From 871ae5198d8ca18fd17257ae7c5c906a52dca908 Mon Sep 17 00:00:00 2001 From: Brady Miller Date: Tue, 3 May 2022 22:09:56 -0700 Subject: [PATCH] bug fixes b1 (#5280) --- controllers/C_Document.class.php | 9 ++++++++ controllers/C_PracticeSettings.class.php | 8 +++++++ interface/billing/edit_payment.php | 7 +++++++ interface/billing/era_payments.php | 7 +++++++ .../billing/indigent_patients_report.php | 7 +++++++ interface/billing/new_payment.php | 7 +++++++ interface/billing/search_payments.php | 7 +++++++ interface/billing/sl_eob_search.php | 7 +++++++ interface/billing/sl_receipts_report.php | 16 +++++++++----- interface/main/display_documents.php | 7 +++++++ interface/orders/orders_results.php | 9 +++++--- interface/orders/pending_orders.php | 10 +++++---- interface/orders/procedure_stats.php | 8 +++---- interface/orders/types.php | 11 ++++++++++ interface/patient_file/ccr_import.php | 7 +++++++ .../patient_file/ccr_pending_approval.php | 7 +++++++ .../patient_file/encounter/load_form.php | 13 ++++++++++++ interface/patient_file/front_payment.php | 18 ++++++++++++++++ .../patient_file/pos_checkout_normal.php | 6 ++++++ .../patient_file/summary/demographics.php | 2 +- interface/patient_file/summary/labdata.php | 7 +++++++ .../transaction/record_request.php | 7 +++++++ interface/reports/amc_tracking.php | 7 +++++++ interface/reports/appt_encounter_report.php | 12 ++++++----- interface/reports/clinical_reports.php | 7 +++++++ interface/reports/custom_report_range.php | 7 +++++++ interface/reports/daily_summary_report.php | 7 +++++++ interface/reports/encounters_report.php | 7 +++++++ interface/reports/front_receipts_report.php | 7 +++++++ interface/reports/immunization_report.php | 7 +++++++ .../reports/insurance_allocation_report.php | 7 +++++++ interface/reports/non_reported.php | 7 +++++++ interface/reports/patient_list_creation.php | 21 ++++++++++++------- interface/reports/prescriptions_report.php | 7 +++++++ .../reports/receipts_by_method_report.php | 10 +++++---- interface/reports/referrals_report.php | 7 +++++++ interface/reports/report_results.php | 7 +++++++ interface/reports/sales_by_item.php | 15 +++++++++---- .../reports/svc_code_financial_report.php | 11 +++++----- interface/super/rules/include/header.php | 11 ++++++++-- interface/usergroup/addrbook_list.php | 6 ++++++ interface/usergroup/facilities.php | 7 +++++++ library/dicom_frame.php | 9 +++++++- src/Common/Acl/AclMain.php | 7 ++----- templates/core/unauthorized-partial.html.twig | 7 +++++++ templates/core/unauthorized.html.twig | 18 ++++++++++------ 46 files changed, 349 insertions(+), 56 deletions(-) create mode 100644 templates/core/unauthorized-partial.html.twig diff --git a/controllers/C_Document.class.php b/controllers/C_Document.class.php index e28a0248441..75325fab92a 100644 --- a/controllers/C_Document.class.php +++ b/controllers/C_Document.class.php @@ -16,6 +16,7 @@ use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Crypto\CryptoGen; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Services\FacilityService; use OpenEMR\Services\PatientService; @@ -1063,9 +1064,17 @@ public function list_action($patient_id = "") $cur_pid = isset($_GET['patient_id']) ? filter_input(INPUT_GET, 'patient_id') : ''; $used_msg = xl('Current patient unavailable here. Use Patient Documents'); if ($cur_pid == '00') { + if (!AclMain::aclCheckCore('patients', 'docs', '', ['write', 'addonly'])) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Documents")]); + exit; + } $cur_pid = '0'; $is_new = 1; } + if (!AclMain::aclCheckCore('patients', 'docs')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Documents")]); + exit; + } $this->assign('is_new', $is_new); $this->assign('place_hld', $place_hld); $this->assign('cur_pid', $cur_pid); diff --git a/controllers/C_PracticeSettings.class.php b/controllers/C_PracticeSettings.class.php index 4044319ec20..820f22b141a 100644 --- a/controllers/C_PracticeSettings.class.php +++ b/controllers/C_PracticeSettings.class.php @@ -1,5 +1,8 @@ assign("TOP_ACTION", $GLOBALS['webroot'] . "/controller.php?" . "practice_settings" . "&"); $this->assign("STYLE", $GLOBALS['style']); $this->direction = ($GLOBALS['_SESSION']['language_direction'] == 'rtl') ? 'right' : 'left'; + + if (!AclMain::aclCheckCore('admin', 'practice')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Practice Settings")]); + exit; + } } function default_action($display = "") diff --git a/interface/billing/edit_payment.php b/interface/billing/edit_payment.php index de74059e83f..ac41075cde4 100644 --- a/interface/billing/edit_payment.php +++ b/interface/billing/edit_payment.php @@ -27,8 +27,15 @@ require_once("$srcdir/options.inc.php"); require_once("$srcdir/payment.inc.php"); +use OpenEMR\Common\Acl\AclMain; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Confirm Payment")]); + exit; +} + $screen = 'edit_payment'; // Deletion of payment distribution code diff --git a/interface/billing/era_payments.php b/interface/billing/era_payments.php index 139e534c580..a425cba6830 100644 --- a/interface/billing/era_payments.php +++ b/interface/billing/era_payments.php @@ -23,10 +23,17 @@ use OpenEMR\Billing\ParseERA; use OpenEMR\Billing\SLEOB; +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; use OpenEMR\OeUI\OemrUI; +if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("ERA Posting")]); + exit; +} + $hidden_type_code = isset($_POST['hidden_type_code']) ? $_POST['hidden_type_code'] : ''; $check_date = isset($_POST['check_date']) ? $_POST['check_date'] : ''; $post_to_date = isset($_POST['post_to_date']) ? $_POST['post_to_date'] : ''; diff --git a/interface/billing/indigent_patients_report.php b/interface/billing/indigent_patients_report.php index 895a3fa35a2..2aad41d3e1f 100644 --- a/interface/billing/indigent_patients_report.php +++ b/interface/billing/indigent_patients_report.php @@ -17,9 +17,16 @@ require_once("../globals.php"); require_once("$srcdir/patient.inc"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('acct', 'rep_a')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Indigent Patients Report")]); + exit; +} + $alertmsg = ''; function bucks($amount) diff --git a/interface/billing/new_payment.php b/interface/billing/new_payment.php index 5cb0057f7e8..d4c0bf7f86e 100644 --- a/interface/billing/new_payment.php +++ b/interface/billing/new_payment.php @@ -25,9 +25,16 @@ require_once("$srcdir/payment.inc.php"); use OpenEMR\Billing\ParseERA; +use OpenEMR\Common\Acl\AclMain; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; use OpenEMR\OeUI\OemrUI; +if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("New Payment")]); + exit; +} + //=============================================================================== $screen = 'new_payment'; //=============================================================================== diff --git a/interface/billing/search_payments.php b/interface/billing/search_payments.php index 1b8ede6d909..36d4bca145e 100644 --- a/interface/billing/search_payments.php +++ b/interface/billing/search_payments.php @@ -23,9 +23,16 @@ require_once("$srcdir/options.inc.php"); require_once("$srcdir/payment.inc.php"); +use OpenEMR\Common\Acl\AclMain; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; use OpenEMR\OeUI\OemrUI; +if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Search Payment")]); + exit; +} + //=============================================================================== //Deletion of payment and its corresponding distributions. //=============================================================================== diff --git a/interface/billing/sl_eob_search.php b/interface/billing/sl_eob_search.php index 5e5e8749be8..1ebb43a101a 100644 --- a/interface/billing/sl_eob_search.php +++ b/interface/billing/sl_eob_search.php @@ -36,10 +36,17 @@ use OpenEMR\Billing\InvoiceSummary; use OpenEMR\Billing\ParseERA; use OpenEMR\Billing\SLEOB; +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; use OpenEMR\OeUI\OemrUI; +if (!AclMain::aclCheckCore('acct', 'eob', '', 'write')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("EOB Posting - Search")]); + exit; +} + $DEBUG = 0; // set to 0 for production, 1 to test $alertmsg = ''; $where = ''; diff --git a/interface/billing/sl_receipts_report.php b/interface/billing/sl_receipts_report.php index 8cce984f7d0..10a8a4d03af 100644 --- a/interface/billing/sl_receipts_report.php +++ b/interface/billing/sl_receipts_report.php @@ -36,8 +36,14 @@ use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('acct', 'rep') && !AclMain::aclCheckCore('acct', 'rep_a')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Cash Receipts by Provider")]); + exit; +} + function is_clinic($code) { global $bcodes; @@ -60,11 +66,6 @@ function bucks($amount) } } -if (! AclMain::aclCheckCore('acct', 'rep')) { - die(xlt("Unauthorized access.")); -} - - $form_use_edate = $_POST['form_use_edate'] ?? null; $form_proc_codefull = trim($_POST['form_proc_codefull'] ?? ''); @@ -373,6 +374,11 @@ function sel_diagnosis() { getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Lab Documents")]); + exit; +} + $curdate = date_create(date("Y-m-d")); date_sub($curdate, date_interval_create_from_date_string("7 days")); $sub_date = date_format($curdate, 'Y-m-d'); diff --git a/interface/orders/orders_results.php b/interface/orders/orders_results.php index 70b20fa10ac..06fb90c4488 100644 --- a/interface/orders/orders_results.php +++ b/interface/orders/orders_results.php @@ -17,6 +17,7 @@ require_once("$srcdir/lab.inc"); use OpenEMR\Common\Acl\AclMain; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; // Indicates if we are entering in batch mode. @@ -26,15 +27,17 @@ $form_review = empty($_GET['review']) ? 0 : 1; // Check authorization. -$thisauth = AclMain::aclCheckCore('patients', 'med'); +$thisauth = AclMain::aclCheckCore('patients', 'lab'); if (!$thisauth) { - die(xlt('Not authorized')); + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Procedure Results")]); + exit; } // Check authorization for pending review. $reviewauth = AclMain::aclCheckCore('patients', 'sign'); if ($form_review and !$reviewauth and !$thisauth) { - die(xlt('Not authorized')); + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Procedure Results")]); + exit; } // Set pid for pending review. diff --git a/interface/orders/pending_orders.php b/interface/orders/pending_orders.php index 6ce8aa18487..b07b69b7e6e 100644 --- a/interface/orders/pending_orders.php +++ b/interface/orders/pending_orders.php @@ -18,8 +18,14 @@ use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'lab')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Pending Orders")]); + exit; +} + function thisLineItem($row) { $provname = $row['provider_lname']; @@ -53,10 +59,6 @@ function thisLineItem($row) } // End not csv export } -if (!AclMain::aclCheckCore('acct', 'rep')) { - die(xlt("Unauthorized access.")); -} - $form_from_date = isset($_POST['form_from_date']) ? DateToYYYYMMDD($_POST['form_from_date']) : date('Y-m-d'); $form_to_date = isset($_POST['form_to_date']) ? DateToYYYYMMDD($_POST['form_to_date']) : date('Y-m-d'); $form_facility = $_POST['form_facility'] ?? null; diff --git a/interface/orders/procedure_stats.php b/interface/orders/procedure_stats.php index af51f370887..fec85aadbe4 100644 --- a/interface/orders/procedure_stats.php +++ b/interface/orders/procedure_stats.php @@ -22,12 +22,12 @@ use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; -// Might want something different here. -// -if (! AclMain::aclCheckCore('acct', 'rep')) { - die(xlt("Unauthorized access.")); +if (!AclMain::aclCheckCore('patients', 'lab')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Procedure Statistics Report")]); + exit; } $from_date = isset($_POST['form_from_date']) ? DateToYYYYMMDD($_POST['form_from_date']) : '0000-00-00'; diff --git a/interface/orders/types.php b/interface/orders/types.php index 0462829c388..c9bdf054c2e 100644 --- a/interface/orders/types.php +++ b/interface/orders/types.php @@ -15,6 +15,8 @@ require_once("../globals.php"); +use OpenEMR\Common\Acl\AclMain; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; // This script can be run either inside the OpenEMR frameset for order catalog @@ -26,6 +28,15 @@ $order = isset($_GET['order']) ? $_GET['order'] + 0 : 0; $labid = isset($_GET['labid']) ? $_GET['labid'] + 0 : 0; +if (!$popup && !AclMain::aclCheckCore('admin', 'super')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Configure Orders and Results")]); + exit; +} +if ($popup && !AclMain::aclCheckCore('patients', 'lab') && !AclMain::aclCheckCore('admin', 'super')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Configure Orders and Results")]); + exit; +} + // If Save was clicked, set the result, close the window and exit. // if ($popup && $_POST['form_save']) { diff --git a/interface/patient_file/ccr_import.php b/interface/patient_file/ccr_import.php index e05424f97b9..d3b877e857e 100644 --- a/interface/patient_file/ccr_import.php +++ b/interface/patient_file/ccr_import.php @@ -17,8 +17,15 @@ require_once(dirname(__FILE__) . "../../globals.php"); +use OpenEMR\Common\Acl\AclMain; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'med', '', 'write')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Import")]); + exit; +} + ?> diff --git a/interface/patient_file/ccr_pending_approval.php b/interface/patient_file/ccr_pending_approval.php index 11f746095b1..0829d86b964 100644 --- a/interface/patient_file/ccr_pending_approval.php +++ b/interface/patient_file/ccr_pending_approval.php @@ -18,9 +18,16 @@ require_once(dirname(__FILE__) . "/../../library/patient.inc"); require_once(dirname(__FILE__) . "/../../library/parse_patient_xml.php"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'med', '', 'write')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("CCR Approve")]); + exit; +} + if (isset($_GET['approve']) && $_GET['approve'] == 1) { if (!CsrfUtils::verifyCsrfToken($_GET["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/patient_file/encounter/load_form.php b/interface/patient_file/encounter/load_form.php index 8525df54e00..16dfa02d8f7 100644 --- a/interface/patient_file/encounter/load_form.php +++ b/interface/patient_file/encounter/load_form.php @@ -13,6 +13,11 @@ */ require_once("../../globals.php"); +require_once("../../../library/registry.inc"); + +use OpenEMR\Common\Acl\AclMain; +use OpenEMR\Common\Twig\TwigContainer; + if (substr($_GET["formname"], 0, 3) === 'LBF') { // Use the List Based Forms engine for all LBFxxxxx forms. include_once("$incdir/forms/LBF/new.php"); @@ -25,6 +30,14 @@ // ensure the path variable has no illegal characters check_file_dir_name($_GET["formname"]); + // ensure authorized to see the form + if (!AclMain::aclCheckForm($_GET["formname"])) { + $formLabel = xl_form_title(getRegistryEntryByDirectory($_GET["formname"], 'name')['name'] ?? ''); + $formLabel = (!empty($formLabel)) ? $formLabel : $_GET["formname"]; + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => $formLabel]); + exit; + } + include_once("$incdir/forms/" . $_GET["formname"] . "/new.php"); } diff --git a/interface/patient_file/front_payment.php b/interface/patient_file/front_payment.php index 4a5b6ed0952..077dd563ff8 100644 --- a/interface/patient_file/front_payment.php +++ b/interface/patient_file/front_payment.php @@ -23,11 +23,29 @@ use OpenEMR\Billing\BillingUtilities; use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; use OpenEMR\OeUI\OemrUI; use OpenEMR\PaymentProcessing\Sphere\SpherePayment; use OpenEMR\Services\FacilityService; +if (!empty($_REQUEST['receipt']) && empty($_POST['form_save'])) { + if (!AclMain::aclCheckCore('acct', 'bill') && !AclMain::aclCheckCore('acct', 'rep_a') && !AclMain::aclCheckCore('patients', 'rx')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Receipt for Payment")]); + exit; + } +} else { + if (!AclMain::aclCheckCore('acct', 'bill', '', 'write')) { + if (!empty($_POST['form_save'])) { + $pageTitle = xl("Receipt for Payment"); + } else { + $pageTitle = xl("Record Payment"); + } + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => $pageTitle]); + exit; + } +} + $pid = (!empty($_REQUEST['hidden_patient_code']) && ($_REQUEST['hidden_patient_code'] > 0)) ? $_REQUEST['hidden_patient_code'] : $pid; $facilityService = new FacilityService(); diff --git a/interface/patient_file/pos_checkout_normal.php b/interface/patient_file/pos_checkout_normal.php index 481044547b6..930a9352742 100644 --- a/interface/patient_file/pos_checkout_normal.php +++ b/interface/patient_file/pos_checkout_normal.php @@ -55,10 +55,16 @@ use OpenEMR\Billing\BillingUtilities; use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; use OpenEMR\OeUI\OemrUI; use OpenEMR\Services\FacilityService; +if (!AclMain::aclCheckCore('acct', 'bill', '', 'write')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Patient Checkout")]); + exit; +} + $facilityService = new FacilityService(); $currdecimals = $GLOBALS['currency_decimals']; diff --git a/interface/patient_file/summary/demographics.php b/interface/patient_file/summary/demographics.php index 64018f5bd25..8e947172d4f 100644 --- a/interface/patient_file/summary/demographics.php +++ b/interface/patient_file/summary/demographics.php @@ -908,7 +908,7 @@ function setMyPatient() { $thisauth = AclMain::aclCheckCore('patients', 'demo'); if (!$thisauth || !$viewEvent->authorized()) { - echo $twig->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Medical Dashboard")]); + echo $twig->getTwig()->render('core/unauthorized-partial.html.twig', ['pageTitle' => xl("Medical Dashboard")]); exit(); } ?> diff --git a/interface/patient_file/summary/labdata.php b/interface/patient_file/summary/labdata.php index ff7c8a69f9c..184be5aa81d 100644 --- a/interface/patient_file/summary/labdata.php +++ b/interface/patient_file/summary/labdata.php @@ -37,9 +37,16 @@ require_once("../../../library/options.inc.php"); require_once($GLOBALS["srcdir"] . "/api.inc"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'lab')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Labs")]); + exit; +} + // Set the path to this script $path_to_this_script = $rootdir . "/patient_file/summary/labdata.php"; diff --git a/interface/patient_file/transaction/record_request.php b/interface/patient_file/transaction/record_request.php index 8f52d4da60b..4fac4666310 100644 --- a/interface/patient_file/transaction/record_request.php +++ b/interface/patient_file/transaction/record_request.php @@ -12,9 +12,16 @@ require_once("../../globals.php"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'med')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Patient Records Request")]); + exit; +} + ?> diff --git a/interface/reports/amc_tracking.php b/interface/reports/amc_tracking.php index cc8f6bc7ede..02e6c9393b0 100644 --- a/interface/reports/amc_tracking.php +++ b/interface/reports/amc_tracking.php @@ -15,9 +15,16 @@ require_once "$srcdir/options.inc.php"; require_once "$srcdir/amc.php"; +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'med')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Automated Measure Calculations (AMC) Tracking")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/appt_encounter_report.php b/interface/reports/appt_encounter_report.php index 05fd5997cc1..bb86b8ca497 100644 --- a/interface/reports/appt_encounter_report.php +++ b/interface/reports/appt_encounter_report.php @@ -33,10 +33,16 @@ require_once("../../custom/code_types.inc.php"); use OpenEMR\Billing\BillingUtilities; +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; use OpenEMR\Services\FacilityService; -use OpenEMR\Common\Acl\AclMain; + +if (!AclMain::aclCheckCore('acct', 'rep_a')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Appointments and Encounters")]); + exit; +} if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { @@ -44,10 +50,6 @@ } } -if (!AclMain::aclCheckCore('patients', 'appt') || !AclMain::aclCheckCore('acct', 'rep_a')) { - die(xlt("Unauthorized access.")); -} - $facilityService = new FacilityService(); $errmsg = ""; diff --git a/interface/reports/clinical_reports.php b/interface/reports/clinical_reports.php index 75f8be12a3e..efcc4313291 100644 --- a/interface/reports/clinical_reports.php +++ b/interface/reports/clinical_reports.php @@ -17,9 +17,16 @@ require_once("../drugs/drugs.inc.php"); require_once("../../custom/code_types.inc.php"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'med')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Clinical Reports")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/custom_report_range.php b/interface/reports/custom_report_range.php index 276f7164eeb..d9f25d9ed81 100644 --- a/interface/reports/custom_report_range.php +++ b/interface/reports/custom_report_range.php @@ -15,11 +15,18 @@ require_once("$srcdir/patient.inc"); require_once("$srcdir/report.inc"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Billing\BillingUtilities; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; use OpenEMR\Services\FacilityService; +if (!AclMain::aclCheckCore('encounters', 'coding_a')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Superbill")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/daily_summary_report.php b/interface/reports/daily_summary_report.php index eddb35c8e32..20ab055e7fb 100644 --- a/interface/reports/daily_summary_report.php +++ b/interface/reports/daily_summary_report.php @@ -19,10 +19,17 @@ require_once "$srcdir/options.inc.php"; require_once "$srcdir/appointments.inc.php"; +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; use OpenEMR\Services\FacilityService; +if (!AclMain::aclCheckCore('acct', 'rep_a')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Daily Summary Report")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/encounters_report.php b/interface/reports/encounters_report.php index d190122a400..0dbdde16533 100644 --- a/interface/reports/encounters_report.php +++ b/interface/reports/encounters_report.php @@ -22,10 +22,17 @@ require_once("$srcdir/patient.inc"); require_once "$srcdir/options.inc.php"; +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Billing\BillingUtilities; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('encounters', 'coding_a')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Encounters Report")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/front_receipts_report.php b/interface/reports/front_receipts_report.php index d2dacbdfd2a..874e4987b92 100755 --- a/interface/reports/front_receipts_report.php +++ b/interface/reports/front_receipts_report.php @@ -16,9 +16,16 @@ require_once("$srcdir/patient.inc"); require_once "$srcdir/options.inc.php"; +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('acct', 'rep_a')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Front Office Receipts")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/immunization_report.php b/interface/reports/immunization_report.php index 4a291956d7d..b07cc253c50 100644 --- a/interface/reports/immunization_report.php +++ b/interface/reports/immunization_report.php @@ -14,9 +14,16 @@ require_once("../globals.php"); require_once("$srcdir/patient.inc"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'med')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Immunization Registry")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/insurance_allocation_report.php b/interface/reports/insurance_allocation_report.php index c648e756d5e..575d23f6b34 100644 --- a/interface/reports/insurance_allocation_report.php +++ b/interface/reports/insurance_allocation_report.php @@ -15,9 +15,16 @@ require_once("../globals.php"); require_once("../../library/patient.inc"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('acct', 'rep_a')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Patient Insurance Distribution")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/non_reported.php b/interface/reports/non_reported.php index f749c8162d6..0d209cd4dde 100644 --- a/interface/reports/non_reported.php +++ b/interface/reports/non_reported.php @@ -22,9 +22,16 @@ require_once("$srcdir/patient.inc"); require_once("../../custom/code_types.inc.php"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'med')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Syndromic Surveillance - Non Reported Issues")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/patient_list_creation.php b/interface/reports/patient_list_creation.php index 5e09a64ce22..f7ab3fc8a6f 100644 --- a/interface/reports/patient_list_creation.php +++ b/interface/reports/patient_list_creation.php @@ -19,9 +19,16 @@ require_once("../drugs/drugs.inc.php"); require_once("$srcdir/payment_jav.inc.php"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'med')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Patient List Creation")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); @@ -198,18 +205,18 @@ function srch_option_change(elem) { $('#sortby').val(''); $('#sortorder').val(''); - if(elem.value == 'Communication') { + if(elem.value == 'Communication') { $('#communication').val(''); $('#com_pref').show(); - } else { + } else { $('#communication').val(''); $('#com_pref').hide(); } - - if(elem.value == 'Insurance Companies') { + + if(elem.value == 'Insurance Companies') { $('#insurance_companies').val(''); $('#ins_co').show(); - } else { + } else { $('#insurance_companies').val(''); $('#ins_co').hide(); } @@ -268,10 +275,10 @@ function srch_option_change(elem) { : - diff --git a/interface/reports/prescriptions_report.php b/interface/reports/prescriptions_report.php index edd8d8ba078..02d042fd9f6 100644 --- a/interface/reports/prescriptions_report.php +++ b/interface/reports/prescriptions_report.php @@ -18,9 +18,16 @@ require_once("$srcdir/options.inc.php"); require_once("../drugs/drugs.inc.php"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'rx')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Prescriptions and Dispensations")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/receipts_by_method_report.php b/interface/reports/receipts_by_method_report.php index 42bfa66c6a0..c119635f8d7 100644 --- a/interface/reports/receipts_by_method_report.php +++ b/interface/reports/receipts_by_method_report.php @@ -28,10 +28,16 @@ use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; use OpenEMR\Services\InsuranceCompanyService; use OpenEMR\Services\InsuranceService; +if (!AclMain::aclCheckCore('acct', 'rep_a')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Receipts Summary")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); @@ -228,10 +234,6 @@ function payerCmp($a, $b) return 0; } -if (! AclMain::aclCheckCore('acct', 'rep')) { - die(xlt("Unauthorized access.")); -} - $form_from_date = (isset($_POST['form_from_date'])) ? DateToYYYYMMDD($_POST['form_from_date']) : date('Y-m-d'); $form_to_date = (isset($_POST['form_to_date'])) ? DateToYYYYMMDD($_POST['form_to_date']) : date('Y-m-d'); $form_use_edate = $_POST['form_use_edate'] ?? null; diff --git a/interface/reports/referrals_report.php b/interface/reports/referrals_report.php index 6f63d4d2d09..87b5642948f 100644 --- a/interface/reports/referrals_report.php +++ b/interface/reports/referrals_report.php @@ -18,9 +18,16 @@ require_once("$srcdir/patient.inc"); require_once "$srcdir/options.inc.php"; +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'med')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Referrals")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/report_results.php b/interface/reports/report_results.php index e844e493e68..7ff19e46150 100644 --- a/interface/reports/report_results.php +++ b/interface/reports/report_results.php @@ -18,9 +18,16 @@ require_once "$srcdir/report_database.inc"; use OpenEMR\ClinicialDecisionRules\AMC\CertificationReportTypes; +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('patients', 'med')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Report Results/History")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/reports/sales_by_item.php b/interface/reports/sales_by_item.php index 3e30aa5fd0b..5b4460b3934 100644 --- a/interface/reports/sales_by_item.php +++ b/interface/reports/sales_by_item.php @@ -20,8 +20,14 @@ use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('acct', 'rep') && !AclMain::aclCheckCore('acct', 'rep_a')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Sales by Item")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); @@ -29,6 +35,11 @@ } $form_provider = $_POST['form_provider'] ?? null; +if (!AclMain::aclCheckCore('acct', 'rep_a')) { + // only allow user to see their encounter information + $form_provider = $_SESSION['authUserID']; +} + if (!empty($_POST['form_refresh']) || !empty($_POST['form_csvexport'])) { $form_details = (!empty($_POST['form_details'])) ? true : false; } else { @@ -248,10 +259,6 @@ function thisLineItem($patient_id, $encounter_id, $rowcat, $description, $transd $grandqty += $qty; } // end function -if (! AclMain::aclCheckCore('acct', 'rep')) { - die(xlt("Unauthorized access.")); -} - $form_from_date = (isset($_POST['form_from_date'])) ? DateToYYYYMMDD($_POST['form_from_date']) : date('Y-m-d'); $form_to_date = (isset($_POST['form_to_date'])) ? DateToYYYYMMDD($_POST['form_to_date']) : date('Y-m-d'); $form_facility = $_POST['form_facility'] ?? null; diff --git a/interface/reports/svc_code_financial_report.php b/interface/reports/svc_code_financial_report.php index a85e5fc3fd9..c46ae73b092 100644 --- a/interface/reports/svc_code_financial_report.php +++ b/interface/reports/svc_code_financial_report.php @@ -26,8 +26,14 @@ use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('acct', 'rep_a')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Financial Summary by Service Code")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); @@ -40,11 +46,6 @@ $grand_total_amt_adjustment = 0; $grand_total_amt_balance = 0; - -if (!AclMain::aclCheckCore('acct', 'rep')) { - die(xlt("Unauthorized access.")); -} - $form_from_date = (isset($_POST['form_from_date'])) ? DateToYYYYMMDD($_POST['form_from_date']) : date('Y-m-d'); $form_to_date = (isset($_POST['form_to_date'])) ? DateToYYYYMMDD($_POST['form_to_date']) : date('Y-m-d'); $form_facility = $_POST['form_facility'] ?? null; diff --git a/interface/super/rules/include/header.php b/interface/super/rules/include/header.php index f798e44c374..3ad1bbb78c1 100644 --- a/interface/super/rules/include/header.php +++ b/interface/super/rules/include/header.php @@ -8,11 +8,18 @@ // of the License, or (at your option) any later version. -require("../../globals.php"); - +require_once("../../globals.php"); require_once("ui.php"); require_once("common.php"); +use OpenEMR\Common\Acl\AclMain; +use OpenEMR\Common\Twig\TwigContainer; + +if (!AclMain::aclCheckCore('admin', 'super')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Rules")]); + exit; +} + // recursively require all .php files in the base library folder foreach (glob(base_dir() . "base/library/*.php") as $filename) { require_once($filename); diff --git a/interface/usergroup/addrbook_list.php b/interface/usergroup/addrbook_list.php index 5a879a57df9..e4ce28e5a94 100644 --- a/interface/usergroup/addrbook_list.php +++ b/interface/usergroup/addrbook_list.php @@ -20,8 +20,14 @@ use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; +if (!AclMain::aclCheckCore('admin', 'practice')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Address Book")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/interface/usergroup/facilities.php b/interface/usergroup/facilities.php index f50246ff700..1399eb69b9a 100644 --- a/interface/usergroup/facilities.php +++ b/interface/usergroup/facilities.php @@ -16,10 +16,17 @@ require_once("../globals.php"); +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; use OpenEMR\Core\Header; use OpenEMR\Services\FacilityService; +if (!AclMain::aclCheckCore('admin', 'users')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Facilities")]); + exit; +} + if (!empty($_POST)) { if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) { CsrfUtils::csrfNotVerified(); diff --git a/library/dicom_frame.php b/library/dicom_frame.php index 0bc9eb20f65..39f178d9180 100644 --- a/library/dicom_frame.php +++ b/library/dicom_frame.php @@ -18,8 +18,15 @@ require_once('../interface/globals.php'); -use OpenEMR\Core\Header; +use OpenEMR\Common\Acl\AclMain; use OpenEMR\Common\Csrf\CsrfUtils; +use OpenEMR\Common\Twig\TwigContainer; +use OpenEMR\Core\Header; + +if (!AclMain::aclCheckCore('patients', 'docs')) { + echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Dicom Viewer")]); + exit; +} $web_path = $_REQUEST['web_path'] ?? null; if ($web_path) { diff --git a/src/Common/Acl/AclMain.php b/src/Common/Acl/AclMain.php index 3eeba7a6ab1..45759062cad 100644 --- a/src/Common/Acl/AclMain.php +++ b/src/Common/Acl/AclMain.php @@ -157,12 +157,9 @@ public static function clearGaclCache() * @param string $value Subcategory of ACO * @param string $user Optional user being checked for access. * @param string|array $return_value Type or types of access being requested. - * @return bool|array FALSE if access is denied, TRUE if allowed. An - * array() of bools is returned if $return_value is an - * array, representing results for each type of access - * requested. + * @return bool FALSE if access is denied, TRUE if allowed. */ - public static function aclCheckCore($section, $value, $user = '', $return_value = '') + public static function aclCheckCore($section, $value, $user = '', $return_value = ''): bool { if (! $user) { $user = $_SESSION['authUser']; diff --git a/templates/core/unauthorized-partial.html.twig b/templates/core/unauthorized-partial.html.twig new file mode 100644 index 00000000000..4e03c1825cb --- /dev/null +++ b/templates/core/unauthorized-partial.html.twig @@ -0,0 +1,7 @@ +
+

+ {{ pageTitle|text }} {{ "Not Authorized"|xlt }} +

+
+ + diff --git a/templates/core/unauthorized.html.twig b/templates/core/unauthorized.html.twig index 4e03c1825cb..92441498b25 100644 --- a/templates/core/unauthorized.html.twig +++ b/templates/core/unauthorized.html.twig @@ -1,7 +1,13 @@ -
-

- {{ pageTitle|text }} {{ "Not Authorized"|xlt }} -

-
- + + + {{ pageTitle|text }} + {{ setupHeader() }} + + +
+

+ {{ pageTitle|text }} {{ "Not Authorized"|xlt }} +

+
+