2 //First make sure user has access
3 require_once("../../interface/globals.php");
5 use OpenEMR\Common\Acl\AclMain
;
6 use OpenEMR\Common\Csrf\CsrfUtils
;
9 if (!CsrfUtils
::verifyCsrfToken($_POST["csrf_token_form"])) {
10 CsrfUtils
::csrfNotVerified();
14 //ensure user has proper access
15 if (!AclMain
::aclCheckCore('admin', 'acl')) {
16 echo xlt('ACL Administration Not Authorized');
20 require_once("gacl_admin.inc.php");
22 //GET takes precedence.
23 if (!empty($_GET['object_type'])) {
24 $object_type = $_GET['object_type'];
26 $object_type = $_POST['object_type'];
29 switch(strtolower(trim($object_type))) {
32 $object_table = $gacl_api->_db_table_prefix
. 'aco';
33 $object_sections_table = $gacl_api->_db_table_prefix
. 'aco_sections';
37 $object_table = $gacl_api->_db_table_prefix
. 'aro';
38 $object_sections_table = $gacl_api->_db_table_prefix
. 'aro_sections';
42 $object_table = $gacl_api->_db_table_prefix
. 'axo';
43 $object_sections_table = $gacl_api->_db_table_prefix
. 'axo_sections';
46 echo "ERROR: Must select an object type<br />\n";
51 $postAction = $_POST['action'] ??
null;
52 switch ($postAction) {
55 if (count($_POST['delete_object']) > 0) {
56 foreach($_POST['delete_object'] as $id) {
57 $gacl_api->del_object($id, $object_type, TRUE);
62 $gacl_api->return_page($_POST['return_page']);
66 $gacl_api->debug_text("Submit!!");
69 if (!empty($_POST['objects'])) {
70 foreach ($_POST['objects'] as $row) {
71 list($id, $value, $order, $name) = $row;
72 $gacl_api->edit_object($id, $_POST['section_value'], $name, $value, $order, 0, $object_type);
76 unset($section_value);
82 foreach ($_POST['new_objects'] as $row) {
83 list($value, $order, $name) = $row;
85 if (!empty($value) AND !empty($name)) {
86 $object_id= $gacl_api->add_object($_POST['section_value'], $name, $value, $order, 0, $object_type);
89 $gacl_api->debug_text("return_page: ". $_POST['return_page']);
90 $gacl_api->return_page($_POST['return_page']);
95 $query = "select name from $object_sections_table where value = ". $db->qstr($_GET['section_value']);
96 $section_name = $db->GetOne($query);
105 where section_value=". $db->qstr($_GET['section_value']) ."
106 order by order_value";
107 $rs = $db->pageexecute($query, $gacl_api->_items_per_page
, ($_GET['page'] ??
null));
108 $rows = $rs->GetRows();
110 foreach ($rows as $row) {
111 list($id, $section_value, $value, $order_value, $name) = $row;
115 'section_value' => $section_value,
117 'order' => $order_value,
122 for($i=0; $i < 5; $i++
) {
123 $new_objects[] = array(
125 'section_value' => NULL,
132 $smarty->assign('objects', ($objects ??
null));
133 $smarty->assign('new_objects', $new_objects);
135 $smarty->assign("paging_data", $gacl_api->get_paging_data($rs));
140 $smarty->assign('section_value', ($_GET['section_value'] ??
null));
141 $smarty->assign('section_value_escaped', attr($_GET['section_value'] ??
null));
143 $smarty->assign('section_name', ($section_name ??
null));
145 $smarty->assign('object_type', $object_type);
146 $smarty->assign('object_type_escaped', attr($object_type));
148 $smarty->assign('return_page', $_SERVER['REQUEST_URI']);
150 $smarty->assign('current','edit_'. $object_type .'s');
151 $smarty->assign('page_title', 'Edit '. strtoupper($object_type) .' Objects');
153 $smarty->assign("phpgacl_version", $gacl_api->get_version() );
154 $smarty->assign("phpgacl_schema_version", $gacl_api->get_schema_version() );
156 $smarty->assign("CSRF_TOKEN_FORM", CsrfUtils
::collectCsrfToken());
158 $smarty->display('phpgacl/edit_objects.tpl');