fix some failures to enforce required fields, and some code refactoring
[openemr.git] / gacl / admin / acl_list.php
blobf6751564d90bd65bd82d8a61dfde2239c621c8d5
1 <?php
2 //First make sure user has access
3 include_once("../../interface/globals.php");
4 include_once("$srcdir/acl.inc");
5 //ensure user has proper access
6 if (!acl_check('admin', 'acl')) {
7 echo xl('ACL Administration Not Authorized');
8 exit;
10 //ensure php is installed
11 if (!isset($phpgacl_location)) {
12 echo xl('php-GACL access controls are turned off');
13 exit;
16 require_once('gacl_admin.inc.php');
18 switch ($_GET['action']) {
19 case 'Delete':
20 $gacl_api->debug_text('Delete!');
22 if (is_array ($_GET['delete_acl']) AND !empty($_GET['delete_acl'])) {
23 foreach($_GET['delete_acl'] as $id) {
24 $gacl_api->del_acl($id);
28 //Return page.
29 $gacl_api->return_page($_GET['return_page']);
30 break;
31 case 'Submit':
32 $gacl_api->debug_text('Submit!!');
33 break;
34 default:
36 * When the user requests to filter the list, run the filter and get just the matching IDs.
37 * Use these IDs to get the entire ACL information in the second query.
39 * If we just put the LIKE statements in the second query, it will match the correct ACLs
40 * but will only return the matching rows, so it won't show the entire ACL information.
43 if (isset($_GET['action']) AND $_GET['action'] == 'Filter') {
44 $gacl_api->debug_text('Filtering...');
46 $query = '
47 SELECT DISTINCT a.id
48 FROM '. $gacl_api->_db_table_prefix .'acl a
49 LEFT JOIN '. $gacl_api->_db_table_prefix .'aco_map ac ON ac.acl_id=a.id
50 LEFT JOIN '. $gacl_api->_db_table_prefix .'aro_map ar ON ar.acl_id=a.id
51 LEFT JOIN '. $gacl_api->_db_table_prefix .'axo_map ax ON ax.acl_id=a.id';
53 if ( isset($_GET['filter_aco_section']) AND $_GET['filter_aco_section'] != '-1') {
54 $filter_query[] = 'ac.section_value='. $db->qstr(strtolower($_GET['filter_aco_section']));
56 if ( isset($_GET['filter_aco']) AND $_GET['filter_aco'] != '') {
57 $query .= '
58 LEFT JOIN '. $gacl_api->_db_table_prefix .'aco c ON (c.section_value=ac.section_value AND c.value=ac.value)';
60 $name = $db->qstr(strtolower($_GET['filter_aco']));
61 $filter_query[] = '(lower(c.value) LIKE '. $name .' OR lower(c.name) LIKE '. $name .')';
64 if ( isset($_GET['filter_aro_section']) AND $_GET['filter_aro_section'] != '-1') {
65 $filter_query[] = 'ar.section_value='. $db->qstr(strtolower($_GET['filter_aro_section']));
67 if ( isset($_GET['filter_aro']) AND $_GET['filter_aro'] != '') {
68 $query .= '
69 LEFT JOIN '. $gacl_api->_db_table_prefix .'aro r ON (r.section_value=ar.section_value AND r.value=ar.value)';
71 $name = $db->qstr(strtolower($_GET['filter_aro']));
72 $filter_query[] = '(lower(r.value) LIKE '. $name .' OR lower(r.name) LIKE '. $name .')';
74 if ( isset($_GET['filter_aro_group']) AND $_GET['filter_aro_group'] != '') {
75 $query .= '
76 LEFT JOIN '. $gacl_api->_db_table_prefix .'aro_groups_map arg ON arg.acl_id=a.id
77 LEFT JOIN '. $gacl_api->_db_table_prefix .'aro_groups rg ON rg.id=arg.group_id';
79 $filter_query[] = '(lower(rg.name) LIKE '. $db->qstr(strtolower($_GET['filter_aro_group'])) .')';
82 if ( isset($_GET['filter_axo_section']) AND $_GET['filter_axo_section'] != '-1') {
83 $filter_query[] = 'ax.section_value='. $db->qstr(strtolower($_GET['filter_axo_section']));
85 if ( isset($_GET['filter_axo']) AND $_GET['filter_axo'] != '') {
86 $query .= '
87 LEFT JOIN '. $gacl_api->_db_table_prefix .'axo x ON (x.section_value=ax.section_value AND x.value=ax.value)';
89 $name = $db->qstr(strtolower($_GET['filter_axo']));
90 $filter_query[] = '(lower(x.value) LIKE '. $name .' OR lower(x.name) LIKE '. $name .')';
92 if ( isset($_GET['filter_axo_group']) AND $_GET['filter_axo_group'] != '') {
93 $query .= '
94 LEFT JOIN '. $gacl_api->_db_table_prefix .'axo_groups_map axg ON axg.acl_id=a.id
95 LEFT JOIN '. $gacl_api->_db_table_prefix .'axo_groups xg ON xg.id=axg.group_id';
97 $filter_query[] = '(lower(xg.name) LIKE '. $db->qstr(strtolower($_GET['filter_axo_group'])) .')';
100 if ( isset($_GET['filter_acl_section']) AND $_GET['filter_acl_section'] != '-1') {
101 $filter_query[] = 'a.section_value='. $db->qstr(strtolower($_GET['filter_acl_section']));
103 if ( isset($_GET['filter_return_value']) AND $_GET['filter_return_value'] != '') {
104 $filter_query[] = '(lower(a.return_value) LIKE '. $db->qstr(strtolower($_GET['filter_return_value'])) .')';
106 if ( isset($_GET['filter_allow']) AND $_GET['filter_allow'] != '-1') {
107 $filter_query[] = '(a.allow LIKE '. $db->qstr($_GET['filter_allow']) .')';
109 if ( isset($_GET['filter_enabled']) AND $_GET['filter_enabled'] != '-1') {
110 $filter_query[] = '(a.enabled LIKE '. $db->qstr($_GET['filter_enabled']) .')';
113 if (isset($filter_query) AND is_array($filter_query)) {
114 $query .= '
115 WHERE '. implode(' AND ', $filter_query);
117 } else {
118 $query = '
119 SELECT a.id FROM ' . $gacl_api->_db_table_prefix . 'acl a';
122 $query .= '
123 ORDER BY a.id ASC';
125 $acl_ids = array();
127 $rs = $db->PageExecute($query, $gacl_api->_items_per_page, $_GET['page']);
128 if ( is_object($rs) ) {
129 $smarty->assign('paging_data', $gacl_api->get_paging_data($rs));
131 while ( $row = $rs->FetchRow() ) {
132 $acl_ids[] = $row[0];
135 $rs->Close();
138 if ( !empty($acl_ids) ) {
139 $acl_ids_sql = implode(',', $acl_ids);
140 } else {
141 //This shouldn't match any ACLs, returning 0 rows.
142 $acl_ids_sql = -1;
145 $acls = array();
147 //If the user is searching, and there are no results, don't run the query at all
148 if ( !($_GET['action'] == 'Filter' AND $acl_ids_sql == -1) ) {
150 // grab acl details
151 $query = '
152 SELECT a.id,x.name,a.allow,a.enabled,a.return_value,a.note,a.updated_date
153 FROM '. $gacl_api->_db_table_prefix .'acl a
154 INNER JOIN '. $gacl_api->_db_table_prefix .'acl_sections x ON x.value=a.section_value
155 WHERE a.id IN ('. $acl_ids_sql . ')';
156 $rs = $db->Execute($query);
158 if ( is_object($rs) ) {
159 while ( $row = $rs->FetchRow() ) {
160 $acls[$row[0]] = array(
161 'id' => $row[0],
162 // 'section_id' => $section_id,
163 'section_name' => $row[1],
164 'allow' => (bool)$row[2],
165 'enabled' => (bool)$row[3],
166 'return_value' => $row[4],
167 'note' => $row[5],
168 'updated_date' => $row[6],
170 'aco' => array(),
171 'aro' => array(),
172 'aro_groups' => array(),
173 'axo' => array(),
174 'axo_groups' => array()
179 // grab ACO, ARO and AXOs
180 foreach ( array('aco', 'aro', 'axo') as $type ) {
181 $query = '
182 SELECT a.acl_id,o.name,s.name
183 FROM '. $gacl_api->_db_table_prefix . $type .'_map a
184 INNER JOIN '. $gacl_api->_db_table_prefix . $type .' o ON (o.section_value=a.section_value AND o.value=a.value)
185 INNER JOIN '. $gacl_api->_db_table_prefix . $type . '_sections s ON s.value=a.section_value
186 WHERE a.acl_id IN ('. $acl_ids_sql . ')';
187 $rs = $db->Execute($query);
189 if ( is_object($rs) ) {
190 while ( $row = $rs->FetchRow() ) {
191 list($acl_id, $name, $section_name) = $row;
193 if ( isset($acls[$acl_id]) ) {
194 $acls[$acl_id][$type][$section_name][] = $name;
200 // grab ARO and AXO groups
201 foreach ( array('aro', 'axo') as $type )
203 $query = '
204 SELECT a.acl_id,g.name
205 FROM '. $gacl_api->_db_table_prefix . $type .'_groups_map a
206 INNER JOIN '. $gacl_api->_db_table_prefix . $type .'_groups g ON g.id=a.group_id
207 WHERE a.acl_id IN ('. $acl_ids_sql . ')';
208 $rs = $db->Execute($query);
210 if ( is_object($rs) ) {
211 while ( $row = $rs->FetchRow () ) {
212 list($acl_id, $name) = $row;
214 if ( isset($acls[$acl_id]) ) {
215 $acls[$acl_id][$type .'_groups'][] = $name;
222 $smarty->assign('acls', $acls);
224 $smarty->assign('filter_aco', $_GET['filter_aco']);
226 $smarty->assign('filter_aro', $_GET['filter_aro']);
227 $smarty->assign('filter_aro_group', $_GET['filter_aro_group']);
229 $smarty->assign('filter_axo', $_GET['filter_axo']);
230 $smarty->assign('filter_axo_group', $_GET['filter_axo_group']);
232 $smarty->assign('filter_return_value', $_GET['filter_return_value']);
234 foreach(array('aco','aro','axo','acl') as $type) {
236 //Grab all sections for select box
238 $options = array (
239 -1 => 'Any'
242 $query = '
243 SELECT value,name
244 FROM '. $gacl_api->_db_table_prefix .$type .'_sections
245 WHERE hidden=0
246 ORDER BY order_value,name';
247 $rs = $db->Execute($query);
249 if ( is_object($rs) ) {
250 while ($row = $rs->FetchRow()) {
251 $options[$row[0]] = $row[1];
255 $smarty->assign('options_filter_'. $type . '_sections', $options);
257 if (!isset($_GET['filter_' . $type . '_section']) OR $_GET['filter_' . $type . '_section'] == '') {
258 $_GET['filter_' . $type . '_section'] = '-1';
261 $smarty->assign('filter_' . $type . '_section', $_GET['filter_' . $type .'_section']);
264 $smarty->assign('options_filter_allow', array('-1' => 'Any', 1 => 'Allow', 0 => 'Deny'));
265 $smarty->assign('options_filter_enabled', array('-1' => 'Any', 1 => 'Yes', 0 => 'No'));
267 if (!isset($_GET['filter_allow']) OR $_GET['filter_allow'] == '') {
268 $_GET['filter_allow'] = '-1';
270 if (!isset($_GET['filter_enabled']) OR $_GET['filter_enabled'] == '') {
271 $_GET['filter_enabled'] = '-1';
274 $smarty->assign('filter_allow', $_GET['filter_allow']);
275 $smarty->assign('filter_enabled', $_GET['filter_enabled']);
278 $smarty->assign('action', $_GET['action']);
279 $smarty->assign('return_page', $_SERVER['PHP_SELF']);
281 $smarty->assign('current','acl_list');
282 $smarty->assign('page_title', 'ACL List');
284 $smarty->assign('phpgacl_version', $gacl_api->get_version());
285 $smarty->assign('phpgacl_schema_version', $gacl_api->get_schema_version());
287 $smarty->display('phpgacl/acl_list.tpl');