bug fixes for access (#4660)

interface/main/onotes/office_comments.php

@@ -12,9 +12,16 @@
 
 require_once("../../globals.php");
 
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\Core\Header;
 use OpenEMR\Services\ONoteService;
 
+// Control access
+if (!AclMain::aclCheckCore('encounters', 'notes')) {
+    echo xlt('Not Authorized');
+    exit;
+}
+
 //display all of the notes for the day, as well as others that are active from previous dates, up to a certain number, $N
 $N = 10;
 

interface/main/onotes/office_comments_full.php

@@ -12,10 +12,17 @@
 
 require_once("../../globals.php");
 
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\Common\Csrf\CsrfUtils;
 use OpenEMR\Core\Header;
 use OpenEMR\Services\ONoteService;
 
+// Control access
+if (!AclMain::aclCheckCore('encounters', 'notes')) {
+    echo xlt('Not Authorized');
+    exit;
+}
+
 $oNoteService = new ONoteService();
 
 //the number of records to display per screen

interface/modules/zend_modules/module/Installer/view/installer/installer/index.phtml

@@ -12,6 +12,12 @@
  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
 
+// Control access
+if (!OpenEMR\Common\Acl\AclMain::aclCheckCore('admin', 'manage_modules')) {
+    echo xlt('Not Authorized');
+    exit;
+}
+
 echo $this->headScript()->appendFile(
     $this->basePath() . '/js/installer/action.js?v=' . $GLOBALS['v_js_includes'],
     'text/javascript'

interface/reports/audit_log_tamper_report.php

@@ -14,11 +14,18 @@
 
 require_once("../globals.php");
 
+use OpenEMR\Common\Acl\AclMain;
 use OpenEMR\Common\Crypto\CryptoGen;
 use OpenEMR\Common\Csrf\CsrfUtils;
 use OpenEMR\Common\Logging\EventAuditLogger;
 use OpenEMR\Core\Header;
 
+// Control access
+if (!AclMain::aclCheckCore('admin', 'super')) {
+    echo xlt('Not Authorized');
+    exit;
+}
+
 if (!empty($_GET)) {
     if (!CsrfUtils::verifyCsrfToken($_GET["csrf_token_form"])) {
         CsrfUtils::csrfNotVerified();