forked from openemr/openemr
-
Notifications
You must be signed in to change notification settings - Fork 0
/
acl_setup.php
199 lines (180 loc) · 8.42 KB
/
acl_setup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
<?php
// Copyright (C) 2005-2006 Rod Roark <[email protected]>
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is run by the OpenEMR setup.php script to install phpGACL
// and creates the Access Control Objects and their sections.
// See openemr/library/acl.inc file for the list of
// currently supported Access Control Objects(ACO), which this
// script will install. This script also creates several
// ARO groups, an "admin" ARO, and some reasonable ACL entries for
// the groups.
// ARO groups include:
// Administrators
// Physicians (Doctors)
// Clinicians (Nurses, Physician Assistants, etc.)
// Front Office (Receptionist)
// Accounting
//
// Upgrade Howto
// When upgrading to a new version of OpenEMR, run the acl_upgrade.php
// script to update the phpGACL access controls. This is required to
// ensure the database includes all the required Access Control
// Objects(ACO).
//
include_once('library/acl.inc');
if (! $phpgacl_location) die("You must first set up library/acl.inc to use phpGACL!");
include_once("$phpgacl_location/gacl_api.class.php");
$gacl = new gacl_api();
// Create the ACO sections. Every ACO must have a section.
//
if ($gacl->add_object_section('Accounting', 'acct', 10, 0, 'ACO') === FALSE) {
echo "Unable to create the access controls for OpenEMR. You have likely already run this script (acl_setup.php) successfully.<br>Other possible problems include php-GACL configuration file errors (gacl.ini.php or gacl.class.php).<br>";
return;
}
$gacl->add_object_section('Administration', 'admin' , 10, 0, 'ACO');
$gacl->add_object_section('Encounters' , 'encounters' , 10, 0, 'ACO');
$gacl->add_object_section('Patients' , 'patients' , 10, 0, 'ACO');
$gacl->add_object_section('Squads' , 'squads' , 10, 0, 'ACO');
$gacl->add_object_section('Sensitivities' , 'sensitivities', 10, 0, 'ACO');
// Create Accounting ACOs.
//
$gacl->add_object('acct', 'Billing (write optional)' , 'bill' , 10, 0, 'ACO');
$gacl->add_object('acct', 'Price Discounting' , 'disc' , 10, 0, 'ACO');
$gacl->add_object('acct', 'EOB Data Entry' , 'eob' , 10, 0, 'ACO');
$gacl->add_object('acct', 'Financial Reporting - my encounters', 'rep' , 10, 0, 'ACO');
$gacl->add_object('acct', 'Financial Reporting - anything' , 'rep_a', 10, 0, 'ACO');
// Create Administration ACOs.
//
$gacl->add_object('admin', 'Superuser' , 'super' , 10, 0, 'ACO');
$gacl->add_object('admin', 'Calendar Settings' , 'calendar' , 10, 0, 'ACO');
$gacl->add_object('admin', 'Database Reporting' , 'database' , 10, 0, 'ACO');
$gacl->add_object('admin', 'Forms Administration' , 'forms' , 10, 0, 'ACO');
$gacl->add_object('admin', 'Practice Settings' , 'practice' , 10, 0, 'ACO');
$gacl->add_object('admin', 'Superbill Codes Administration' , 'superbill', 10, 0, 'ACO');
$gacl->add_object('admin', 'Users/Groups/Logs Administration', 'users' , 10, 0, 'ACO');
$gacl->add_object('admin', 'Batch Communication Tool' , 'batchcom' , 10, 0, 'ACO');
$gacl->add_object('admin', 'Language Interface Tool' , 'language' , 10, 0, 'ACO');
$gacl->add_object('admin', 'Pharmacy Dispensary' , 'drugs' , 10, 0, 'ACO');
$gacl->add_object('admin', 'ACL Administration' , 'acl' , 10, 0, 'ACO');
// Create ACOs for encounters.
//
$gacl->add_object('encounters', 'Authorize - my encounters' , 'auth' , 10, 0, 'ACO');
$gacl->add_object('encounters', 'Authorize - any encounters' , 'auth_a' , 10, 0, 'ACO');
$gacl->add_object('encounters', 'Coding - my encounters (write,wsome optional)' , 'coding' , 10, 0, 'ACO');
$gacl->add_object('encounters', 'Coding - any encounters (write,wsome optional)' , 'coding_a', 10, 0, 'ACO');
$gacl->add_object('encounters', 'Notes - my encounters (write,addonly optional)' , 'notes' , 10, 0, 'ACO');
$gacl->add_object('encounters', 'Notes - any encounters (write,addonly optional)' , 'notes_a' , 10, 0, 'ACO');
$gacl->add_object('encounters', 'Fix encounter dates - any encounters' , 'date_a' , 10, 0, 'ACO');
$gacl->add_object('encounters', 'Less-private information (write,addonly optional)', 'relaxed' , 10, 0, 'ACO');
// Create ACOs for patients.
//
$gacl->add_object('patients', 'Appointments (write optional)' , 'appt' , 10, 0, 'ACO');
$gacl->add_object('patients', 'Demographics (write,addonly optional)' , 'demo' , 10, 0, 'ACO');
$gacl->add_object('patients', 'Medical/History (write,addonly optional)', 'med' , 10, 0, 'ACO');
$gacl->add_object('patients', 'Transactions (write optional)' , 'trans', 10, 0, 'ACO');
$gacl->add_object('patients', 'Documents (write,addonly optional)' , 'docs' , 10, 0, 'ACO');
$gacl->add_object('patients', 'Patient Notes (write,addonly optional)' , 'notes', 10, 0, 'ACO');
// Create ACOs for sensitivities.
//
$gacl->add_object('sensitivities', 'Normal', 'normal', 10, 0, 'ACO');
$gacl->add_object('sensitivities', 'High' , 'high' , 20, 0, 'ACO');
// Create ARO groups.
//
$users = $gacl->add_group('users', 'OpenEMR Users' , 0 , 'ARO');
$admin = $gacl->add_group('admin', 'Administrators', $users, 'ARO');
$clin = $gacl->add_group('clin' , 'Clinicians' , $users, 'ARO');
$doc = $gacl->add_group('doc' , 'Physicians' , $users, 'ARO');
$front = $gacl->add_group('front', 'Front Office' , $users, 'ARO');
$back = $gacl->add_group('back' , 'Accounting' , $users, 'ARO');
// Create a Users section for the AROs (humans).
//
$gacl->add_object_section('Users', 'users', 10, 0, 'ARO');
// Create the Administrator in the above-created "users" section
// and add him/her to the above-created "admin" group.
//
$gacl->add_object('users', 'Administrator', 'admin' ,10, 0, 'ARO');
$gacl->add_group_object($admin, 'users', 'admin', 'ARO');
// Set permissions for administrators.
//
$gacl->add_acl(
array(
'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
'admin'=>array('calendar', 'database', 'forms', 'practice', 'superbill', 'users', 'batchcom', 'language', 'super', 'drugs', 'acl'),
'encounters'=>array('auth_a', 'coding_a', 'notes_a', 'date_a'),
'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes'),
'sensitivities'=>array('normal', 'high')
),
NULL, array($admin), NULL, NULL,
1, 1, 'write', 'Administrators can do anything'
);
// Set permissions for physicians.
//
$gacl->add_acl(
array(
'acct'=>array('disc', 'rep'),
'admin'=>array('drugs'),
'encounters'=>array('auth_a', 'coding_a', 'notes_a', 'date_a'),
'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes'),
'sensitivities'=>array('normal', 'high')
),
NULL, array($doc), NULL, NULL,
1, 1, 'write', 'Things that physicians can read and modify'
);
// Set permissions for clinicians.
//
$gacl->add_acl(
array(
'encounters'=>array('notes', 'relaxed'),
'patients'=>array('demo', 'med', 'docs', 'notes'),
'sensitivities'=>array('normal')
),
NULL, array($clin), NULL, NULL,
1, 1, 'addonly', 'Things that clinicians can read and enter but not modify'
);
$gacl->add_acl(
array(
'admin'=>array('drugs'),
'encounters'=>array('coding'),
'patients'=>array('appt')
),
NULL, array($clin), NULL, NULL,
1, 1, 'write', 'Things that clinicians can read and modify'
);
// Set permissions for front office staff.
//
$gacl->add_acl(
array(
'patients'=>array('appt', 'demo', 'trans', 'notes')
),
NULL, array($front), NULL, NULL,
1, 1, 'write', 'Things that front office can read and modify'
);
// Set permissions for back office staff.
//
$gacl->add_acl(
array(
'acct'=>array('bill', 'disc', 'eob', 'rep', 'rep_a'),
'admin'=>array('practice', 'superbill'),
'encounters'=>array('auth_a', 'coding_a', 'date_a'),
'patients'=>array('appt', 'demo')
),
NULL, array($back), NULL, NULL,
1, 1, 'write', 'Things that back office can read and modify'
);
?>
<html>
<head>
<title>OpenEMR ACL Setup</title>
<link rel=STYLESHEET href="interface/themes/style_blue.css">
</head>
<body>
<b>OpenEMR ACL Setup</b>
<br>
All done configuring and installing access controls (php-GACL)!
</body>
</html>