id>" . $aco_id . "</id>\n";
449 $message .= "\t\t\t</aco>\n";
450 }
451
452 $message .= "\t\t</section>\n";
453 }
454
455 $message .= "\t</active>\n";
456 if (isset($err)) {
457 foreach ($err as $value) {
458 $message .= "\t<error>" . $value . "</error>\n";
459 }
460 }
461
462 $message .= "</response>\n";
463 return $message;
464 }
465
466 //
467 // Returns listing of all possible return values via xml message.
468 // $err = error strings (array)
469 //
470 function return_values_xml($err)
471 {
472 global $phpgacl_location;
473 include_once("$phpgacl_location/gacl_api.class.php");
474 $gacl = new gacl_api();
475 $returns = array();
476
477 $message = "<?xml version=\"1.0\"?>\n" .
478 "<response>\n";
479 foreach (acl_get_group_title_list() as $value) {
480 $acl_id = $gacl->search_acl(false, false, false, false, $value, false, false, false, false);
481 foreach ($acl_id as $value2) {
482 $acl = $gacl->get_acl($value2);
483 $ret = $acl["return_value"];
484 if (!in_array($ret, $returns)) {
485 // Modified 6-2009 by BM - Translate return value
486 $message .= "\t<return>\n";
487 $message .= "\t\t<returnid>" . $ret . "</returnid>\n";
488 $message .= "\t\t<returntitle>" . xl($ret) . "</returntitle>\n";
489 $message .= "\t</return>\n";
490
491 array_push($returns, $ret);
492 }
493 }
494 }
495
496 if (isset($err)) {
497 foreach ($err as $value) {
498 $message .= "\t<error>" . $value . "</error>\n";
499 }
500 }
501
502 $message .= "</response>\n";
503 return $message;
504 }
505
506 //
507 // Returns error string(s) via xml
508 // $err = error (string or array)
509 //
510 function error_xml($err)
511 {
512 $message = "<?xml version=\"1.0\"?>\n" .
513 "<response>\n";
514 if (is_array($err)) {
515 foreach ($err as $value) {
516 $message .= "\t<error>" . $value . "</error>\n";
517 }
518 } else {
519 $message .= "\t<error>" . $err . "</error>\n";
520 }
521
522 $message .= "</response>\n";
523 return $message;
524 }
Mirror of official OpenEMR Sourceforge repository