gacl/admin/assign_group.php

   1 <?php
   2 //First make sure user has access
   3 require_once("../../interface/globals.php");
   4
   5 use OpenEMR\Common\Acl\AclMain;
   6 use OpenEMR\Common\Csrf\CsrfUtils;
   7 use OpenEMR\Common\Twig\TwigContainer;
   8
   9 if (!empty($_POST)) {
  10     if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
  11         CsrfUtils::csrfNotVerified();
  12     }
  13 }
  14
  15 //ensure user has proper access
  16 if (!AclMain::aclCheckCore('admin', 'acl')) {
  17     echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("ACL Administration")]);
  18     exit;
  19 }
  20
  21 require_once('gacl_admin.inc.php');
  22
  23 //GET takes precedence.
  24 if ($_GET['group_type'] != '') {
  25         $group_type = $_GET['group_type'];
  26 } else {
  27         $group_type = $_POST['group_type'];
  28 }
  29
  30 switch(strtolower(trim($group_type))) {
  31         case 'axo':
  32                 $group_type = 'axo';
  33                 $table = $gacl_api->_db_table_prefix . 'axo';
  34                 $group_table = $gacl_api->_db_table_prefix . 'axo_groups';
  35                 $group_sections_table = $gacl_api->_db_table_prefix . 'axo_sections';
  36                 $group_map_table = $gacl_api->_db_table_prefix . 'groups_axo_map';
  37                 $object_type = 'Access eXtension Object';
  38                 break;
  39         default:
  40                 $group_type = 'aro';
  41                 $table = $gacl_api->_db_table_prefix . 'aro';
  42                 $group_table = $gacl_api->_db_table_prefix . 'aro_groups';
  43                 $group_sections_table = $gacl_api->_db_table_prefix . 'aro_sections';
  44                 $group_map_table = $gacl_api->_db_table_prefix . 'groups_aro_map';
  45                 $object_type = 'Access Request Object';
  46                 break;
  47 }
  48
  49 $postAction = $_POST['action'] ?? null;
  50 switch ($postAction) {
  51         case 'Remove':
  52                 $gacl_api->debug_text('Delete!!');
  53
  54                 //Parse the form values
  55                 //foreach ($_POST['delete_assigned_aro'] as $aro_value) {
  56         foreach ($_POST['delete_assigned_object'] as $object_value) {
  57                         $split_object_value = explode('^', $object_value);
  58                         $selected_object_array[$split_object_value[0]][] = $split_object_value[1];
  59                 }
  60
  61                 //Insert Object -> GROUP mappings
  62         foreach ($selected_object_array as $object_section_value => $object_array) {
  63                         $gacl_api->debug_text('Assign: Object ID: '. $object_section_value .' to Group: '. $_POST['group_id']);
  64
  65                         foreach ($object_array as $object_value) {
  66                                 $gacl_api->del_group_object($_POST['group_id'], $object_section_value, $object_value, $group_type);
  67                         }
  68                 }
  69
  70                 //Return page.
  71                 $gacl_api->return_page($_SERVER['PHP_SELF'] .'?group_type='. urlencode($_POST['group_type']) .'&group_id='. urlencode($_POST['group_id']));
  72
  73                 break;
  74         case 'Submit':
  75                 $gacl_api->debug_text('Submit!!');
  76
  77                 //showarray($_POST['selected_'.$_POST['group_type']]);
  78                 //Parse the form values
  79                 //foreach ($_POST['selected_aro'] as $aro_value) {
  80         foreach ($_POST['selected_'.$_POST['group_type']] as $object_value) {
  81                         $split_object_value = explode('^', $object_value);
  82                         $selected_object_array[$split_object_value[0]][] = $split_object_value[1];
  83                 }
  84
  85                 //Insert ARO -> GROUP mappings
  86         foreach ($selected_object_array as $object_section_value => $object_array) {
  87                         $gacl_api->debug_text('Assign: Object ID: '. $object_section_value .' to Group: '. $_POST['group_id']);
  88
  89                         foreach ($object_array as $object_value) {
  90                                 $gacl_api->add_group_object($_POST['group_id'], $object_section_value, $object_value, $group_type);
  91                         }
  92                 }
  93
  94                 $gacl_api->return_page($_SERVER['PHP_SELF'] .'?group_type='. urlencode($_POST['group_type']) .'&group_id='. urlencode($_POST['group_id']));
  95
  96                 break;
  97         default:
  98         //
  99         //Grab all sections for select box
 100         //
 101         $query = 'SELECT value,name FROM '. $group_sections_table .' ORDER BY order_value,name';
 102         $rs = $db->Execute($query);
 103
 104         $options_sections = array();
 105
 106         if (is_object($rs)) {
 107                 while ($row = $rs->FetchRow()) {
 108                         $options_sections[$row[0]] = $row[1];
 109                 }
 110         }
 111
 112         //showarray($options_sections);
 113         $smarty->assign('options_sections', $options_sections);
 114         $smarty->assign('section_value', reset($options_sections));
 115
 116         //
 117         //Grab all objects for select box
 118         //
 119         $query = 'SELECT section_value,value,name FROM '. $table .' ORDER BY section_value,order_value,name';
 120         $rs = $db->SelectLimit($query, $gacl_api->_max_select_box_items);
 121
 122         $js_array_name = 'options[\''. $group_type .'\']';
 123         //Init the main aro js array.
 124         $js_array = 'var options = new Array();' . "\n";
 125         $js_array .= $js_array_name .' = new Array();' . "\n";
 126
 127         unset($tmp_section_value);
 128
 129         if (is_object($rs)) {
 130                 while ($row = $rs->FetchRow()) {
 131                         //list($section_value, $value, $name) = $row;
 132
 133                         $section_value = addslashes($row[0]);
 134                         $value = addslashes($row[1]);
 135                         $name = addslashes($row[2]);
 136
 137                         //Prepare javascript code for dynamic select box.
 138                         //Init the javascript sub-array.
 139                         if (!isset($tmp_section_value) OR $section_value != $tmp_section_value) {
 140                                 $i = 0;
 141                                 $js_array .= $js_array_name .'[\''. $section_value .'\'] = new Array();' . "\n";
 142                         }
 143
 144                         //Add each select option for the section
 145                         $js_array .= $js_array_name .'[\''. $section_value .'\']['. $i .'] = new Array(\''. $value .'\', \''. $name ."');\n";
 146
 147                         $tmp_section_value = $section_value;
 148                         $i++;
 149                 }
 150         }
 151
 152         $smarty->assign('js_array', $js_array);
 153         $smarty->assign('js_array_name', $group_type);
 154
 155         //Grab list of assigned Objects
 156         $query = '
 157                 SELECT  b.section_value,b.value,b.name AS b_name,c.name AS c_name
 158                 FROM    '. $group_map_table .' a
 159                 INNER JOIN      '. $table .' b ON b.id=a.'. $group_type .'_id
 160                 INNER JOIN      '. $group_sections_table .' c ON c.value=b.section_value
 161                 WHERE   a.group_id='. $db->qstr($_GET['group_id']) .'
 162                 ORDER BY c.name, b.name';
 163         //$rs = $db->Execute($query);
 164         $rs = $db->PageExecute($query, $gacl_api->_items_per_page, ($_GET['page'] ?? null));
 165
 166         $object_rows = array();
 167
 168         if (is_object($rs)) {
 169                 while ($row = $rs->FetchRow()) {
 170                         list($section_value, $value, $name, $section) = $row;
 171
 172                         $object_rows[] = array(
 173                                 'section_value' => $row[0],
 174                                 'value' => $row[1],
 175                                 'name' => $row[2],
 176                                 'section' => $row[3]
 177                         );
 178                 }
 179
 180                 $smarty->assign('total_objects', $rs->_maxRecordCount);
 181
 182                 $smarty->assign('paging_data', $gacl_api->get_paging_data($rs));
 183         }
 184         //showarray($aros);
 185
 186         $smarty->assign('rows', $object_rows);
 187
 188         //Get group name.
 189         $group_data = $gacl_api->get_group_data($_GET['group_id'], $group_type);
 190         $smarty->assign('group_name', $group_data[2]);
 191
 192         $smarty->assign('group_id', $_GET['group_id']);
 193     $smarty->assign('group_id_escaped', attr($_GET['group_id']));
 194
 195         break;
 196 }
 197
 198 $smarty->assign('group_type', $group_type);
 199 $smarty->assign('group_type_escaped', attr($group_type));
 200 $smarty->assign('object_type', $object_type);
 201 $smarty->assign('return_page', $_SERVER['REQUEST_URI'] );
 202
 203 $smarty->assign('current','assign_group_'. $group_type);
 204 $smarty->assign('page_title', 'Assign Group - '. strtoupper($group_type));
 205
 206 $smarty->assign('phpgacl_version', $gacl_api->get_version() );
 207 $smarty->assign('phpgacl_schema_version', $gacl_api->get_schema_version() );
 208
 209 $smarty->assign("CSRF_TOKEN_FORM", CsrfUtils::collectCsrfToken());
 210
 211 $smarty->display('phpgacl/assign_group.tpl');
 212 ?>