search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update donate link (#4390)
[openemr.git] / gacl / admin / assign_group.php
blobf7e4fa97e814ee80eacf1a63f4aa0051994d5f47
1 <?php
2 //First make sure user has access
3 require_once("../../interface/globals.php");
4
5 use OpenEMR\Common\Acl\AclMain;
6 use OpenEMR\Common\Csrf\CsrfUtils;
7
8 if (!empty($_POST)) {
9 if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
10 CsrfUtils::csrfNotVerified();
11 }
12 }
13
14 //ensure user has proper access
15 if (!AclMain::aclCheckCore('admin', 'acl')) {
16 echo xlt('ACL Administration Not Authorized');
17 exit;
18 }
19
20 require_once('gacl_admin.inc.php');
21
22 //GET takes precedence.
23 if ($_GET['group_type'] != '') {
24 $group_type = $_GET['group_type'];
25 } else {
26 $group_type = $_POST['group_type'];
27 }
28
29 switch(strtolower(trim($group_type))) {
30 case 'axo':
31 $group_type = 'axo';
32 $table = $gacl_api->_db_table_prefix . 'axo';
33 $group_table = $gacl_api->_db_table_prefix . 'axo_groups';
34 $group_sections_table = $gacl_api->_db_table_prefix . 'axo_sections';
35 $group_map_table = $gacl_api->_db_table_prefix . 'groups_axo_map';
36 $object_type = 'Access eXtension Object';
37 break;
38 default:
39 $group_type = 'aro';
40 $table = $gacl_api->_db_table_prefix . 'aro';
41 $group_table = $gacl_api->_db_table_prefix . 'aro_groups';
42 $group_sections_table = $gacl_api->_db_table_prefix . 'aro_sections';
43 $group_map_table = $gacl_api->_db_table_prefix . 'groups_aro_map';
44 $object_type = 'Access Request Object';
45 break;
46 }
47
48 $postAction = $_POST['action'] ?? null;
49 switch ($postAction) {
50 case 'Remove':
51 $gacl_api->debug_text('Delete!!');
52
53 //Parse the form values
54 //foreach ($_POST['delete_assigned_aro'] as $aro_value) {
55 foreach ($_POST['delete_assigned_object'] as $object_value) {
56 $split_object_value = explode('^', $object_value);
57 $selected_object_array[$split_object_value[0]][] = $split_object_value[1];
58 }
59
60 //Insert Object -> GROUP mappings
61 foreach ($selected_object_array as $object_section_value => $object_array) {
62 $gacl_api->debug_text('Assign: Object ID: '. $object_section_value .' to Group: '. $_POST['group_id']);
63
64 foreach ($object_array as $object_value) {
65 $gacl_api->del_group_object($_POST['group_id'], $object_section_value, $object_value, $group_type);
66 }
67 }
68
69 //Return page.
70 $gacl_api->return_page($_SERVER['PHP_SELF'] .'?group_type='. urlencode($_POST['group_type']) .'&group_id='. urlencode($_POST['group_id']));
71
72 break;
73 case 'Submit':
74 $gacl_api->debug_text('Submit!!');
75
76 //showarray($_POST['selected_'.$_POST['group_type']]);
77 //Parse the form values
78 //foreach ($_POST['selected_aro'] as $aro_value) {
79 foreach ($_POST['selected_'.$_POST['group_type']] as $object_value) {
80 $split_object_value = explode('^', $object_value);
81 $selected_object_array[$split_object_value[0]][] = $split_object_value[1];
82 }
83
84 //Insert ARO -> GROUP mappings
85 foreach ($selected_object_array as $object_section_value => $object_array) {
86 $gacl_api->debug_text('Assign: Object ID: '. $object_section_value .' to Group: '. $_POST['group_id']);
87
88 foreach ($object_array as $object_value) {
89 $gacl_api->add_group_object($_POST['group_id'], $object_section_value, $object_value, $group_type);
90 }
91 }
92
93 $gacl_api->return_page($_SERVER['PHP_SELF'] .'?group_type='. urlencode($_POST['group_type']) .'&group_id='. urlencode($_POST['group_id']));
94
95 break;
96 default:
97 //
98 //Grab all sections for select box
99 //
100 $query = 'SELECT value,name FROM '. $group_sections_table .' ORDER BY order_value,name';
101 $rs = $db->Execute($query);
102
103 $options_sections = array();
104
105 if (is_object($rs)) {
106 while ($row = $rs->FetchRow()) {
107 $options_sections[$row[0]] = $row[1];
108 }
109 }
110
111 //showarray($options_sections);
112 $smarty->assign('options_sections', $options_sections);
113 $smarty->assign('section_value', reset($options_sections));
114
115 //
116 //Grab all objects for select box
117 //
118 $query = 'SELECT section_value,value,name FROM '. $table .' ORDER BY section_value,order_value,name';
119 $rs = $db->SelectLimit($query, $gacl_api->_max_select_box_items);
120
121 $js_array_name = 'options[\''. $group_type .'\']';
122 //Init the main aro js array.
123 $js_array = 'var options = new Array();' . "\n";
124 $js_array .= $js_array_name .' = new Array();' . "\n";
125
126 unset($tmp_section_value);
127
128 if (is_object($rs)) {
129 while ($row = $rs->FetchRow()) {
130 //list($section_value, $value, $name) = $row;
131
132 $section_value = addslashes($row[0]);
133 $value = addslashes($row[1]);
134 $name = addslashes($row[2]);
135
136 //Prepare javascript code for dynamic select box.
137 //Init the javascript sub-array.
138 if (!isset($tmp_section_value) OR $section_value != $tmp_section_value) {
139 $i = 0;
140 $js_array .= $js_array_name .'[\''. $section_value .'\'] = new Array();' . "\n";
141 }
142
143 //Add each select option for the section
144 $js_array .= $js_array_name .'[\''. $section_value .'\']['. $i .'] = new Array(\''. $value .'\', \''. $name ."');\n";
145
146 $tmp_section_value = $section_value;
147 $i++;
148 }
149 }
150
151 $smarty->assign('js_array', $js_array);
152 $smarty->assign('js_array_name', $group_type);
153
154 //Grab list of assigned Objects
155 $query = '
156 SELECT b.section_value,b.value,b.name AS b_name,c.name AS c_name
157 FROM '. $group_map_table .' a
158 INNER JOIN '. $table .' b ON b.id=a.'. $group_type .'_id
159 INNER JOIN '. $group_sections_table .' c ON c.value=b.section_value
160 WHERE a.group_id='. $db->qstr($_GET['group_id']) .'
161 ORDER BY c.name, b.name';
162 //$rs = $db->Execute($query);
163 $rs = $db->PageExecute($query, $gacl_api->_items_per_page, ($_GET['page'] ?? null));
164
165 $object_rows = array();
166
167 if (is_object($rs)) {
168 while ($row = $rs->FetchRow()) {
169 list($section_value, $value, $name, $section) = $row;
170
171 $object_rows[] = array(
172 'section_value' => $row[0],
173 'value' => $row[1],
174 'name' => $row[2],
175 'section' => $row[3]
176 );
177 }
178
179 $smarty->assign('total_objects', $rs->_maxRecordCount);
180
181 $smarty->assign('paging_data', $gacl_api->get_paging_data($rs));
182 }
183 //showarray($aros);
184
185 $smarty->assign('rows', $object_rows);
186
187 //Get group name.
188 $group_data = $gacl_api->get_group_data($_GET['group_id'], $group_type);
189 $smarty->assign('group_name', $group_data[2]);
190
191 $smarty->assign('group_id', $_GET['group_id']);
192 $smarty->assign('group_id_escaped', attr($_GET['group_id']));
193
194 break;
195 }
196
197 $smarty->assign('group_type', $group_type);
198 $smarty->assign('group_type_escaped', attr($group_type));
199 $smarty->assign('object_type', $object_type);
200 $smarty->assign('return_page', $_SERVER['REQUEST_URI'] );
201
202 $smarty->assign('current','assign_group_'. $group_type);
203 $smarty->assign('page_title', 'Assign Group - '. strtoupper($group_type));
204
205 $smarty->assign('phpgacl_version', $gacl_api->get_version() );
206 $smarty->assign('phpgacl_schema_version', $gacl_api->get_schema_version() );
207
208 $smarty->assign("CSRF_TOKEN_FORM", CsrfUtils::collectCsrfToken());
209
210 $smarty->display('phpgacl/assign_group.tpl');
211 ?>
Mirror of official OpenEMR Sourceforge repository