diff --git a/acl_upgrade.php b/acl_upgrade.php
index 43d4fbcae9a..6501e9c032b 100644
--- a/acl_upgrade.php
+++ b/acl_upgrade.php
@@ -816,13 +816,48 @@
$acl_version = $upgrade_acl;
}
-
-/* This is a template for a new revision, when needed
// Upgrade for acl_version 12
$upgrade_acl = 12;
if ($acl_version < $upgrade_acl) {
echo "UPGRADING ACCESS CONTROLS TO VERSION " . $upgrade_acl . ":";
+ //Collect the ACL ID numbers.
+ echo "Checking to ensure all the proper ACL(access control list) are present:";
+ $accounting_view = AclExtended::getAclIdNumber('Accounting', 'view');
+ $frontoffice_view = AclExtended::getAclIdNumber('Front Office', 'view');
+ $frontoffice_write = AclExtended::getAclIdNumber('Front Office', 'write');
+
+ //Add new object Sections
+ echo "
Adding new object sections
";
+
+ //Add new Objects
+ echo "
Adding new objects
";
+
+ //Update already existing Objects
+ echo "
Upgrading objects
";
+
+ //Add new ACLs here (will return the ACL ID of newly created or already existant ACL)
+ // (will also place in the appropriate group and CREATE a new group if needed)
+ echo "
Adding ACLs(Access Control Lists) and groups
";
+
+ //Update the ACLs
+ echo "
Updating the ACLs(Access Control Lists)
";
+ AclExtended::shiftAcl($accounting_view, 'Accounting', 'patients', 'Patients', 'pat_rep', 'Patient Report', 'view');
+ AclExtended::shiftAcl($frontoffice_view, 'Front Office', 'patients', 'Patients', 'pat_rep', 'Patient Report', 'view');
+ AclExtended::shiftAcl($frontoffice_write, 'Front Office', 'patients', 'Patients', 'trans', 'Transactions (write,wsome optional)', 'write');
+ AclExtended::shiftAcl($frontoffice_write, 'Front Office', 'patients', 'Patients', 'notes', 'Patient Notes (write,wsome optional)', 'write');
+
+
+ //DONE with upgrading to this version
+ $acl_version = $upgrade_acl;
+}
+
+/* This is a template for a new revision, when needed
+// Upgrade for acl_version 13
+$upgrade_acl = 13;
+if ($acl_version < $upgrade_acl) {
+ echo "UPGRADING ACCESS CONTROLS TO VERSION " . $upgrade_acl . ":";
+
//Collect the ACL ID numbers.
echo "Checking to ensure all the proper ACL(access control list) are present:";
diff --git a/interface/patient_file/report/custom_report.php b/interface/patient_file/report/custom_report.php
index 156199f3b30..59cc446f17f 100644
--- a/interface/patient_file/report/custom_report.php
+++ b/interface/patient_file/report/custom_report.php
@@ -34,6 +34,10 @@
use OpenEMR\MedicalDevice\MedicalDevice;
use OpenEMR\Services\FacilityService;
+if (!AclMain::aclCheckCore('patients', 'pat_rep')) {
+ die(xlt('Not authorized'));
+}
+
$facilityService = new FacilityService();
$staged_docs = array();
diff --git a/library/classes/Installer.class.php b/library/classes/Installer.class.php
index b5ef09d391b..b150db5fc5a 100644
--- a/library/classes/Installer.class.php
+++ b/library/classes/Installer.class.php
@@ -975,7 +975,7 @@ public function install_gacl()
//
$gacl->add_acl(
array(
- 'patients' => array('alert','pat_rep')
+ 'patients' => array('alert')
),
null,
array($front),
@@ -1017,7 +1017,7 @@ public function install_gacl()
// xl('Things that front office can read and partly modify')
$gacl->add_acl(
array(
- 'patients' => array('appt', 'demo', 'trans', 'notes'),
+ 'patients' => array('appt', 'demo'),
'groups' => array('gcalendar')
),
null,
@@ -1035,7 +1035,7 @@ public function install_gacl()
//
$gacl->add_acl(
array(
- 'patients' => array('alert','pat_rep')
+ 'patients' => array('alert')
),
null,
array($back),
diff --git a/src/Common/Acl/AclExtended.php b/src/Common/Acl/AclExtended.php
index 71143e823a6..e94a0f8aa9b 100644
--- a/src/Common/Acl/AclExtended.php
+++ b/src/Common/Acl/AclExtended.php
@@ -1019,6 +1019,43 @@ public static function updateAcl($array_acl_id_number, $group_title, $section_na
return;
}
+
+ /**
+ * Shift the ACL, opposite of updateAcl()
+ * Tries to remove the object from a specific ACL if only one is found.
+ *
+ * @param array $array_acl_id_number Array containing hopefully one element, which is an integer, and is identifier of acl to be updated.
+ * @param string $group_title Title of group.
+ * @param string $object_section_name Identifier of section
+ * @param string $object_section_title Title of section
+ * @param string $object_name Identifier of object
+ * @param string $object_title Title of object
+ * @param string $acl_return_value What the acl returns (string), usually 'write', 'addonly', 'wsome' or 'view'
+ */
+ public static function shiftAcl($array_acl_id_number, $group_title, $section_name, $section_title, $object_name, $object_title, $return_value)
+ {
+ $gacl = self::collectGaclApiObject();
+ $tmp_array = $gacl->search_acl($section_name, $object_name, false, false, $group_title, false, false, false, $return_value);
+ switch (count($tmp_array)) {
+ case 0:
+ echo "The '$object_title' object of the '$section_title' section is not found in the '$group_title' group '$return_value' ACL.";
+ break;
+ case 1:
+ $tmp_boolean = @$gacl->shift_acl($array_acl_id_number[0], null, null, null, null, array($section_name => array($object_name)));
+ if ($tmp_boolean) {
+ echo "Successfully removed the '$object_title' object of the '$section_title' section into the '$group_title' group '$return_value' ACL.";
+ } else {
+ echo "ERROR,unable to remove the '$object_title' object of the '$section_title' section into the '$group_title' group '$return_value' ACL.";
+ }
+ break;
+ default:
+ echo "ERROR, Multiple '$group_title' group '$return_value' ACLs with the '$object_title' object of the '$section_title' section are present.";
+ break;
+ }
+
+ return;
+ }
+
/**
* Update the provided array of ACOs that the designated group has permission for.
* This is an array keyed on ACO section ID with values that are arrays keyed on ACO ID
diff --git a/src/Gacl/GaclApi.php b/src/Gacl/GaclApi.php
index a421a93ed8d..29c7c2f6cb7 100644
--- a/src/Gacl/GaclApi.php
+++ b/src/Gacl/GaclApi.php
@@ -404,8 +404,9 @@ function append_acl($acl_id, $aro_array=NULL, $aro_group_ids=NULL, $axo_array=NU
return false;
}
- //Grab ACL data.
- $acl_array = &$this->get_acl($acl_id);
+ //Grab ACL data.
+ $get_acl = $this->get_acl($acl_id);
+ $acl_array = &$get_acl;
//Append each object type seperately.
if (is_array($aro_array) AND count($aro_array) > 0) {
@@ -524,8 +525,9 @@ function shift_acl($acl_id, $aro_array=NULL, $aro_group_ids=NULL, $axo_array=NUL
return false;
}
- //Grab ACL data.
- $acl_array = &$this->get_acl($acl_id);
+ //Grab ACL data.
+ $get_acl = $this->get_acl($acl_id);
+ $acl_array = &$get_acl;
//showarray($acl_array);
//Remove each object type seperately.
@@ -612,7 +614,7 @@ function shift_acl($acl_id, $aro_array=NULL, $aro_group_ids=NULL, $axo_array=NUL
foreach ($aco_array as $aco_section_value => $aco_value_array) {
foreach ($aco_value_array as $aco_value) {
$this->debug_text("shift_acl(): ACO Section Value: $aco_section_value ACO VALUE: $aco_value");
- $aco_key = array_search($aco_value, $acl_array['aco'][$aco_section_value]);
+ $aco_key = array_search($aco_value, ($acl_array['aco'][$aco_section_value] ?? []));
if ($aco_key !== FALSE) {
$this->debug_text("shift_acl(): Removing ACO. ($aco_key)");
diff --git a/version.php b/version.php
index ecc129e8ae2..414a08b8fe5 100644
--- a/version.php
+++ b/version.php
@@ -36,7 +36,7 @@
// controls is (subsequently the acl_upgrade.php script then is used to
// upgrade and track this value)
//
-$v_acl = 11;
+$v_acl = 12;
// Version for JavaScript and stylesheet includes. Increment whenever a .js or .css file changes.
// Also whenever you change a .js or .css file, make sure that all URLs referencing it