From 3c5fbbc0656c7d42e387a53a1e16689bc0ffaf32 Mon Sep 17 00:00:00 2001
From: Brady Miller <brady.g.miller@gmail.com>
Date: Tue, 26 Apr 2022 18:42:58 -0700
Subject: [PATCH] bug fix a2

---
 interface/reports/cdr_log.php | 6 ++++++
 interface/reports/cqm.php     | 8 +++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/interface/reports/cdr_log.php b/interface/reports/cdr_log.php
index 3dede6242d0..1bc08ddc4e0 100644
--- a/interface/reports/cdr_log.php
+++ b/interface/reports/cdr_log.php
@@ -15,9 +15,15 @@
 require_once "$srcdir/options.inc.php";
 require_once "$srcdir/clinical_rules.php";
 
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\Common\Csrf\CsrfUtils;
 use OpenEMR\Core\Header;
 
+if (!AclMain::aclCheckCore('patients', 'med')) {
+    echo xlt('Not Authorized');
+    exit;
+}
+
 if (!empty($_POST)) {
     if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
         CsrfUtils::csrfNotVerified();
diff --git a/interface/reports/cqm.php b/interface/reports/cqm.php
index de64a2c47f7..ec4db1eae10 100644
--- a/interface/reports/cqm.php
+++ b/interface/reports/cqm.php
@@ -21,10 +21,16 @@
 require_once "$srcdir/clinical_rules.php";
 require_once "$srcdir/report_database.inc";
 
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\ClinicialDecisionRules\AMC\CertificationReportTypes;
 use OpenEMR\Common\Csrf\CsrfUtils;
-use OpenEMR\Services\PractitionerService;
 use OpenEMR\Common\Twig\TwigContainer;
+use OpenEMR\Services\PractitionerService;
+
+if (!AclMain::aclCheckCore('patients', 'med')) {
+    echo xlt('Not Authorized');
+    exit;
+}
 
 if (!empty($_POST)) {
     if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {