bug fix a2

interface/reports/cdr_log.php

@@ -15,9 +15,15 @@
 require_once "$srcdir/options.inc.php";
 require_once "$srcdir/clinical_rules.php";
 
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\Common\Csrf\CsrfUtils;
 use OpenEMR\Core\Header;
 
+if (!AclMain::aclCheckCore('patients', 'med')) {
+    echo xlt('Not Authorized');
+    exit;
+}
+
 if (!empty($_POST)) {
     if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
         CsrfUtils::csrfNotVerified();

interface/reports/cqm.php

@@ -21,10 +21,16 @@
 require_once "$srcdir/clinical_rules.php";
 require_once "$srcdir/report_database.inc";
 
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\ClinicialDecisionRules\AMC\CertificationReportTypes;
 use OpenEMR\Common\Csrf\CsrfUtils;
-use OpenEMR\Services\PractitionerService;
 use OpenEMR\Common\Twig\TwigContainer;
+use OpenEMR\Services\PractitionerService;
+
+if (!AclMain::aclCheckCore('patients', 'med')) {
+    echo xlt('Not Authorized');
+    exit;
+}
 
 if (!empty($_POST)) {
     if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {