complete conversion of practice settings gui to responsive bootstrap
[openemr.git] / acl_setup.php
blob73fecc54ed6473a40f06da1c20adde5b23614112
1 <?php
2 // Copyright (C) 2005-2017 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8 //
9 // This program is run by the OpenEMR setup.php script to install phpGACL
10 // and creates the Access Control Objects and their sections.
11 // See openemr/library/acl.inc file for the list of
12 // currently supported Access Control Objects(ACO), which this
13 // script will install. This script also creates several
14 // ARO groups, an "admin" ARO, and some reasonable ACL entries for
15 // the groups.
16 // ARO groups include:
17 // Administrators
18 // Physicians (Doctors)
19 // Clinicians (Nurses, Physician Assistants, etc.)
20 // Front Office (Receptionist)
21 // Accounting
23 // Upgrade Howto
24 // When upgrading to a new version of OpenEMR, run the acl_upgrade.php
25 // script to update the phpGACL access controls. This is required to
26 // ensure the database includes all the required Access Control
27 // Objects(ACO).
30 // On 06/2009, added pertinent comments below each entry to allow capture
31 // of these terms by the translation engine.
33 require_once(dirname(__FILE__).'/library/acl.inc');
35 if (! $phpgacl_location) {
36 die("You must first set up library/acl.inc to use phpGACL!");
39 require_once("$phpgacl_location/gacl_api.class.php");
41 $gacl = new gacl_api();
43 // Create the ACO sections. Every ACO must have a section.
45 if ($gacl->add_object_section('Accounting', 'acct', 10, 0, 'ACO') === false) {
46 echo "Unable to create the access controls for OpenEMR. You have likely already run this script (acl_setup.php) successfully.<br>Other possible problems include php-GACL configuration file errors (gacl.ini.php or gacl.class.php).<br>";
47 return;
50 // xl('Accounting')
51 $gacl->add_object_section('Administration', 'admin', 10, 0, 'ACO');
52 // xl('Administration')
53 $gacl->add_object_section('Encounters', 'encounters', 10, 0, 'ACO');
54 // xl('Encounters')
55 $gacl->add_object_section('Lists', 'lists', 10, 0, 'ACO');
56 // xl('Lists')
57 $gacl->add_object_section('Patients', 'patients', 10, 0, 'ACO');
58 // xl('Patients')
59 $gacl->add_object_section('Squads', 'squads', 10, 0, 'ACO');
60 // xl('Squads')
61 $gacl->add_object_section('Sensitivities', 'sensitivities', 10, 0, 'ACO');
62 // xl('Sensitivities')
63 $gacl->add_object_section('Placeholder', 'placeholder', 10, 0, 'ACO');
64 // xl('Placeholder')
65 $gacl->add_object_section('Nation Notes', 'nationnotes', 10, 0, 'ACO');
66 // xl('Nation Notes')
67 $gacl->add_object_section('Patient Portal', 'patientportal', 10, 0, 'ACO');
68 // xl('Patient Portal')
69 $gacl->add_object_section('Menus', 'menus', 10, 0, 'ACO');
70 // xl('Menus')
71 $gacl->add_object_section('Groups', 'groups', 10, 0, 'ACO');
72 // xl('Groups')
76 // Create Accounting ACOs.
78 $gacl->add_object('acct', 'Billing (write optional)', 'bill', 10, 0, 'ACO');
79 // xl('Billing (write optional)')
80 $gacl->add_object('acct', 'Price Discounting', 'disc', 10, 0, 'ACO');
81 // xl('Price Discounting')
82 $gacl->add_object('acct', 'EOB Data Entry', 'eob', 10, 0, 'ACO');
83 // xl('EOB Data Entry')
84 $gacl->add_object('acct', 'Financial Reporting - my encounters', 'rep', 10, 0, 'ACO');
85 // xl('Financial Reporting - my encounters')
86 $gacl->add_object('acct', 'Financial Reporting - anything', 'rep_a', 10, 0, 'ACO');
87 // xl('Financial Reporting - anything')
89 // Create Administration ACOs.
91 $gacl->add_object('admin', 'Superuser', 'super', 10, 0, 'ACO');
92 // xl('Superuser')
93 $gacl->add_object('admin', 'Calendar Settings', 'calendar', 10, 0, 'ACO');
94 // xl('Calendar Settings')
95 $gacl->add_object('admin', 'Database Reporting', 'database', 10, 0, 'ACO');
96 // xl('Database Reporting')
97 $gacl->add_object('admin', 'Forms Administration', 'forms', 10, 0, 'ACO');
98 // xl('Forms Administration')
99 $gacl->add_object('admin', 'Practice Settings', 'practice', 10, 0, 'ACO');
100 // xl('Practice Settings')
101 $gacl->add_object('admin', 'Superbill Codes Administration', 'superbill', 10, 0, 'ACO');
102 // xl('Superbill Codes Administration')
103 $gacl->add_object('admin', 'Users/Groups/Logs Administration', 'users', 10, 0, 'ACO');
104 // xl('Users/Groups/Logs Administration')
105 $gacl->add_object('admin', 'Batch Communication Tool', 'batchcom', 10, 0, 'ACO');
106 // xl('Batch Communication Tool')
107 $gacl->add_object('admin', 'Language Interface Tool', 'language', 10, 0, 'ACO');
108 // xl('Language Interface Tool')
109 $gacl->add_object('admin', 'Pharmacy Dispensary', 'drugs', 10, 0, 'ACO');
110 // xl('Pharmacy Dispensary')
111 $gacl->add_object('admin', 'ACL Administration', 'acl', 10, 0, 'ACO');
112 // xl('ACL Administration')
113 $gacl->add_object('admin', 'Multipledb', 'multipledb', 10, 0, 'ACO');
114 // xl('Multipledb')
116 // Create ACOs for encounters.
118 $gacl->add_object('encounters', 'Authorize - my encounters', 'auth', 10, 0, 'ACO');
119 // xl('Authorize - my encounters')
120 $gacl->add_object('encounters', 'Authorize - any encounters', 'auth_a', 10, 0, 'ACO');
121 // xl('Authorize - any encounters')
122 $gacl->add_object('encounters', 'Coding - my encounters (write,wsome optional)', 'coding', 10, 0, 'ACO');
123 // xl('Coding - my encounters (write,wsome optional)')
124 $gacl->add_object('encounters', 'Coding - any encounters (write,wsome optional)', 'coding_a', 10, 0, 'ACO');
125 // xl('Coding - any encounters (write,wsome optional)')
126 $gacl->add_object('encounters', 'Notes - my encounters (write,addonly optional)', 'notes', 10, 0, 'ACO');
127 // xl('Notes - my encounters (write,addonly optional)')
128 $gacl->add_object('encounters', 'Notes - any encounters (write,addonly optional)', 'notes_a', 10, 0, 'ACO');
129 // xl('Notes - any encounters (write,addonly optional)')
130 $gacl->add_object('encounters', 'Fix encounter dates - any encounters', 'date_a', 10, 0, 'ACO');
131 // xl('Fix encounter dates - any encounters')
132 $gacl->add_object('encounters', 'Less-private information (write,addonly optional)', 'relaxed', 10, 0, 'ACO');
133 // xl('Less-private information (write,addonly optional)')
135 // Create ACOs for lists.
137 $gacl->add_object('lists', 'Default List (write,addonly optional)', 'default', 10, 0, 'ACO');
138 // xl('Default List (write,addonly optional)')
139 $gacl->add_object('lists', 'State List (write,addonly optional)', 'state', 10, 0, 'ACO');
140 // xl('State List (write,addonly optional)')
141 $gacl->add_object('lists', 'Country List (write,addonly optional)', 'country', 10, 0, 'ACO');
142 // xl('Country List (write,addonly optional)')
143 $gacl->add_object('lists', 'Language List (write,addonly optional)', 'language', 10, 0, 'ACO');
144 // xl('Language List (write,addonly optional)')
145 $gacl->add_object('lists', 'Ethnicity-Race List (write,addonly optional)', 'ethrace', 10, 0, 'ACO');
146 // xl('Ethnicity-Race List (write,addonly optional)')
148 // Create ACOs for patientportal.
150 $gacl->add_object('patientportal', 'Patient Portal', 'portal', 10, 0, 'ACO');
151 // xl('Patient Portal')
153 // Create ACOs for modules.
155 $gacl->add_object('menus', 'Modules', 'modle', 10, 0, 'ACO');
156 // xl('Modules')
158 // Create ACOs for patients.
160 $gacl->add_object('patients', 'Appointments (write,wsome optional)', 'appt', 10, 0, 'ACO');
161 // xl('Appointments (write,wsome optional)')
162 $gacl->add_object('patients', 'Demographics (write,addonly optional)', 'demo', 10, 0, 'ACO');
163 // xl('Demographics (write,addonly optional)')
164 $gacl->add_object('patients', 'Medical/History (write,addonly optional)', 'med', 10, 0, 'ACO');
165 // xl('Medical/History (write,addonly optional)')
166 $gacl->add_object('patients', 'Transactions (write optional)', 'trans', 10, 0, 'ACO');
167 // xl('Transactions (write optional)')
168 $gacl->add_object('patients', 'Documents (write,addonly optional)', 'docs', 10, 0, 'ACO');
169 // xl('Documents (write,addonly optional)')
170 $gacl->add_object('patients', 'Patient Notes (write,addonly optional)', 'notes', 10, 0, 'ACO');
171 // xl('Patient Notes (write,addonly optional)')
172 $gacl->add_object('patients', 'Sign Lab Results (write,addonly optional)', 'sign', 10, 0, 'ACO');
173 // xl('Sign Lab Results (write,addonly optional)')
174 $gacl->add_object('patients', 'Patient Reminders (write,addonly optional)', 'reminder', 10, 0, 'ACO');
175 // xl('Patient Reminders (write,addonly optional)')
176 $gacl->add_object('patients', 'Clinical Reminders/Alerts (write,addonly optional)', 'alert', 10, 0, 'ACO');
177 // xl('Clinical Reminders/Alerts (write,addonly optional)')
178 $gacl->add_object('patients', 'Disclosures (write,addonly optional)', 'disclosure', 10, 0, 'ACO');
179 // xl('Disclosures (write,addonly optional)')
180 $gacl->add_object('patients', 'Prescriptions (write,addonly optional)', 'rx', 10, 0, 'ACO');
181 // xl('Prescriptions (write,addonly optional)')
182 $gacl->add_object('patients', 'Amendments (write,addonly optional)', 'amendment', 10, 0, 'ACO');
183 // xl('Amendments (write,addonly optional)')
184 $gacl->add_object('patients', 'Lab Results (write,addonly optional)', 'lab', 10, 0, 'ACO');
185 // xl('Lab Results (write,addonly optional)')
188 $gacl->add_object('groups', 'View/Add/Update groups', 'gadd', 10, 0, 'ACO');
189 // xl('View/Add/Update groups')
190 $gacl->add_object('groups', 'View/Create/Update groups appointment in calendar', 'gcalendar', 10, 0, 'ACO');
191 // xl('View/Create/Update groups appointment in calendar')
192 $gacl->add_object('groups', 'Group encounter log', 'glog', 10, 0, 'ACO');
193 // xl('Group encounter log')
194 $gacl->add_object('groups', 'Group detailed log of appointment in patient record', 'gdlog', 10, 0, 'ACO');
195 // xl('Group detailed log of appointment in patient record')
196 $gacl->add_object('groups', 'Send message from the permanent group therapist to the personal therapist', 'gm', 10, 0, 'ACO');
197 // xl('Send message from the permanent group therapist to the personal therapist')
199 // Create ACOs for sensitivities.
201 $gacl->add_object('sensitivities', 'Normal', 'normal', 10, 0, 'ACO');
202 // xl('Normal')
203 $gacl->add_object('sensitivities', 'High', 'high', 20, 0, 'ACO');
204 // xl('High')
206 // Create ACO for placeholder.
208 $gacl->add_object('placeholder', 'Placeholder (Maintains empty ACLs)', 'filler', 10, 0, 'ACO');
209 // xl('Placeholder (Maintains empty ACLs)')
211 // Create ACO for nationnotes.
213 $gacl->add_object('nationnotes', 'Nation Notes Configure', 'nn_configure', 10, 0, 'ACO');
214 // xl('Nation Notes Configure')
216 // Create ARO groups.
218 $users = $gacl->add_group('users', 'OpenEMR Users', 0, 'ARO');
219 // xl('OpenEMR Users')
220 $admin = $gacl->add_group('admin', 'Administrators', $users, 'ARO');
221 // xl('Administrators')
222 $clin = $gacl->add_group('clin', 'Clinicians', $users, 'ARO');
223 // xl('Clinicians')
224 $doc = $gacl->add_group('doc', 'Physicians', $users, 'ARO');
225 // xl('Physicians')
226 $front = $gacl->add_group('front', 'Front Office', $users, 'ARO');
227 // xl('Front Office')
228 $back = $gacl->add_group('back', 'Accounting', $users, 'ARO');
229 // xl('Accounting')
230 $breakglass = $gacl->add_group('breakglass', 'Emergency Login', $users, 'ARO');
231 // xl('Emergency Login')
234 // Create a Users section for the AROs (humans).
236 $gacl->add_object_section('Users', 'users', 10, 0, 'ARO');
237 // xl('Users')
239 // Create the Administrator in the above-created "users" section
240 // and add him/her to the above-created "admin" group.
241 // If this script is being used by OpenEMR's setup, then will
242 // incorporate the installation values. Otherwise will
243 // hardcode the 'admin' user.
244 if (isset($this) && isset($this->iuser)) {
245 $gacl->add_object('users', $this->iuname, $this->iuser, 10, 0, 'ARO');
246 $gacl->add_group_object($admin, 'users', $this->iuser, 'ARO');
247 } else {
248 $gacl->add_object('users', 'Administrator', 'admin', 10, 0, 'ARO');
249 $gacl->add_group_object($admin, 'users', 'admin', 'ARO');
252 // Declare return terms for language translations
253 // xl('write') xl('wsome') xl('addonly') xl('view')
255 // Set permissions for administrators.
257 $gacl->add_acl(
258 array(
259 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
260 'admin'=>array('calendar', 'database', 'forms', 'practice', 'superbill', 'users', 'batchcom', 'language', 'super', 'drugs', 'acl','multipledb'),
261 'encounters'=>array('auth_a', 'coding_a', 'notes_a', 'date_a'),
262 'lists'=>array('default','state','country','language','ethrace'),
263 'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes'),
264 'sensitivities'=>array('normal', 'high'),
265 'nationnotes'=>array('nn_configure'),
266 'patientportal'=>array('portal'),
267 'menus'=>array('modle'),
268 'groups'=>array('gadd','gcalendar','glog','gdlog','gm')
270 null,
271 array($admin),
272 null,
273 null,
276 'write',
277 'Administrators can do anything'
279 // xl('Administrators can do anything')
281 // Set permissions for physicians.
283 $gacl->add_acl(
284 array(
285 'placeholder'=>array('filler')
287 null,
288 array($doc),
289 null,
290 null,
293 'view',
294 'Things that physicians can only read'
296 // xl('Things that physicians can only read')
297 $gacl->add_acl(
298 array(
299 'placeholder'=>array('filler')
301 null,
302 array($doc),
303 null,
304 null,
307 'addonly',
308 'Things that physicians can read and enter but not modify'
310 // xl('Things that physicians can read and enter but not modify')
311 $gacl->add_acl(
312 array(
313 'placeholder'=>array('filler')
315 null,
316 array($doc),
317 null,
318 null,
321 'wsome',
322 'Things that physicians can read and partly modify'
324 // xl('Things that physicians can read and partly modify')
326 $gacl->add_acl(
327 array(
328 'acct'=>array('disc', 'rep'),
329 'admin'=>array('drugs'),
330 'encounters'=>array('auth_a', 'coding_a', 'notes_a', 'date_a'),
331 'patients' => array('appt', 'demo', 'med', 'trans', 'docs', 'notes', 'sign', 'reminder', 'alert',
332 'disclosure', 'rx', 'amendment', 'lab'),
333 'sensitivities'=>array('normal', 'high')
335 null,
336 array($doc),
337 null,
338 null,
341 'write',
342 'Things that physicians can read and modify'
344 // xl('Things that physicians can read and modify')
346 // Set permissions for clinicians.
348 $gacl->add_acl(
349 array(
350 'placeholder'=>array('filler')
352 null,
353 array($clin),
354 null,
355 null,
358 'view',
359 'Things that clinicians can only read'
361 // xl('Things that clinicians can only read')
362 $gacl->add_acl(
363 array(
364 'encounters'=>array('notes', 'relaxed'),
365 'patients'=>array('demo', 'med', 'docs', 'notes'),
366 'sensitivities'=>array('normal')
368 null,
369 array($clin),
370 null,
371 null,
374 'addonly',
375 'Things that clinicians can read and enter but not modify'
377 // xl('Things that clinicians can read and enter but not modify')
379 $gacl->add_acl(
380 array(
381 'placeholder'=>array('filler')
383 null,
384 array($clin),
385 null,
386 null,
389 'wsome',
390 'Things that clinicians can read and partly modify'
392 // xl('Things that clinicians can read and partly modify')
393 $gacl->add_acl(
394 array(
395 'admin'=>array('drugs'),
396 'encounters'=>array('coding'),
397 'patients'=>array('appt')
399 null,
400 array($clin),
401 null,
402 null,
405 'write',
406 'Things that clinicians can read and modify'
408 // xl('Things that clinicians can read and modify')
410 // Set permissions for front office staff.
412 $gacl->add_acl(
413 array(
414 'placeholder'=>array('filler')
416 null,
417 array($front),
418 null,
419 null,
422 'view',
423 'Things that front office can only read'
425 // xl('Things that front office can only read')
426 $gacl->add_acl(
427 array(
428 'placeholder'=>array('filler')
430 null,
431 array($front),
432 null,
433 null,
436 'addonly',
437 'Things that front office can read and enter but not modify'
439 // xl('Things that front office can read and enter but not modify')
440 $gacl->add_acl(
441 array(
442 'placeholder'=>array('filler')
444 null,
445 array($front),
446 null,
447 null,
450 'wsome',
451 'Things that front office can read and partly modify'
453 // xl('Things that front office can read and partly modify')
454 $gacl->add_acl(
455 array(
456 'patients'=>array('appt', 'demo', 'trans', 'notes')
458 null,
459 array($front),
460 null,
461 null,
464 'write',
465 'Things that front office can read and modify'
467 // xl('Things that front office can read and modify')
469 // Set permissions for back office staff.
471 $gacl->add_acl(
472 array(
473 'placeholder'=>array('filler')
475 null,
476 array($back),
477 null,
478 null,
481 'view',
482 'Things that back office can only read'
484 // xl('Things that back office can only read')
485 $gacl->add_acl(
486 array(
487 'placeholder'=>array('filler')
489 null,
490 array($back),
491 null,
492 null,
495 'addonly',
496 'Things that back office can read and enter but not modify'
498 // xl('Things that back office can read and enter but not modify')
499 $gacl->add_acl(
500 array(
501 'placeholder'=>array('filler')
503 null,
504 array($back),
505 null,
506 null,
509 'wsome',
510 'Things that back office can read and partly modify'
512 // xl('Things that back office can read and partly modify')
513 $gacl->add_acl(
514 array(
515 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
516 'admin'=>array('practice', 'superbill'),
517 'encounters'=>array('auth_a', 'coding_a', 'date_a'),
518 'patients'=>array('appt', 'demo')
520 null,
521 array($back),
522 null,
523 null,
526 'write',
527 'Things that back office can read and modify'
529 // xl('Things that back office can read and modify')
531 // Set permissions for Emergency Login.
533 $gacl->add_acl(
534 array(
535 'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
536 'admin'=>array('calendar', 'database', 'forms', 'practice', 'superbill', 'users', 'batchcom', 'language', 'super', 'drugs', 'acl'),
537 'encounters'=>array('auth_a', 'coding_a', 'notes_a', 'date_a'),
538 'lists'=>array('default','state','country','language','ethrace'),
539 'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes'),
540 'sensitivities'=>array('normal', 'high'),
541 'nationnotes'=>array('nn_configure'),
542 'patientportal'=>array('portal'),
543 'menus'=>array('modle')
545 null,
546 array($breakglass),
547 null,
548 null,
551 'write',
552 'Emergency Login user can do anything'
554 // xl('Emergency Login user can do anything')
557 <html>
558 <head>
559 <title>OpenEMR ACL Setup</title>
560 <link rel=STYLESHEET href="interface/themes/style_blue.css">
561 </head>
562 <body>
563 <b>OpenEMR ACL Setup</b>
564 <br>
565 All done configuring and installing access controls (php-GACL)!
566 </body>
567 </html>