From 99a727cba3e62d8fdac4b15e3a21cdda6ef80933 Mon Sep 17 00:00:00 2001
From: Rod Roark <rod@sunsetsystems.com>
Date: Wed, 14 Mar 2012 08:16:58 -0700
Subject: [PATCH] Added time slot availability checking at appointment save
 time to avoid double booking errors.

---
 acl_setup.php                               |  4 +-
 acl_upgrade.php                             |  2 +-
 interface/main/calendar/add_edit_event.php  | 45 ++++++++++++-----
 interface/main/calendar/find_appt_popup.php | 78 ++++++++++++++++++++++++++---
 library/acl.inc                             |  3 +-
 5 files changed, 107 insertions(+), 25 deletions(-)

diff --git a/acl_setup.php b/acl_setup.php
index 1b7926787..bf8d16341 100644
--- a/acl_setup.php
+++ b/acl_setup.php
@@ -140,8 +140,8 @@
      
  // Create ACOs for patients.
  //
- $gacl->add_object('patients', 'Appointments (write optional)'            , 'appt' , 10, 0, 'ACO');
-     // xl('Appointments (write optional)')
+ $gacl->add_object('patients', 'Appointments (write,wsome optional)'      , 'appt' , 10, 0, 'ACO');
+     // xl('Appointments (write,wsome optional)')
  $gacl->add_object('patients', 'Demographics (write,addonly optional)'    , 'demo' , 10, 0, 'ACO');
      // xl('Demographics (write,addonly optional)')
  $gacl->add_object('patients', 'Medical/History (write,addonly optional)' , 'med'  , 10, 0, 'ACO');
diff --git a/acl_upgrade.php b/acl_upgrade.php
index 3f520a90e..4c96ab09c 100644
--- a/acl_upgrade.php
+++ b/acl_upgrade.php
@@ -219,7 +219,7 @@ updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'language', 'La
 //Insert the 'ethrace' object from the 'lists' section into the Emergency Login group write ACL (added in 3.3.0)
 updateAcl($emergency_write, 'Emergency Login', 'lists', 'Lists', 'ethrace', 'Ethnicity-Race List (write,addonly optional)', 'write');
 //Insert the 'appt' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
-updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'appt', 'Appointments (write optional)', 'write');
+updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'appt', 'Appointments (write,wsome optional)', 'write');
 //Insert the 'demo' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
 updateAcl($emergency_write, 'Emergency Login', 'patients', 'Patients', 'demo', 'Demographics (write,addonly optional)', 'write');
 //Insert the 'med' object from the 'patients' section into the Emergency Login group write ACL (added in 3.3.0)
diff --git a/interface/main/calendar/add_edit_event.php b/interface/main/calendar/add_edit_event.php
index c81eb9285..e5f24f0fa 100644
--- a/interface/main/calendar/add_edit_event.php
+++ b/interface/main/calendar/add_edit_event.php
@@ -23,13 +23,18 @@
  $fake_register_globals=false;
  $sanitize_all_escapes=true;
 
- include_once("../../globals.php");
- include_once("$srcdir/patient.inc");
- include_once("$srcdir/forms.inc");
- include_once("$srcdir/calendar.inc");
- include_once("$srcdir/formdata.inc.php");
- include_once("$srcdir/options.inc.php");
- include_once("$srcdir/encounter_events.inc.php");
+ require_once("../../globals.php");
+ require_once("$srcdir/patient.inc");
+ require_once("$srcdir/forms.inc");
+ require_once("$srcdir/calendar.inc");
+ require_once("$srcdir/formdata.inc.php");
+ require_once("$srcdir/options.inc.php");
+ require_once("$srcdir/encounter_events.inc.php");
+ require_once("$srcdir/acl.inc");
+
+ $my_permission = acl_check('patients', 'appt');
+ if ($my_permission !== 'write' && $my_permission !== 'wsome')
+   die(xl('Access not allowed'));
 
  // Things that might be passed by our opener.
  //
@@ -918,7 +923,7 @@ td { font-size:0.8em; }
  }
 
     // Invoke the find-available popup.
-    function find_available() {
+    function find_available(extra) {
         top.restoreSession();
         // (CHEMED) Conditional value selection, because there is no <select> element
         // when making an appointment for a specific provider
@@ -933,10 +938,15 @@ td { font-size:0.8em; }
         <?php }?>
         var c = document.forms[0].form_category;
 	var formDate = document.forms[0].form_date;
-        dlgopen('find_appt_popup.php?providerid=' + s +
+        dlgopen('<?php echo $GLOBALS['web_root']; ?>/interface/main/calendar/find_appt_popup.php' +
+                '?providerid=' + s +
                 '&catid=' + c.options[c.selectedIndex].value +
                 '&facility=' + f +
-                '&startdate=' + formDate.value, '_blank', 500, 400);
+                '&startdate=' + formDate.value +
+                '&evdur=' + document.forms[0].form_duration.value +
+                '&eid=<?php echo 0 + $eid; ?>' +
+                extra,
+                '_blank', 500, 400);
         //END (CHEMED) modifications
     }
 
@@ -1422,7 +1432,7 @@ if ($repeatexdate != "") {
 $(document).ready(function(){
     $("#form_save").click(function() { validate("save"); });
     $("#form_duplicate").click(function() { validate("duplicate"); });
-    $("#find_available").click(function() { find_available(); });
+    $("#find_available").click(function() { find_available(''); });
     $("#form_delete").click(function() { deleteEvent(); });
     $("#cancel").click(function() { window.close(); });
 
@@ -1498,9 +1508,18 @@ function deleteEvent() {
 }
 
 function SubmitForm() {
-    $('#theform').submit();
+  var f = document.forms[0];
+  if (f.form_action.value != 'delete') {
+    // Check slot availability.
+    var mins = parseInt(f.form_hour.value) * 60 + parseInt(f.form_minute.value);
+    if (f.form_ampm.value == '2' && mins < 720) mins += 720;
+    find_available('&cktime=' + mins);
+  }
+  else {
     top.restoreSession();
-    return true;
+    f.submit();
+  }
+  return true;
 }
 
 </script>
diff --git a/interface/main/calendar/find_appt_popup.php b/interface/main/calendar/find_appt_popup.php
index e68728def..b4c3b8417 100644
--- a/interface/main/calendar/find_appt_popup.php
+++ b/interface/main/calendar/find_appt_popup.php
@@ -1,5 +1,5 @@
 <?php
- // Copyright (C) 2005-2006 Rod Roark <rod@sunsetsystems.com>
+ // Copyright (C) 2005-2012 Rod Roark <rod@sunsetsystems.com>
  //
  // This program is free software; you can redistribute it and/or
  // modify it under the terms of the GNU General Public License
@@ -9,6 +9,14 @@
  include_once("../../globals.php");
  include_once("$srcdir/patient.inc");
 
+ $my_permission = acl_check('patients', 'appt');
+ if ($my_permission != 'write' && $my_permission != 'wsome')
+  die(xl('Access not allowed'));
+
+ // If the caller is updating an existing event, then get its ID so
+ // we don't count it as a reserved time slot.
+ $eid = empty($_REQUEST['eid']) ? 0 : 0 + $_REQUEST['eid'];
+
  $input_catid = $_REQUEST['catid'];
 
  // Record an event into the slots array for a specified day.
@@ -81,6 +89,14 @@
 
  $slotsperday = (int) (60 * 60 * 24 / $slotsecs);
 
+ // Compute the number of time slots for the given event duration, or if
+ // none is given then assume the default category duration.
+ $evslots = $catslots;
+ if (isset($_REQUEST['evdur'])) {
+  $evslots = 60 * $_REQUEST['evdur'];
+  $evslots = (int) (($evslots + $slotsecs - 1) / $slotsecs);
+ }
+
  // If we have a provider, search.
  //
  if ($_REQUEST['providerid']) {
@@ -99,6 +115,7 @@
    "pc_recurrtype, pc_recurrspec, pc_alldayevent, pc_catid, pc_prefcatid " .
    "FROM openemr_postcalendar_events " .
    "WHERE pc_aid = '$providerid' AND " .
+   "pc_eid != '$eid' AND " .
    "((pc_endDate >= '$sdate' AND pc_eventDate < '$edate') OR " .
    "(pc_endDate = '0000-00-00' AND pc_eventDate >= '$sdate' AND pc_eventDate < '$edate'))";
   // phyaura whimmel facility filtering
@@ -120,21 +137,28 @@
     $repeatfreq = $matches[1];
     if (! $repeatfreq) $repeatfreq = 1;
 
+    // This gets an array of exception dates for the event.
+    $exdates = array();
+    if (preg_match('/"exdate";s:\d+:"([0-9,]*)"/', $row['pc_recurrspec'], $matches)) {
+      $exdates = explode(",", $matches[1]);
+    }
+
     $endtime = strtotime($row['pc_endDate'] . " 00:00:00") + (24 * 60 * 60);
     if ($endtime > $slotetime) $endtime = $slotetime;
 
     $repeatix = 0;
     while ($thistime < $endtime) {
+     $adate = getdate($thistime);
+     $thisymd = sprintf('%04d%02d%02d', $adate['year'], $adate['mon'], $adate['mday']);
 
      // Skip the event if a repeat frequency > 1 was specified and this is
-     // not the desired occurrence.
-     if (! $repeatix) {
+     // not the desired occurrence, or if this date is in the exception array.
+     if (!$repeatix && !in_array($thisymd, $exdates)) {
       doOneDay($row['pc_catid'], $thistime, $row['pc_startTime'],
        $row['pc_duration'], $row['pc_prefcatid']);
      }
      if (++$repeatix >= $repeatfreq) $repeatix = 0;
 
-     $adate = getdate($thistime);
      if ($repeattype == 0)        { // daily
       $adate['mday'] += 1;
      } else if ($repeattype == 1) { // weekly
@@ -171,6 +195,34 @@
    if (! $inoffice) $slots[$i] |= 4;
   }
  }
+
+ // The cktime parameter is a number of minutes into the starting day of a
+ // tentative appointment that is to be checked.  If it is present then we are
+ // being asked to check if this indicated slot is available, and to submit
+ // the opener and go away quietly if it is.  If it's not then we have more
+ // work to do.
+ $ckavail = true;
+ if (isset($_REQUEST['cktime'])) {
+  $cktime = 0 + $_REQUEST['cktime'];
+  $ckindex = (int) ($cktime * 60 / $slotsecs);
+  for ($j = $ckindex; $j < $ckindex + $evslots; ++$j) {
+      if ($slots[$j] >= 4) $ckavail = false;
+  }
+  if ($ckavail) {
+    // The chosen appointment time is available.
+    echo "<html><script language='JavaScript'>\n";
+    echo "function mytimeout() {\n";
+    echo " opener.top.restoreSession();\n";
+    echo " opener.document.forms[0].submit();\n";
+    echo " window.close();\n";
+    echo "}\n";
+    echo "</script></head><body onload='setTimeout(\"mytimeout()\",250);'>" .
+      xlt('Time slot is open, saving event') . "...</body></html>";
+    exit();
+  }
+  // The appointment slot is not available.  A message will be displayed
+  // after this page is loaded.
+ }
 ?>
 <html>
 <head>
@@ -293,7 +345,7 @@ form {
     for ($i = 0; $i < $slotcount; ++$i) {
 
         $available = true;
-        for ($j = $i; $j < $i + $catslots; ++$j) {
+        for ($j = $i; $j < $i + $evslots; ++$j) {
             if ($slots[$j] >= 4) $available = false;
         }
         if (!$available) continue; // skip reserved slots
@@ -332,9 +384,9 @@ form {
         echo (strlen(date('g',$utime)) < 2 ? "<span style='visibility:hidden'>0</span>" : "") .
             $anchor . date("g:i", $utime) . "</a> ";
 
-        // If category duration is more than 1 slot, increment $i appropriately.
+        // If the duration is more than 1 slot, increment $i appropriately.
         // This is to avoid reporting available times on undesirable boundaries.
-        $i += $catslots - 1;
+        $i += $evslots - 1;
     }
     if ($lastdate) {
         echo "</td>\n";
@@ -365,6 +417,18 @@ $(document).ready(function(){
     //$(".event").dblclick(function() { EditEvent(this); });
 });
 
+<?php if (!$ckavail) { ?>
+<?php if ($my_permission == 'write') { ?>
+ if (confirm('<?php echo addslashes(xl('This appointment slot is already used, use it anyway?')); ?>')) {
+  opener.top.restoreSession();
+  opener.document.forms[0].submit();
+  window.close();
+ }
+<?php } else { ?>
+ alert('<?php echo addslashes(xl('This appointment slot is not available, please choose another.')); ?>');
+<?php } ?>
+<?php } ?>
+
 </script>
 
 </html>
diff --git a/library/acl.inc b/library/acl.inc
index baf5bd3a0..ecd0ad9ef 100644
--- a/library/acl.inc
+++ b/library/acl.inc
@@ -47,7 +47,7 @@
   //   rep_a       Financial Reporting - anything
   //
   // Section "patients" (Patient Information):
-  //   appt        Appointments (write optional)
+  //   appt        Appointments (write,wsome optional)
   //   demo        Demographics (write,addonly optional)
   //   med         Medical Records and History (write,addonly optional)
   //   trans       Transactions, e.g. referrals (write optional)
@@ -89,7 +89,6 @@
   // Section "patientportal" (Patient Portal):
   //   portal     Patient Portal
   
-
   if (isset ($phpgacl_location)) {
     include_once("$phpgacl_location/gacl.class.php");
     $gacl_object = new gacl();
-- 
2.11.4.GIT