2 // If you have installed phpGACL (http://phpgacl.sourceforge.net/)
3 // and have configured it for your site, then uncomment the following
4 // statement and change it to point to the location where
5 // gacl.class.php is intalled.
7 // $phpgacl_location = "/var/www/gacl";
9 // The following Access Control Objects (ACO) are currently supported.
10 // These are the "things to be protected":
12 // Section "admin" (Administration):
13 // super Superuser - can delete patients, encounters, issues
14 // calendar Calendar Settings
15 // database Database Reporting
16 // forms Forms Administration
17 // practice Practice Settings
18 // superbill Superbill Codes Administration
19 // users Users/Groups/Logs Administration
20 // batchcom Batch Communication Tool
21 // language Language Interface Tool
22 // drugs Pharmacy Dispensary
24 // Section "acct" (Accounting):
25 // bill Billing (write optional)
27 // rep Financial Reporting - my encounters
28 // rep_a Financial Reporting - anything
30 // Section "patients" (Patient Information):
31 // appt Appointments (write optional)
32 // demo Demographics (write,addonly optional)
33 // med Medical Records and History (write,addonly optional)
34 // trans Transactions, e.g. referrals (write optional)
35 // docs Documents (write,addonly optional)
36 // notes Patient Notes (write,addonly optional)
38 // Section "encounters" (Encounter Information):
39 // auth Authorize - my encounters
40 // auth_a Authorize - any encounters
41 // coding Coding - my encounters (write,wsome optional)
42 // coding_a Coding - any encounters (write,wsome optional)
43 // notes Notes - my encounters (write,addonly optional)
44 // notes_a Notes - any encounters (write,addonly optional)
45 // date_a Fix encounter dates - any encounters
46 // relaxed Less-private information (write,addonly optional)
47 // (e.g. the Sports Fitness encounter form)
49 // Section "squads" applies to sports team use only:
50 // acos in this section define the user-specified list of squads
52 // Section "sensitivities" (Sensitivities):
56 if (isset ($phpgacl_location)) {
57 include_once("$phpgacl_location/gacl.class.php");
58 $gacl_object = new gacl();
59 //DO NOT CHANGE BELOW VARIABLE
60 $section_aro_value = 'users';
63 // acl_check should return 0 if access is denied. Otherwise it may
64 // return anything that evaluates to true. In addition if any of the
65 // following types of access are applicable, then the corresponding value
66 // must be returned if and only if such access is granted (ony one may
69 // * write - the user may add or modify the ACO
70 // * wsome - the user has limited add/modify access to the ACO
71 // * addonly - the user may view and add but not modify entries
73 function acl_check($section, $value, $user = '') {
74 global $gacl_object, $phpgacl_location, $section_aro_value;
75 if (! $user) $user = $_SESSION['authUser'];
77 if ($phpgacl_location) {
78 return $gacl_object->acl_check($section, $value, $section_aro_value, $user);
81 // If no phpgacl, then apply the old static rules whereby "authorized"
82 // users (providers) can do anything, and other users can do most things.
83 // If you want custom access control but don't want to mess with phpGACL,
84 // then you could customize the code below instead.
86 if ($section == 'admin' && $value == 'super') return 0;
88 if ($_SESSION['userauthorized']) return 'write';
90 if ($section == 'patients') {
91 if ($value == 'med') return 1;
94 else if ($section == 'encounters') {
95 if (strpos($value, 'coding' ) === 0) return 'write';
96 if (strpos($value, 'notes' ) === 0) return 'write';
97 if ($value == 'relaxed') return 'write';
99 else if ($section != 'admin') {
106 // Get the ACO name/value pairs for a designated section. Each value
107 // is an array (section_value, value, order_value, name, hidden).
109 function acl_get_section_acos($section) {
110 global $phpgacl_location;
111 if ($phpgacl_location) {
112 include_once("$phpgacl_location/gacl_api.class.php");
113 $gacl = new gacl_api();
114 $arr1 = $gacl->get_objects($section, 1, 'ACO');
116 foreach ($arr1[$section] as $value) {
117 $odata = $gacl->get_object_data($gacl->get_object_id($section, $value, 'ACO'), 'ACO');
118 $arr[$value] = $odata[0];
125 // Return an array keyed on squad ACO names.
126 // This is only applicable for sports team use.
128 function acl_get_squads() {
129 return acl_get_section_acos('squads');
132 // Return an array keyed on encounter sensitivity level ACO names.
133 // Sensitivities are useful when some encounter notes are not
134 // medically sensitive (e.g. a physical fitness test), and/or if
135 // some will be "for doctor's eyes only" (e.g. STD treatment).
137 // When a non-blank sensitivity value exists in the new encounter
138 // form, it names an additional ACO required for access to all forms
139 // in the encounter. If you want some encounters to be non-sensitive,
140 // then you also need some default nonblank sensitivity for normal
141 // encounters, as well as greater encounter notes permissions for
142 // those allowed to view non-sensitive encounters.
144 function acl_get_sensitivities() {
145 return acl_get_section_acos('sensitivities');
149 // Returns a sorted array of all available Group Titles.
151 function acl_get_group_title_list() {
152 global $phpgacl_location;
153 if (isset ($phpgacl_location)) {
154 include_once("$phpgacl_location/gacl_api.class.php");
155 $gacl = new gacl_api();
156 $parent_id = $gacl->get_root_group_id();
157 $arr_group_ids = $gacl->get_group_children($parent_id, 'ARO');
158 $arr_group_titles = array();
159 foreach ($arr_group_ids as $value) {
160 $arr_group_data = $gacl->get_group_data($value, 'ARO');
161 $arr_group_titles[$value] = $arr_group_data[3];
163 sort($arr_group_titles);
164 return $arr_group_titles;
170 // Returns an array of group Titles that Username belongs to.
171 // Returns 0 if does not belong to any group yet.
172 // $user_name = Username, which is login name.
174 function acl_get_group_titles($user_name) {
175 global $phpgacl_location, $section_aro_value;
176 if (isset ($phpgacl_location)) {
177 include_once("$phpgacl_location/gacl_api.class.php");
178 $gacl = new gacl_api();
179 $user_aro_id = $gacl->get_object_id($section_aro_value, $user_name, 'ARO');
181 $arr_group_id = $gacl->get_object_groups($user_aro_id, 'ARO', 'NO_RECURSE');
183 foreach ($arr_group_id as $key => $value) {
184 $arr_group_data = $gacl->get_group_data($value, 'ARO');
185 $arr_group_titles[$key] = $arr_group_data[3];
187 return $arr_group_titles;
195 // This will either create or edit a user aro object, and then place it
196 // in the requested groups. It will not allow removal of the 'admin'
197 // user from the 'admin' group.
198 // $arr_group_titles = titles of the groups that user will be added to.
199 // $user_name = username, which is login name.
200 // $first_name = first name
201 // $middle_name = middle name
202 // $last_name = last name
204 function set_user_aro($arr_group_titles, $user_name, $first_name, $middle_name, $last_name) {
205 global $phpgacl_location, $section_aro_value;
207 if (isset ($phpgacl_location)) {
208 include_once("$phpgacl_location/gacl_api.class.php");
209 $gacl = new gacl_api();
211 //get array of all available group ID numbers
212 $parent_id = $gacl->get_root_group_id();
213 $arr_all_group_ids = $gacl->get_group_children($parent_id, 'ARO');
215 //Cycle through ID array to find and process each selected group
216 //Create a counter since processing of first hit is unique
218 foreach ($arr_all_group_ids as $value) {
219 $arr_group_data = $gacl->get_group_data($value, 'ARO');
220 if (in_array($arr_group_data[3], $arr_group_titles)) {
221 //We have a hit, so need to add group and increment counter
222 // because processing of first hit is unique
223 $counter = $counter + 1;
224 //create user full name field
226 $full_name = $first_name . " " . $middle_name . " " . $last_name;
229 $full_name = $first_name . " " . $last_name;
232 //If this is not the first group to be added, then will skip below
233 // and will be added. If this is the first group, then need to
234 // go thru several steps before adding the group.
236 //get ID of user ARO object, if it exist
237 $user_aro_id = $gacl->get_object_id($section_aro_value, $user_name, 'ARO');
239 //user ARO object already exist, so will edit it
240 $gacl->edit_object($user_aro_id, $section_aro_value, $full_name, $user_name, 10, 0, 'ARO');
242 //remove all current user ARO object group associations
243 $arr_remove_group_ids = $gacl->get_object_groups($user_aro_id, 'ARO', 'NO_RECURSE');
244 foreach ($arr_remove_group_ids as $value2) {
245 $gacl->del_group_object($value2, $section_aro_value, $user_name, 'ARO');
249 //user ARO object does not exist, so will create it
250 $gacl->add_object($section_aro_value, $full_name, $user_name, 10, 0, 'ARO');
254 //place the user ARO object in the selected group
255 $gacl->add_group_object($value, $section_aro_value, $user_name, 'ARO');
258 //Below will not allow 'admin' user to be removed from 'admin' group
260 if ($user_name == 'admin') {
262 $admin_id = $gacl->get_object_id($section_aro_value, 'admin', 'ARO');
263 $arr_admin = $gacl->get_object_groups($admin_id, 'ARO', 'NO_RECURSE');
264 foreach ($arr_admin as $value3) {
265 $arr_admin_data = $gacl->get_group_data($value3, 'ARO');
266 if (in_array($arr_admin_data[2], 'admin')) {
270 if (!$boolean_admin) {
271 foreach ($arr_all_group_ids as $value4) {
272 $arr_temp = $gacl->get_group_data($value4, 'ARO');
273 if ($arr_temp[2] == 'admin') {
274 $gacl->add_group_object($value4, $section_aro_value, 'admin', 'ARO');