gacl/admin/edit_group.php

   1 <?php
   2 //First make sure user has access
   3 require_once("../../interface/globals.php");
   4
   5 use OpenEMR\Common\Acl\AclMain;
   6 use OpenEMR\Common\Csrf\CsrfUtils;
   7 use OpenEMR\Common\Twig\TwigContainer;
   8
   9 if (!empty($_POST)) {
  10     if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
  11         CsrfUtils::csrfNotVerified();
  12     }
  13 }
  14
  15 //ensure user has proper access
  16 if (!AclMain::aclCheckCore('admin', 'acl')) {
  17     echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("ACL Administration")]);
  18     exit;
  19 }
  20
  21 require_once('gacl_admin.inc.php');
  22
  23 // GET takes precedence.
  24 if (empty($_GET['group_type'])) {
  25         $group_type = $_POST['group_type'];
  26 } else {
  27         $group_type = $_GET['group_type'];
  28 }
  29
  30 if (empty($_GET['return_page'])) {
  31         $return_page = $_POST['return_page'];
  32 } else {
  33         $return_page = $_GET['return_page'];
  34 }
  35
  36 switch(strtolower(trim($group_type))) {
  37         case 'axo':
  38                 $group_type = 'axo';
  39                 $group_table = $gacl_api->_db_table_prefix . 'axo_groups';
  40                 break;
  41         default:
  42                 $group_type = 'aro';
  43                 $group_table = $gacl_api->_db_table_prefix . 'aro_groups';
  44                 break;
  45 }
  46
  47 $postAction = $_POST['action'] ?? null;
  48 switch ($postAction) {
  49         case 'Delete':
  50                 $gacl_api->debug_text('Delete');
  51
  52                 if (count($_POST['delete_group']) > 0) {
  53                         //Always reparent children when deleting a group.
  54                         foreach ($_POST['delete_group'] as $group_id) {
  55                                 $gacl_api->debug_text('Deleting group_id: '. $group_id);
  56
  57                                 $result = $gacl_api->del_group($group_id, TRUE, $group_type);
  58                                 if ($result == FALSE) {
  59                                         $retry[] = $group_id;
  60                                 }
  61                         }
  62
  63                         if (count($retry) > 0) {
  64                                 foreach($retry as $group_id) {
  65                                         $gacl_api->del_group($group_id, TRUE, $group_type);
  66                                 }
  67                         }
  68
  69                 }
  70
  71                 //Return page.
  72                 $gacl_api->return_page($return_page);
  73                 break;
  74         case 'Submit':
  75                 $gacl_api->debug_text('Submit');
  76
  77                 if (empty($_POST['parent_id'])) {
  78                         $parent_id = 0;
  79                 } else {
  80                         $parent_id = $_POST['parent_id'];
  81                 }
  82
  83                 //Make sure we're not reparenting to ourself.
  84                 if (!empty($_POST['group_id']) AND $parent_id == $_POST['group_id']) {
  85                         echo "Sorry, can't reparent to self!<br />\n";
  86                         exit;
  87                 }
  88
  89                 //No parent, assume a "root" group, generate a new parent id.
  90                 if (empty($_POST['group_id'])) {
  91                         $gacl_api->debug_text('Insert');
  92
  93                         $insert_id = $gacl_api->add_group($_POST['value'], $_POST['name'], $parent_id, $group_type);
  94                 } else {
  95                         $gacl_api->debug_text('Update');
  96
  97                         $gacl_api->edit_group($_POST['group_id'], $_POST['value'], $_POST['name'], $parent_id, $group_type);
  98                 }
  99
 100                 $gacl_api->return_page($return_page);
 101                 break;
 102         default:
 103                 //Grab specific group data
 104                 if (!empty($_GET['group_id'])) {
 105                         $query = '
 106                                 SELECT  id,parent_id,value,name
 107                                 FROM    '. $group_table .'
 108                                 WHERE   id='. (int)$_GET['group_id'];
 109
 110                         list($id, $parent_id, $value, $name) = $db->GetRow($query);
 111                         //showarray($row);
 112                 } else {
 113                         $parent_id = $_GET['parent_id'] ?? null;
 114                         $value = '';
 115                         $name = '';
 116                 }
 117
 118                 $smarty->assign('id', ($id ?? null));
 119                 $smarty->assign('parent_id', $parent_id);
 120                 $smarty->assign('value', $value);
 121                 $smarty->assign('name', $name);
 122
 123                 $smarty->assign('options_groups', $gacl_api->format_groups($gacl_api->sort_groups($group_type)));
 124                 break;
 125 }
 126
 127 $smarty->assign('group_type', $group_type);
 128 $smarty->assign('return_page', $return_page);
 129
 130 $smarty->assign('current','edit_'. $group_type .'_group');
 131 $smarty->assign('page_title', 'Edit '. strtoupper($group_type) .' Group');
 132
 133 $smarty->assign('phpgacl_version', $gacl_api->get_version());
 134 $smarty->assign('phpgacl_schema_version', $gacl_api->get_schema_version());
 135
 136 $smarty->assign("CSRF_TOKEN_FORM", CsrfUtils::collectCsrfToken());
 137
 138 $smarty->display('phpgacl/edit_group.tpl');
 139 ?>