2 //First make sure user has access
3 require_once("../../interface/globals.php");
5 use OpenEMR\Common\Acl\AclMain
;
6 use OpenEMR\Common\Csrf\CsrfUtils
;
9 if (!CsrfUtils
::verifyCsrfToken($_POST["csrf_token_form"])) {
10 CsrfUtils
::csrfNotVerified();
14 //ensure user has proper access
15 if (!AclMain
::aclCheckCore('admin', 'acl')) {
16 echo xlt('ACL Administration Not Authorized');
20 require_once('gacl_admin.inc.php');
22 // GET takes precedence.
23 if (empty($_GET['group_type'])) {
24 $group_type = $_POST['group_type'];
26 $group_type = $_GET['group_type'];
29 if (empty($_GET['return_page'])) {
30 $return_page = $_POST['return_page'];
32 $return_page = $_GET['return_page'];
35 switch(strtolower(trim($group_type))) {
38 $group_table = $gacl_api->_db_table_prefix
. 'axo_groups';
42 $group_table = $gacl_api->_db_table_prefix
. 'aro_groups';
46 $postAction = $_POST['action'] ??
null;
47 switch ($postAction) {
49 $gacl_api->debug_text('Delete');
51 if (count($_POST['delete_group']) > 0) {
52 //Always reparent children when deleting a group.
53 foreach ($_POST['delete_group'] as $group_id) {
54 $gacl_api->debug_text('Deleting group_id: '. $group_id);
56 $result = $gacl_api->del_group($group_id, TRUE, $group_type);
57 if ($result == FALSE) {
62 if (count($retry) > 0) {
63 foreach($retry as $group_id) {
64 $gacl_api->del_group($group_id, TRUE, $group_type);
71 $gacl_api->return_page($return_page);
74 $gacl_api->debug_text('Submit');
76 if (empty($_POST['parent_id'])) {
79 $parent_id = $_POST['parent_id'];
82 //Make sure we're not reparenting to ourself.
83 if (!empty($_POST['group_id']) AND $parent_id == $_POST['group_id']) {
84 echo "Sorry, can't reparent to self!<br />\n";
88 //No parent, assume a "root" group, generate a new parent id.
89 if (empty($_POST['group_id'])) {
90 $gacl_api->debug_text('Insert');
92 $insert_id = $gacl_api->add_group($_POST['value'], $_POST['name'], $parent_id, $group_type);
94 $gacl_api->debug_text('Update');
96 $gacl_api->edit_group($_POST['group_id'], $_POST['value'], $_POST['name'], $parent_id, $group_type);
99 $gacl_api->return_page($return_page);
102 //Grab specific group data
103 if (!empty($_GET['group_id'])) {
105 SELECT id,parent_id,value,name
106 FROM '. $group_table .'
107 WHERE id='. (int)$_GET['group_id'];
109 list($id, $parent_id, $value, $name) = $db->GetRow($query);
112 $parent_id = $_GET['parent_id'] ??
null;
117 $smarty->assign('id', ($id ??
null));
118 $smarty->assign('parent_id', $parent_id);
119 $smarty->assign('value', $value);
120 $smarty->assign('name', $name);
122 $smarty->assign('options_groups', $gacl_api->format_groups($gacl_api->sort_groups($group_type)));
126 $smarty->assign('group_type', $group_type);
127 $smarty->assign('return_page', $return_page);
129 $smarty->assign('current','edit_'. $group_type .'_group');
130 $smarty->assign('page_title', 'Edit '. strtoupper($group_type) .' Group');
132 $smarty->assign('phpgacl_version', $gacl_api->get_version());
133 $smarty->assign('phpgacl_schema_version', $gacl_api->get_schema_version());
135 $smarty->assign("CSRF_TOKEN_FORM", CsrfUtils
::collectCsrfToken());
137 $smarty->display('phpgacl/edit_group.tpl');