2 //First make sure user has access
3 require_once("../../interface/globals.php");
5 use OpenEMR\Common\Acl\AclMain
;
6 use OpenEMR\Common\Csrf\CsrfUtils
;
7 use OpenEMR\Common\Twig\TwigContainer
;
10 if (!CsrfUtils
::verifyCsrfToken($_POST["csrf_token_form"])) {
11 CsrfUtils
::csrfNotVerified();
15 //ensure user has proper access
16 if (!AclMain
::aclCheckCore('admin', 'acl')) {
17 echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("ACL Administration")]);
21 require_once('gacl_admin.inc.php');
23 // GET takes precedence.
24 if (empty($_GET['group_type'])) {
25 $group_type = $_POST['group_type'];
27 $group_type = $_GET['group_type'];
30 if (empty($_GET['return_page'])) {
31 $return_page = $_POST['return_page'];
33 $return_page = $_GET['return_page'];
36 switch(strtolower(trim($group_type))) {
39 $group_table = $gacl_api->_db_table_prefix
. 'axo_groups';
43 $group_table = $gacl_api->_db_table_prefix
. 'aro_groups';
47 $postAction = $_POST['action'] ??
null;
48 switch ($postAction) {
50 $gacl_api->debug_text('Delete');
52 if (count($_POST['delete_group']) > 0) {
53 //Always reparent children when deleting a group.
54 foreach ($_POST['delete_group'] as $group_id) {
55 $gacl_api->debug_text('Deleting group_id: '. $group_id);
57 $result = $gacl_api->del_group($group_id, TRUE, $group_type);
58 if ($result == FALSE) {
63 if (count($retry) > 0) {
64 foreach($retry as $group_id) {
65 $gacl_api->del_group($group_id, TRUE, $group_type);
72 $gacl_api->return_page($return_page);
75 $gacl_api->debug_text('Submit');
77 if (empty($_POST['parent_id'])) {
80 $parent_id = $_POST['parent_id'];
83 //Make sure we're not reparenting to ourself.
84 if (!empty($_POST['group_id']) AND $parent_id == $_POST['group_id']) {
85 echo "Sorry, can't reparent to self!<br />\n";
89 //No parent, assume a "root" group, generate a new parent id.
90 if (empty($_POST['group_id'])) {
91 $gacl_api->debug_text('Insert');
93 $insert_id = $gacl_api->add_group($_POST['value'], $_POST['name'], $parent_id, $group_type);
95 $gacl_api->debug_text('Update');
97 $gacl_api->edit_group($_POST['group_id'], $_POST['value'], $_POST['name'], $parent_id, $group_type);
100 $gacl_api->return_page($return_page);
103 //Grab specific group data
104 if (!empty($_GET['group_id'])) {
106 SELECT id,parent_id,value,name
107 FROM '. $group_table .'
108 WHERE id='. (int)$_GET['group_id'];
110 list($id, $parent_id, $value, $name) = $db->GetRow($query);
113 $parent_id = $_GET['parent_id'] ??
null;
118 $smarty->assign('id', ($id ??
null));
119 $smarty->assign('parent_id', $parent_id);
120 $smarty->assign('value', $value);
121 $smarty->assign('name', $name);
123 $smarty->assign('options_groups', $gacl_api->format_groups($gacl_api->sort_groups($group_type)));
127 $smarty->assign('group_type', $group_type);
128 $smarty->assign('return_page', $return_page);
130 $smarty->assign('current','edit_'. $group_type .'_group');
131 $smarty->assign('page_title', 'Edit '. strtoupper($group_type) .' Group');
133 $smarty->assign('phpgacl_version', $gacl_api->get_version());
134 $smarty->assign('phpgacl_schema_version', $gacl_api->get_schema_version());
136 $smarty->assign("CSRF_TOKEN_FORM", CsrfUtils
::collectCsrfToken());
138 $smarty->display('phpgacl/edit_group.tpl');