4 * Patient disclosures main screen.
7 * @link http://www.open-emr.org
8 * @author Visolve <vicareplus_engg@visolve.com>
9 * @author Brady Miller <brady.g.miller@gmail.com>
10 * @copyright Copyright (c) Visolve <vicareplus_engg@visolve.com>
11 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
12 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
15 require_once("../../globals.php");
16 require_once("$srcdir/options.inc.php");
18 use OpenEMR\Common\Acl\AclMain
;
19 use OpenEMR\Common\Csrf\CsrfUtils
;
20 use OpenEMR\Common\Logging\EventAuditLogger
;
21 use OpenEMR\Common\Twig\TwigContainer
;
22 use OpenEMR\Core\Header
;
25 if (!AclMain
::aclCheckCore('patients', 'disclosure')) {
26 echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Disclosures")]);
29 $authWrite = AclMain
::aclCheckCore('patients', 'disclosure', '', 'write');
30 $authAddonly = AclMain
::aclCheckCore('patients', 'disclosure', '', 'addonly');
32 //retrieve the user name
33 $res = sqlQuery("select username from users where username=?", array($_SESSION["authUser"]));
34 $uname = $res["username"];
35 //if the mode variable is set to disclosure, retrieve the values from 'disclosure_form ' in record_disclosure.php to store it in database.
36 if (isset($_POST["mode"]) and $_POST["mode"] == "disclosure") {
37 if (!CsrfUtils
::verifyCsrfToken($_POST["csrf_token_form"])) {
38 CsrfUtils
::csrfNotVerified();
41 $dates = trim($_POST['dates']);
42 $event = trim($_POST['form_disclosure_type']);
43 $recipient_name = trim($_POST['recipient_name']);
44 $disclosure_desc = trim($_POST['desc_disc']);
45 $disclosure_id = trim($_POST['disclosure_id'] ??
'');
46 if (isset($_POST["updatemode"]) and $_POST["updatemode"] == "disclosure_update") {
48 echo xlt('Not Authorized');
51 //update the recorded disclosure in the extended_log table.
52 EventAuditLogger
::instance()->updateRecordedDisclosure($dates, $event, $recipient_name, $disclosure_desc, $disclosure_id);
54 if (!$authWrite && !$authAddonly) {
55 echo xlt('Not Authorized');
58 //insert the disclosure records in the extended_log table.
59 EventAuditLogger
::instance()->recordDisclosure($dates, $event, $pid, $recipient_name, $disclosure_desc, $uname);
61 // added ajax submit to record_disclosure thus an exit() 12/19/17
65 if (isset($_GET['deletelid'])) {
66 if (!CsrfUtils
::verifyCsrfToken($_GET["csrf_token_form"])) {
67 CsrfUtils
::csrfNotVerified();
71 echo xlt('Not Authorized');
75 $deletelid = $_GET['deletelid'];
76 //function to delete the recorded disclosures
77 EventAuditLogger
::instance()->deleteDisclosure($deletelid);
83 <?php Header
::setupHeader(['common']); ?
>
88 <div
class="container mt-3">
92 <?php
echo xlt('Disclosures'); ?
>
93 <?php
echo xlt('for'); ?
> 
;
94 <a href
="../summary/demographics.php" onclick
="top.restoreSession()">
95 <?php
$pname = getPatientName($pid);
101 <?php
if ($authWrite ||
$authAddonly) { ?
>
102 <a href
="record_disclosure.php" class="btn btn-primary iframe" onclick
="top.restoreSession()"><?php
echo xlt('Record'); ?
></a
>
104 <a href
="demographics.php" class="btn btn-primary" onclick
="top.restoreSession()"> <?php
echo xlt('View Patient') ?
></a
>
106 <div
class="col-12 jumbotron mt-3 p-4">
109 $offset = $_REQUEST['offset'] ??
0;
111 $disclQry = " SELECT el.id, el.event, el.recipient, el.description, el.date, CONCAT(u.fname, ' ', u.lname) as user_fullname FROM extended_log el" .
112 " LEFT JOIN users u ON u.username = el.user " .
113 " WHERE el.patient_id = ? AND el.event IN (SELECT option_id FROM list_options WHERE list_id='disclosure_type' AND activity = 1)" .
114 " ORDER BY el.date DESC ";
115 $r2 = sqlStatement($disclQry, array($pid));
116 $totalRecords = sqlNumRows($r2);
118 $disclInnerQry = " SELECT el.id, el.event, el.recipient, el.description, el.date, CONCAT(u.fname, ' ', u.lname) as user_fullname FROM extended_log el" .
119 " LEFT JOIN users u ON u.username = el.user" .
120 " WHERE patient_id = ? AND event IN (SELECT option_id FROM list_options WHERE list_id = 'disclosure_type' AND activity = 1)" .
121 " ORDER BY date DESC LIMIT " . escape_limit($offset) . " , " . escape_limit($N);
123 $r1 = sqlStatement($disclInnerQry, array($pid));
124 $n = sqlNumRows($r1);
125 $noOfRecordsLeft = ($totalRecords - $offset);
127 <div
class="table-responsive">
128 <table
class="table table-borderless">
130 <td colspan
='5'><a href
="disclosure_full.php" id
='Submit' onclick
="top.restoreSession()"><span
><?php
echo xlt('Refresh'); ?
></span
></a
></td
>
134 <table
class="table table-borderless">
135 <tr
class="showborder_head">
136 <th style
='width: 120px';> 
;</th
>
137 <th width
="140px"><?php
echo xlt('Recipient Name'); ?
></th
>
138 <th width
="140px"><?php
echo xlt('Disclosure Type'); ?
></th
>
139 <th
><?php
echo xlt('Description'); ?
></th
>
140 <th
><?php
echo xlt('Provider'); ?
></th
>
144 for ($iter = 0; $frow = sqlFetchArray($r1); $iter++
) {
145 $result2[$iter] = $frow;
148 foreach ($result2 as $iter) { ?
>
149 <!-- List the recipient name
, description
, date
and edit
and delete options
-->
150 <tr
class="noterow" height
='25'>
151 <!--buttons
for edit
and delete
.-->
152 <td
class="align-top text-nowrap">
153 <?php
if ($authWrite) { ?
>
154 <a href
='record_disclosure.php?editlid=<?php echo attr_url($iter['id
']); ?>' class='btn btn-primary btn-sm btn-edit iframe' onclick
='top.restoreSession()'><?php
echo xlt('Edit');?
></a
>
155 <a href
='#' class='deletenote btn btn-danger btn-delete btn-sm' id
='<?php echo attr($iter['id
']); ?>' onclick
='top.restoreSession()'><?php
echo xlt('Delete');?
></a
>
158 <td
class="align-top" valign
='top'><?php
echo text($iter['recipient']);?
> 
;</td
>
159 <td
class='align-top' valign
='top'><?php
echo text(getListItemTitle('disclosure_type', $iter['event'])); ?
> 
;</td
>
160 <td
><?php
echo text($iter['date']) . " " . nl2br(text($iter['description']));?
> 
;</td
>
161 <td
><?php
echo text($iter['user_fullname']);?
></td
>
167 <!-- Display None
, if there is no disclosure
-->
168 <span colspan
='3'><?php
echo xlt('None{{Disclosure}}');?
></span
>
173 <table
class="table table-borderless">
177 if ($offset > ($N - 1) && $n != 0) {
178 echo " <a class='link' href='disclosure_full.php?active=" . attr_url($active) .
179 "&offset=" . attr_url($offset - $N) . "' onclick='top.restoreSession()'>[" .
180 xlt('Previous') . "]</a>\n";
186 if ($n >= $N && $noOfRecordsLeft != $N) {
187 echo " <a class='link' href='disclosure_full.php?active=" . attr_url($active) .
188 "&offset=" . attr_url($offset +
$N) . "&leftrecords=" . attr_url($noOfRecordsLeft) . "' onclick='top.restoreSession()'>[" .
189 xlt('Next') . "]</a>\n";
203 // todo, move this to a common library
205 $
(".noterow").mouseover(function () {
206 $
(this
).toggleClass("highlight");
208 $
(".noterow").mouseout(function () {
209 $
(this
).toggleClass("highlight");
212 //for deleting the disclosures
213 $
(".deletenote").click(function () {
217 var DeleteNote
= function (logevent
) {
218 if (confirm(<?php
echo xlj('Are you sure you want to delete this disclosure?'); ?
> +
"\n " +
<?php
echo xlj('This action CANNOT be undone.'); ?
>)) {
219 top
.restoreSession();
220 window
.location
.replace("disclosure_full.php?deletelid=" +
encodeURIComponent(logevent
.id
) +
"&csrf_token_form=" +
<?php
echo js_url(CsrfUtils
::collectCsrfToken()); ?
>);
224 $
(".iframe").on('click', function(e
) {
225 e
.preventDefault();e
.stopPropagation();
226 dlgopen('', '', 500, 310, '', '', {
231 url
: $
(this
).attr('href')
236 // for record disclosure dlgclose callback
237 function refreshme() {
238 top
.restoreSession();
239 document
.location
.reload();