migrated dragdrop upload.php to library/ajax
[openemr.git] / acl_setup.php
blobfecaebe2bdefe93c753bdb7fd9dae7dd58e4e88b
1 <?php
2 // Copyright (C) 2005-2017 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8 //
9 // This program is run by the OpenEMR setup.php script to install phpGACL
10 // and creates the Access Control Objects and their sections.
11 // See openemr/library/acl.inc file for the list of
12 // currently supported Access Control Objects(ACO), which this
13 // script will install. This script also creates several
14 // ARO groups, an "admin" ARO, and some reasonable ACL entries for
15 // the groups.
16 // ARO groups include:
17 // Administrators
18 // Physicians (Doctors)
19 // Clinicians (Nurses, Physician Assistants, etc.)
20 // Front Office (Receptionist)
21 // Accounting
23 // Upgrade Howto
24 // When upgrading to a new version of OpenEMR, run the acl_upgrade.php
25 // script to update the phpGACL access controls. This is required to
26 // ensure the database includes all the required Access Control
27 // Objects(ACO).
30 // On 06/2009, added pertinent comments below each entry to allow capture
31 // of these terms by the translation engine.
33 require_once(dirname(__FILE__).'/library/acl.inc');
35 if (! $phpgacl_location) die("You must first set up library/acl.inc to use phpGACL!");
37 require_once("$phpgacl_location/gacl_api.class.php");
39 $gacl = new gacl_api();
41 // Create the ACO sections. Every ACO must have a section.
43 if ($gacl->add_object_section('Accounting', 'acct', 10, 0, 'ACO') === FALSE) {
44 echo "Unable to create the access controls for OpenEMR. You have likely already run this script (acl_setup.php) successfully.<br>Other possible problems include php-GACL configuration file errors (gacl.ini.php or gacl.class.php).<br>";
45 return;
47 // xl('Accounting')
48 $gacl->add_object_section('Administration', 'admin' , 10, 0, 'ACO');
49 // xl('Administration')
50 $gacl->add_object_section('Encounters' , 'encounters' , 10, 0, 'ACO');
51 // xl('Encounters')
52 $gacl->add_object_section('Lists' , 'lists' , 10, 0, 'ACO');
53 // xl('Lists')
54 $gacl->add_object_section('Patients' , 'patients' , 10, 0, 'ACO');
55 // xl('Patients')
56 $gacl->add_object_section('Squads' , 'squads' , 10, 0, 'ACO');
57 // xl('Squads')
58 $gacl->add_object_section('Sensitivities' , 'sensitivities' , 10, 0, 'ACO');
59 // xl('Sensitivities')
60 $gacl->add_object_section('Placeholder' , 'placeholder' , 10, 0, 'ACO');
61 // xl('Placeholder')
62 $gacl->add_object_section('Nation Notes' , 'nationnotes' , 10, 0, 'ACO');
63 // xl('Nation Notes')
64 $gacl->add_object_section('Patient Portal' , 'patientportal' , 10, 0, 'ACO');
65 // xl('Patient Portal')
66 $gacl->add_object_section('Menus','menus' , 10, 0, 'ACO');
67 // xl('Menus')
68 $gacl->add_object_section('Groups','groups', 10, 0, 'ACO');
69 // xl('Groups')
73 // Create Accounting ACOs.
75 $gacl->add_object('acct', 'Billing (write optional)' , 'bill' , 10, 0, 'ACO');
76 // xl('Billing (write optional)')
77 $gacl->add_object('acct', 'Price Discounting' , 'disc' , 10, 0, 'ACO');
78 // xl('Price Discounting')
79 $gacl->add_object('acct', 'EOB Data Entry' , 'eob' , 10, 0, 'ACO');
80 // xl('EOB Data Entry')
81 $gacl->add_object('acct', 'Financial Reporting - my encounters', 'rep' , 10, 0, 'ACO');
82 // xl('Financial Reporting - my encounters')
83 $gacl->add_object('acct', 'Financial Reporting - anything' , 'rep_a', 10, 0, 'ACO');
84 // xl('Financial Reporting - anything')
86 // Create Administration ACOs.
88 $gacl->add_object('admin', 'Superuser' , 'super' , 10, 0, 'ACO');
89 // xl('Superuser')
90 $gacl->add_object('admin', 'Calendar Settings' , 'calendar' , 10, 0, 'ACO');
91 // xl('Calendar Settings')
92 $gacl->add_object('admin', 'Database Reporting' , 'database' , 10, 0, 'ACO');
93 // xl('Database Reporting')
94 $gacl->add_object('admin', 'Forms Administration' , 'forms' , 10, 0, 'ACO');
95 // xl('Forms Administration')
96 $gacl->add_object('admin', 'Practice Settings' , 'practice' , 10, 0, 'ACO');
97 // xl('Practice Settings')
98 $gacl->add_object('admin', 'Superbill Codes Administration' , 'superbill', 10, 0, 'ACO');
99 // xl('Superbill Codes Administration')
100 $gacl->add_object('admin', 'Users/Groups/Logs Administration', 'users' , 10, 0, 'ACO');
101 // xl('Users/Groups/Logs Administration')
102 $gacl->add_object('admin', 'Batch Communication Tool' , 'batchcom' , 10, 0, 'ACO');
103 // xl('Batch Communication Tool')
104 $gacl->add_object('admin', 'Language Interface Tool' , 'language' , 10, 0, 'ACO');
105 // xl('Language Interface Tool')
106 $gacl->add_object('admin', 'Pharmacy Dispensary' , 'drugs' , 10, 0, 'ACO');
107 // xl('Pharmacy Dispensary')
108 $gacl->add_object('admin', 'ACL Administration' , 'acl' , 10, 0, 'ACO');
109 // xl('ACL Administration')
110 $gacl->add_object('admin', 'Multipledb' ,'multipledb', 10, 0, 'ACO');
111 // xl('Multipledb')
113 // Create ACOs for encounters.
115 $gacl->add_object('encounters', 'Authorize - my encounters' , 'auth' , 10, 0, 'ACO');
116 // xl('Authorize - my encounters')
117 $gacl->add_object('encounters', 'Authorize - any encounters' , 'auth_a' , 10, 0, 'ACO');
118 // xl('Authorize - any encounters')
119 $gacl->add_object('encounters', 'Coding - my encounters (write,wsome optional)' , 'coding' , 10, 0, 'ACO');
120 // xl('Coding - my encounters (write,wsome optional)')
121 $gacl->add_object('encounters', 'Coding - any encounters (write,wsome optional)' , 'coding_a', 10, 0, 'ACO');
122 // xl('Coding - any encounters (write,wsome optional)')
123 $gacl->add_object('encounters', 'Notes - my encounters (write,addonly optional)' , 'notes' , 10, 0, 'ACO');
124 // xl('Notes - my encounters (write,addonly optional)')
125 $gacl->add_object('encounters', 'Notes - any encounters (write,addonly optional)' , 'notes_a' , 10, 0, 'ACO');
126 // xl('Notes - any encounters (write,addonly optional)')
127 $gacl->add_object('encounters', 'Fix encounter dates - any encounters' , 'date_a' , 10, 0, 'ACO');
128 // xl('Fix encounter dates - any encounters')
129 $gacl->add_object('encounters', 'Less-private information (write,addonly optional)', 'relaxed' , 10, 0, 'ACO');
130 // xl('Less-private information (write,addonly optional)')
132 // Create ACOs for lists.
134 $gacl->add_object('lists', 'Default List (write,addonly optional)' , 'default' , 10, 0, 'ACO');
135 // xl('Default List (write,addonly optional)')
136 $gacl->add_object('lists', 'State List (write,addonly optional)' , 'state' , 10, 0, 'ACO');
137 // xl('State List (write,addonly optional)')
138 $gacl->add_object('lists', 'Country List (write,addonly optional)' , 'country' , 10, 0, 'ACO');
139 // xl('Country List (write,addonly optional)')
140 $gacl->add_object('lists', 'Language List (write,addonly optional)' , 'language' , 10, 0, 'ACO');
141 // xl('Language List (write,addonly optional)')
142 $gacl->add_object('lists', 'Ethnicity-Race List (write,addonly optional)' , 'ethrace' , 10, 0, 'ACO');
143 // xl('Ethnicity-Race List (write,addonly optional)')
145 // Create ACOs for patientportal.
147 $gacl->add_object('patientportal', 'Patient Portal' , 'portal' , 10, 0, 'ACO');
148 // xl('Patient Portal')
150 // Create ACOs for modules.
152 $gacl->add_object('menus', 'Modules' , 'modle' , 10, 0, 'ACO');
153 // xl('Modules')
155 // Create ACOs for patients.
157 $gacl->add_object('patients', 'Appointments (write,wsome optional)' , 'appt' , 10, 0, 'ACO');
158 // xl('Appointments (write,wsome optional)')
159 $gacl->add_object('patients', 'Demographics (write,addonly optional)' , 'demo' , 10, 0, 'ACO');
160 // xl('Demographics (write,addonly optional)')
161 $gacl->add_object('patients', 'Medical/History (write,addonly optional)' , 'med' , 10, 0, 'ACO');
162 // xl('Medical/History (write,addonly optional)')
163 $gacl->add_object('patients', 'Transactions (write optional)' , 'trans', 10, 0, 'ACO');
164 // xl('Transactions (write optional)')
165 $gacl->add_object('patients', 'Documents (write,addonly optional)' , 'docs' , 10, 0, 'ACO');
166 // xl('Documents (write,addonly optional)')
167 $gacl->add_object('patients', 'Patient Notes (write,addonly optional)' , 'notes', 10, 0, 'ACO');
168 // xl('Patient Notes (write,addonly optional)')
169 $gacl->add_object('patients', 'Sign Lab Results (write,addonly optional)', 'sign' , 10, 0, 'ACO');
170 // xl('Sign Lab Results (write,addonly optional)')
171 $gacl->add_object('patients', 'Patient Reminders (write,addonly optional)','reminder', 10, 0, 'ACO');
172 // xl('Patient Reminders (write,addonly optional)')
173 $gacl->add_object('patients', 'Clinical Reminders/Alerts (write,addonly optional)','alert', 10, 0, 'ACO');
174 // xl('Clinical Reminders/Alerts (write,addonly optional)')
175 $gacl->add_object('patients', 'Disclosures (write,addonly optional)','disclosure', 10, 0, 'ACO');
176 // xl('Disclosures (write,addonly optional)')
177 $gacl->add_object('patients', 'Prescriptions (write,addonly optional)','rx', 10, 0, 'ACO');
178 // xl('Prescriptions (write,addonly optional)')
179 $gacl->add_object('patients', 'Amendments (write,addonly optional)','amendment', 10, 0, 'ACO');
180 // xl('Amendments (write,addonly optional)')
181 $gacl->add_object('patients', 'Lab Results (write,addonly optional)','lab', 10, 0, 'ACO');
182 // xl('Lab Results (write,addonly optional)')
185 $gacl->add_object('groups', 'View/Add/Update groups','gadd', 10, 0, 'ACO');
186 // xl('View/Add/Update groups')
187 $gacl->add_object('groups', 'View/Create/Update groups appointment in calendar','gcalendar', 10, 0, 'ACO');
188 // xl('View/Create/Update groups appointment in calendar')
189 $gacl->add_object('groups', 'Group encounter log','glog', 10, 0, 'ACO');
190 // xl('Group encounter log')
191 $gacl->add_object('groups', 'Group detailed log of appointment in patient record','gdlog', 10, 0, 'ACO');
192 // xl('Group detailed log of appointment in patient record')
193 $gacl->add_object('groups', 'Send message from the permanent group therapist to the personal therapist','gm', 10, 0, 'ACO');
194 // xl('Send message from the permanent group therapist to the personal therapist')
196 // Create ACOs for sensitivities.
198 $gacl->add_object('sensitivities', 'Normal', 'normal', 10, 0, 'ACO');
199 // xl('Normal')
200 $gacl->add_object('sensitivities', 'High' , 'high' , 20, 0, 'ACO');
201 // xl('High')
203 // Create ACO for placeholder.
205 $gacl->add_object('placeholder', 'Placeholder (Maintains empty ACLs)', 'filler', 10, 0, 'ACO');
206 // xl('Placeholder (Maintains empty ACLs)')
208 // Create ACO for nationnotes.
210 $gacl->add_object('nationnotes', 'Nation Notes Configure', 'nn_configure', 10, 0, 'ACO');
211 // xl('Nation Notes Configure')
213 // Create ARO groups.
215 $users = $gacl->add_group('users', 'OpenEMR Users' , 0 , 'ARO');
216 // xl('OpenEMR Users')
217 $admin = $gacl->add_group('admin', 'Administrators', $users, 'ARO');
218 // xl('Administrators')
219 $clin = $gacl->add_group('clin' , 'Clinicians' , $users, 'ARO');
220 // xl('Clinicians')
221 $doc = $gacl->add_group('doc' , 'Physicians' , $users, 'ARO');
222 // xl('Physicians')
223 $front = $gacl->add_group('front', 'Front Office' , $users, 'ARO');
224 // xl('Front Office')
225 $back = $gacl->add_group('back' , 'Accounting' , $users, 'ARO');
226 // xl('Accounting')
227 $breakglass = $gacl->add_group('breakglass' , 'Emergency Login' , $users, 'ARO');
228 // xl('Emergency Login')
231 // Create a Users section for the AROs (humans).
233 $gacl->add_object_section('Users', 'users', 10, 0, 'ARO');
234 // xl('Users')
236 // Create the Administrator in the above-created "users" section
237 // and add him/her to the above-created "admin" group.
238 // If this script is being used by OpenEMR's setup, then will
239 // incorporate the installation values. Otherwise will
240 // hardcode the 'admin' user.
241 if (isset($this) && isset($this->iuser)) {
242 $gacl->add_object('users', $this->iuname, $this->iuser, 10, 0, 'ARO');
243 $gacl->add_group_object($admin, 'users', $this->iuser, 'ARO');
245 else {
246 $gacl->add_object('users', 'Administrator', 'admin' ,10, 0, 'ARO');
247 $gacl->add_group_object($admin, 'users', 'admin', 'ARO');
250 // Declare return terms for language translations
251 // xl('write') xl('wsome') xl('addonly') xl('view')
253 // Set permissions for administrators.
255 $gacl->add_acl(
256 array(
257 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
258 'admin'=>array('calendar', 'database', 'forms', 'practice', 'superbill', 'users', 'batchcom', 'language', 'super', 'drugs', 'acl','multipledb'),
259 'encounters'=>array('auth_a', 'coding_a', 'notes_a', 'date_a'),
260 'lists'=>array('default','state','country','language','ethrace'),
261 'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes'),
262 'sensitivities'=>array('normal', 'high'),
263 'nationnotes'=>array('nn_configure'),
264 'patientportal'=>array('portal'),
265 'menus'=>array('modle'),
266 'groups'=>array('gadd','gcalendar','glog','gdlog','gm')
268 NULL, array($admin), NULL, NULL,
269 1, 1, 'write', 'Administrators can do anything'
271 // xl('Administrators can do anything')
273 // Set permissions for physicians.
275 $gacl->add_acl(
276 array(
277 'placeholder'=>array('filler')
279 NULL, array($doc), NULL, NULL,
280 1, 1, 'view', 'Things that physicians can only read'
282 // xl('Things that physicians can only read')
283 $gacl->add_acl(
284 array(
285 'placeholder'=>array('filler')
287 NULL, array($doc), NULL, NULL,
288 1, 1, 'addonly', 'Things that physicians can read and enter but not modify'
290 // xl('Things that physicians can read and enter but not modify')
291 $gacl->add_acl(
292 array(
293 'placeholder'=>array('filler')
295 NULL, array($doc), NULL, NULL,
296 1, 1, 'wsome', 'Things that physicians can read and partly modify'
298 // xl('Things that physicians can read and partly modify')
300 $gacl->add_acl(
301 array(
302 'acct'=>array('disc', 'rep'),
303 'admin'=>array('drugs'),
304 'encounters'=>array('auth_a', 'coding_a', 'notes_a', 'date_a'),
305 'patients' => array('appt', 'demo', 'med', 'trans', 'docs', 'notes', 'sign', 'reminder', 'alert',
306 'disclosure', 'rx', 'amendment', 'lab'),
307 'sensitivities'=>array('normal', 'high')
309 NULL, array($doc), NULL, NULL,
310 1, 1, 'write', 'Things that physicians can read and modify'
312 // xl('Things that physicians can read and modify')
314 // Set permissions for clinicians.
316 $gacl->add_acl(
317 array(
318 'placeholder'=>array('filler')
320 NULL, array($clin), NULL, NULL,
321 1, 1, 'view', 'Things that clinicians can only read'
323 // xl('Things that clinicians can only read')
324 $gacl->add_acl(
325 array(
326 'encounters'=>array('notes', 'relaxed'),
327 'patients'=>array('demo', 'med', 'docs', 'notes'),
328 'sensitivities'=>array('normal')
330 NULL, array($clin), NULL, NULL,
331 1, 1, 'addonly', 'Things that clinicians can read and enter but not modify'
333 // xl('Things that clinicians can read and enter but not modify')
335 $gacl->add_acl(
336 array(
337 'placeholder'=>array('filler')
339 NULL, array($clin), NULL, NULL,
340 1, 1, 'wsome', 'Things that clinicians can read and partly modify'
342 // xl('Things that clinicians can read and partly modify')
343 $gacl->add_acl(
344 array(
345 'admin'=>array('drugs'),
346 'encounters'=>array('coding'),
347 'patients'=>array('appt')
349 NULL, array($clin), NULL, NULL,
350 1, 1, 'write', 'Things that clinicians can read and modify'
352 // xl('Things that clinicians can read and modify')
354 // Set permissions for front office staff.
356 $gacl->add_acl(
357 array(
358 'placeholder'=>array('filler')
360 NULL, array($front), NULL, NULL,
361 1, 1, 'view', 'Things that front office can only read'
363 // xl('Things that front office can only read')
364 $gacl->add_acl(
365 array(
366 'placeholder'=>array('filler')
368 NULL, array($front), NULL, NULL,
369 1, 1, 'addonly', 'Things that front office can read and enter but not modify'
371 // xl('Things that front office can read and enter but not modify')
372 $gacl->add_acl(
373 array(
374 'placeholder'=>array('filler')
376 NULL, array($front), NULL, NULL,
377 1, 1, 'wsome', 'Things that front office can read and partly modify'
379 // xl('Things that front office can read and partly modify')
380 $gacl->add_acl(
381 array(
382 'patients'=>array('appt', 'demo', 'trans', 'notes')
384 NULL, array($front), NULL, NULL,
385 1, 1, 'write', 'Things that front office can read and modify'
387 // xl('Things that front office can read and modify')
389 // Set permissions for back office staff.
391 $gacl->add_acl(
392 array(
393 'placeholder'=>array('filler')
395 NULL, array($back), NULL, NULL,
396 1, 1, 'view', 'Things that back office can only read'
398 // xl('Things that back office can only read')
399 $gacl->add_acl(
400 array(
401 'placeholder'=>array('filler')
403 NULL, array($back), NULL, NULL,
404 1, 1, 'addonly', 'Things that back office can read and enter but not modify'
406 // xl('Things that back office can read and enter but not modify')
407 $gacl->add_acl(
408 array(
409 'placeholder'=>array('filler')
411 NULL, array($back), NULL, NULL,
412 1, 1, 'wsome', 'Things that back office can read and partly modify'
414 // xl('Things that back office can read and partly modify')
415 $gacl->add_acl(
416 array(
417 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
418 'admin'=>array('practice', 'superbill'),
419 'encounters'=>array('auth_a', 'coding_a', 'date_a'),
420 'patients'=>array('appt', 'demo')
422 NULL, array($back), NULL, NULL,
423 1, 1, 'write', 'Things that back office can read and modify'
425 // xl('Things that back office can read and modify')
427 // Set permissions for Emergency Login.
429 $gacl->add_acl(
430 array(
431 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
432 'admin'=>array('calendar', 'database', 'forms', 'practice', 'superbill', 'users', 'batchcom', 'language', 'super', 'drugs', 'acl'),
433 'encounters'=>array('auth_a', 'coding_a', 'notes_a', 'date_a'),
434 'lists'=>array('default','state','country','language','ethrace'),
435 'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes'),
436 'sensitivities'=>array('normal', 'high'),
437 'nationnotes'=>array('nn_configure'),
438 'patientportal'=>array('portal'),
439 'menus'=>array('modle')
441 NULL, array($breakglass), NULL, NULL,
442 1, 1, 'write', 'Emergency Login user can do anything'
444 // xl('Emergency Login user can do anything')
447 <html>
448 <head>
449 <title>OpenEMR ACL Setup</title>
450 <link rel=STYLESHEET href="interface/themes/style_blue.css">
451 </head>
452 <body>
453 <b>OpenEMR ACL Setup</b>
454 <br>
455 All done configuring and installing access controls (php-GACL)!
456 </body>
457 </html>