search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
feat: allow full swapping of insurances (#6311)
[openemr.git] / gacl / admin / acl_list.php
blobb9aafcf77f4c1e9e1998335c4c5972a961d2977b
1 <?php
2 //First make sure user has access
3 require_once("../../interface/globals.php");
4
5 use OpenEMR\Common\Acl\AclMain;
6 use OpenEMR\Common\Csrf\CsrfUtils;
7 use OpenEMR\Common\Twig\TwigContainer;
8
9 //ensure user has proper access
10 if (!AclMain::aclCheckCore('admin', 'acl')) {
11 echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("ACL Administration")]);
12 exit;
13 }
14
15 require_once('gacl_admin.inc.php');
16
17 $getAction = $_GET['action'] ?? null;
18 switch ($getAction) {
19 case 'Delete':
20
21 //CSRF prevent
22 if (!CsrfUtils::verifyCsrfToken($_GET["csrf_token_form"])) {
23 CsrfUtils::csrfNotVerified();
24 }
25
26 $gacl_api->debug_text('Delete!');
27
28 if (is_array ($_GET['delete_acl']) AND !empty($_GET['delete_acl'])) {
29 foreach($_GET['delete_acl'] as $id) {
30 $gacl_api->del_acl($id);
31 }
32 }
33
34 //Return page.
35 $gacl_api->return_page($_GET['return_page']);
36 break;
37 case 'Submit':
38 $gacl_api->debug_text('Submit!!');
39 break;
40 default:
41 /*
42 * When the user requests to filter the list, run the filter and get just the matching IDs.
43 * Use these IDs to get the entire ACL information in the second query.
44 *
45 * If we just put the LIKE statements in the second query, it will match the correct ACLs
46 * but will only return the matching rows, so it won't show the entire ACL information.
47 *
48 */
49 if (isset($getAction) AND $getAction == 'Filter') {
50 $gacl_api->debug_text('Filtering...');
51
52 $query = '
53 SELECT DISTINCT a.id
54 FROM '. $gacl_api->_db_table_prefix .'acl a
55 LEFT JOIN '. $gacl_api->_db_table_prefix .'aco_map ac ON ac.acl_id=a.id
56 LEFT JOIN '. $gacl_api->_db_table_prefix .'aro_map ar ON ar.acl_id=a.id
57 LEFT JOIN '. $gacl_api->_db_table_prefix .'axo_map ax ON ax.acl_id=a.id';
58
59 if ( isset($_GET['filter_aco_section']) AND $_GET['filter_aco_section'] != '-1') {
60 $filter_query[] = 'ac.section_value='. $db->qstr(strtolower($_GET['filter_aco_section']));
61 }
62 if ( isset($_GET['filter_aco']) AND $_GET['filter_aco'] != '') {
63 $query .= '
64 LEFT JOIN '. $gacl_api->_db_table_prefix .'aco c ON (c.section_value=ac.section_value AND c.value=ac.value)';
65
66 $name = $db->qstr(strtolower($_GET['filter_aco']));
67 $filter_query[] = '(lower(c.value) LIKE '. $name .' OR lower(c.name) LIKE '. $name .')';
68 }
69
70 if ( isset($_GET['filter_aro_section']) AND $_GET['filter_aro_section'] != '-1') {
71 $filter_query[] = 'ar.section_value='. $db->qstr(strtolower($_GET['filter_aro_section']));
72 }
73 if ( isset($_GET['filter_aro']) AND $_GET['filter_aro'] != '') {
74 $query .= '
75 LEFT JOIN '. $gacl_api->_db_table_prefix .'aro r ON (r.section_value=ar.section_value AND r.value=ar.value)';
76
77 $name = $db->qstr(strtolower($_GET['filter_aro']));
78 $filter_query[] = '(lower(r.value) LIKE '. $name .' OR lower(r.name) LIKE '. $name .')';
79 }
80 if ( isset($_GET['filter_aro_group']) AND $_GET['filter_aro_group'] != '') {
81 $query .= '
82 LEFT JOIN '. $gacl_api->_db_table_prefix .'aro_groups_map arg ON arg.acl_id=a.id
83 LEFT JOIN '. $gacl_api->_db_table_prefix .'aro_groups rg ON rg.id=arg.group_id';
84
85 $filter_query[] = '(lower(rg.name) LIKE '. $db->qstr(strtolower($_GET['filter_aro_group'])) .')';
86 }
87
88 if ( isset($_GET['filter_axo_section']) AND $_GET['filter_axo_section'] != '-1') {
89 $filter_query[] = 'ax.section_value='. $db->qstr(strtolower($_GET['filter_axo_section']));
90 }
91 if ( isset($_GET['filter_axo']) AND $_GET['filter_axo'] != '') {
92 $query .= '
93 LEFT JOIN '. $gacl_api->_db_table_prefix .'axo x ON (x.section_value=ax.section_value AND x.value=ax.value)';
94
95 $name = $db->qstr(strtolower($_GET['filter_axo']));
96 $filter_query[] = '(lower(x.value) LIKE '. $name .' OR lower(x.name) LIKE '. $name .')';
97 }
98 if ( isset($_GET['filter_axo_group']) AND $_GET['filter_axo_group'] != '') {
99 $query .= '
100 LEFT JOIN '. $gacl_api->_db_table_prefix .'axo_groups_map axg ON axg.acl_id=a.id
101 LEFT JOIN '. $gacl_api->_db_table_prefix .'axo_groups xg ON xg.id=axg.group_id';
102
103 $filter_query[] = '(lower(xg.name) LIKE '. $db->qstr(strtolower($_GET['filter_axo_group'])) .')';
104 }
105
106 if ( isset($_GET['filter_acl_section']) AND $_GET['filter_acl_section'] != '-1') {
107 $filter_query[] = 'a.section_value='. $db->qstr(strtolower($_GET['filter_acl_section']));
108 }
109 if ( isset($_GET['filter_return_value']) AND $_GET['filter_return_value'] != '') {
110 $filter_query[] = '(lower(a.return_value) LIKE '. $db->qstr(strtolower($_GET['filter_return_value'])) .')';
111 }
112 if ( isset($_GET['filter_allow']) AND $_GET['filter_allow'] != '-1') {
113 $filter_query[] = '(a.allow LIKE '. $db->qstr($_GET['filter_allow']) .')';
114 }
115 if ( isset($_GET['filter_enabled']) AND $_GET['filter_enabled'] != '-1') {
116 $filter_query[] = '(a.enabled LIKE '. $db->qstr($_GET['filter_enabled']) .')';
117 }
118
119 if (isset($filter_query) AND is_array($filter_query)) {
120 $query .= '
121 WHERE '. implode(' AND ', $filter_query);
122 }
123 } else {
124 $query = '
125 SELECT a.id FROM ' . $gacl_api->_db_table_prefix . 'acl a';
126 }
127
128 $query .= '
129 ORDER BY a.id ASC';
130
131 $acl_ids = array();
132
133 $rs = $db->PageExecute($query, $gacl_api->_items_per_page, ($_GET['page'] ?? null));
134 if ( is_object($rs) ) {
135 $smarty->assign('paging_data', $gacl_api->get_paging_data($rs));
136
137 while ( $row = $rs->FetchRow() ) {
138 $acl_ids[] = $row[0];
139 }
140
141 $rs->Close();
142 }
143
144 if ( !empty($acl_ids) ) {
145 $acl_ids_sql = implode(',', $acl_ids);
146 } else {
147 //This shouldn't match any ACLs, returning 0 rows.
148 $acl_ids_sql = -1;
149 }
150
151 $acls = array();
152
153 //If the user is searching, and there are no results, don't run the query at all
154 if ( !($getAction == 'Filter' AND $acl_ids_sql == -1) ) {
155
156 // grab acl details
157 $query = '
158 SELECT a.id,x.name,a.allow,a.enabled,a.return_value,a.note,a.updated_date
159 FROM '. $gacl_api->_db_table_prefix .'acl a
160 INNER JOIN '. $gacl_api->_db_table_prefix .'acl_sections x ON x.value=a.section_value
161 WHERE a.id IN ('. $acl_ids_sql . ')';
162 $rs = $db->Execute($query);
163
164 if ( is_object($rs) ) {
165 while ( $row = $rs->FetchRow() ) {
166 $acls[$row[0]] = array(
167 'id' => $row[0],
168 // 'section_id' => $section_id,
169 'section_name' => $row[1],
170 'allow' => (bool)$row[2],
171 'enabled' => (bool)$row[3],
172 'return_value' => $row[4],
173 'note' => $row[5],
174 'updated_date' => $row[6],
175
176 'aco' => array(),
177 'aro' => array(),
178 'aro_groups' => array(),
179 'axo' => array(),
180 'axo_groups' => array()
181 );
182 }
183 }
184
185 // grab ACO, ARO and AXOs
186 foreach ( array('aco', 'aro', 'axo') as $type ) {
187 $query = '
188 SELECT a.acl_id,o.name,s.name
189 FROM '. $gacl_api->_db_table_prefix . $type .'_map a
190 INNER JOIN '. $gacl_api->_db_table_prefix . $type .' o ON (o.section_value=a.section_value AND o.value=a.value)
191 INNER JOIN '. $gacl_api->_db_table_prefix . $type . '_sections s ON s.value=a.section_value
192 WHERE a.acl_id IN ('. $acl_ids_sql . ')';
193 $rs = $db->Execute($query);
194
195 if ( is_object($rs) ) {
196 while ( $row = $rs->FetchRow() ) {
197 list($acl_id, $name, $section_name) = $row;
198
199 if ( isset($acls[$acl_id]) ) {
200 $acls[$acl_id][$type][$section_name][] = $name;
201 }
202 }
203 }
204 }
205
206 // grab ARO and AXO groups
207 foreach ( array('aro', 'axo') as $type )
208 {
209 $query = '
210 SELECT a.acl_id,g.name
211 FROM '. $gacl_api->_db_table_prefix . $type .'_groups_map a
212 INNER JOIN '. $gacl_api->_db_table_prefix . $type .'_groups g ON g.id=a.group_id
213 WHERE a.acl_id IN ('. $acl_ids_sql . ')';
214 $rs = $db->Execute($query);
215
216 if ( is_object($rs) ) {
217 while ( $row = $rs->FetchRow () ) {
218 list($acl_id, $name) = $row;
219
220 if ( isset($acls[$acl_id]) ) {
221 $acls[$acl_id][$type .'_groups'][] = $name;
222 }
223 }
224 }
225 }
226 }
227
228 $smarty->assign('acls', $acls);
229
230 $smarty->assign('filter_aco', ($_GET['filter_aco'] ?? null));
231 $smarty->assign('filter_aco_escaped', attr($_GET['filter_aco'] ?? null));
232
233 $smarty->assign('filter_aro', ($_GET['filter_aro'] ?? null));
234 $smarty->assign('filter_aro_escaped', attr($_GET['filter_aro'] ?? null));
235
236 $smarty->assign('filter_aro_group', ($_GET['filter_aro_group'] ?? null));
237 $smarty->assign('filter_aro_group_escaped', attr($_GET['filter_aro_group'] ?? null));
238
239 $smarty->assign('filter_axo', ($_GET['filter_axo'] ?? null));
240 $smarty->assign('filter_axo_escaped', attr($_GET['filter_axo'] ?? null));
241
242 $smarty->assign('filter_axo_group', ($_GET['filter_axo_group'] ?? null));
243 $smarty->assign('filter_axo_group_escaped', attr($_GET['filter_axo_group'] ?? null));
244
245 $smarty->assign('filter_return_value', ($_GET['filter_return_value'] ?? null));
246 $smarty->assign('filter_return_value_escaped', attr($_GET['filter_return_value'] ?? null));
247
248 foreach(array('aco','aro','axo','acl') as $type) {
249 //
250 //Grab all sections for select box
251 //
252 $options = array (
253 -1 => 'Any'
254 );
255
256 $query = '
257 SELECT value,name
258 FROM '. $gacl_api->_db_table_prefix .$type .'_sections
259 WHERE hidden=0
260 ORDER BY order_value,name';
261 $rs = $db->Execute($query);
262
263 if ( is_object($rs) ) {
264 while ($row = $rs->FetchRow()) {
265 $options[attr($row[0])] = attr($row[1]);
266 }
267 }
268
269 $smarty->assign('options_filter_'. $type . '_sections', $options);
270
271 if (!isset($_GET['filter_' . $type . '_section']) OR $_GET['filter_' . $type . '_section'] == '') {
272 $_GET['filter_' . $type . '_section'] = '-1';
273 }
274
275 $smarty->assign('filter_' . $type . '_section', $_GET['filter_' . $type .'_section']);
276 $smarty->assign('filter_' . $type . '_section_escaped', attr($_GET['filter_' . $type .'_section']));
277 }
278
279 $smarty->assign('options_filter_allow', array('-1' => 'Any', 1 => 'Allow', 0 => 'Deny'));
280 $smarty->assign('options_filter_enabled', array('-1' => 'Any', 1 => 'Yes', 0 => 'No'));
281
282 if (!isset($_GET['filter_allow']) OR $_GET['filter_allow'] == '') {
283 $_GET['filter_allow'] = '-1';
284 }
285 if (!isset($_GET['filter_enabled']) OR $_GET['filter_enabled'] == '') {
286 $_GET['filter_enabled'] = '-1';
287 }
288
289 $smarty->assign('filter_allow', $_GET['filter_allow']);
290 $smarty->assign('filter_allow_escaped', attr($_GET['filter_allow']));
291
292 $smarty->assign('filter_enabled', $_GET['filter_enabled']);
293 $smarty->assign('filter_enabled_escaped', attr($_GET['filter_enabled']));
294 }
295
296 $smarty->assign('action', $getAction);
297 $smarty->assign('action_escaped', attr($getAction));
298
299 $smarty->assign('return_page', $_SERVER['PHP_SELF']);
300
301 $smarty->assign('current','acl_list');
302 $smarty->assign('page_title', 'ACL List');
303
304 $smarty->assign('phpgacl_version', $gacl_api->get_version());
305 $smarty->assign('phpgacl_schema_version', $gacl_api->get_schema_version());
306
307 $smarty->assign("CSRF_TOKEN_FORM", CsrfUtils::collectCsrfToken());
308
309 $smarty->display('phpgacl/acl_list.tpl');
310 ?>
Mirror of official OpenEMR Sourceforge repository