2 // If you have installed phpGACL (http://phpgacl.sourceforge.net/)
3 // and have configured it for your site, then uncomment the following
4 // statement and change it to point to the location where
5 // gacl.class.php is intalled.
7 // $phpgacl_location = "/var/www/phpgacl";
9 // Tentatively, the following Access Control Objects will be supported.
10 // These are the "things to be protected":
12 // Section "admin" (Administration):
13 // acl Access Control Administration
14 // calendar Calendar Settings
15 // database Database Reporting
16 // forms Forms Administration
17 // practice Practice Settings
18 // superbill Superbill Codes Administration
19 // users Users/Groups/Logs Administration
21 // Section "acct" (Accounting):
22 // bill Billing (write optional)
24 // rep Financial Reporting - my encounters
25 // rep_a Financial Reporting - anything
27 // Section "patients" (Patient Information):
28 // appt Appointments (write optional)
29 // demo Demographics (write,addonly optional)
30 // med Medical Records and History (write,addonly optional)
31 // trans Transactions, e.g. referrals (write optional)
32 // docs Documents (write,addonly optional)
33 // notes Patient Notes (write,addonly optional)
35 // Section "encounters" (Encounter Information):
36 // auth Authorize - my encounters
37 // auth_a Authorize - any encounters
38 // coding Coding - my encounters (write,wsome optional)
39 // coding_a Coding - any encounters (write,wsome optional)
40 // notes Notes - my encounters (write,addonly optional)
41 // notes_a Notes - any encounters (write,addonly optional)
42 // date_a Fix encounter dates - any encounters
43 // relaxed Less-private information (write,addonly optional)
44 // (e.g. the Sports Fitness encounter form)
46 if ($phpgacl_location) {
47 include_once("$phpgacl_location/gacl.class.php");
48 $gacl_object = new gacl();
51 // acl_check should return 0 if access is denied. Otherwise it may
52 // return anything that evaluates to true. In addition if any of the
53 // following types of access are applicable, then the corresponding value
54 // must be returned if and only if such access is granted (ony one may
57 // * write - the user may add or modify the ACO
58 // * wsome - the user has limited add/modify access to the ACO
59 // * addonly - the user may view and add but not modify entries
61 function acl_check($section, $value, $user = '') {
62 global $gacl_object, $phpgacl_location;
63 if (! $user) $user = $_SESSION['authUser'];
65 if ($phpgacl_location) {
66 return $gacl_object->acl_check($section, $value, 'users', $user);
69 // If no phpgacl, then apply the old static rules whereby "authorized"
70 // users (providers) can do anything, and other users can do most things.
71 // If you want custom access control but don't want to mess with phpGACL,
72 // then you could customize the code below instead.
74 if ($_SESSION['userauthorized']) return 'write';
76 if ($section == 'patients') {
77 if ($value != 'med') return 'write';
79 else if ($section == 'encounters') {
80 if (strpos($value, 'coding' ) === 0) return 'write';
81 if (strpos($value, 'notes' ) === 0) return 'write';
82 if ($value == 'relaxed') return 'write';
84 else if ($section == 'acct') {