Fixed installation bug when choosing a username besides admin. Also i…

…ncorporated a mechanism to avoid original user from easily being removed from the Administrator acl group (avoid lock out syndrome).
DiscoverAndChange · Oct 9, 2010 · 583e0c5 · 583e0c5
1 parent d35cb6b
commit 583e0c5
Show file tree

Hide file tree

Showing 7 changed files with 66 additions and 25 deletions.
diff --git a/acl_setup.php b/acl_setup.php
@@ -184,9 +184,17 @@
 
  // Create the Administrator in the above-created "users" section
  // and add him/her to the above-created "admin" group.
- //
- $gacl->add_object('users', 'Administrator', 'admin' ,10, 0, 'ARO');
- $gacl->add_group_object($admin, 'users', 'admin', 'ARO');
+ // If this script is being used by OpenEMR's setup, then will
+ // incorporate the installation values. Otherwise will
+// hardcode the 'admin' user.
+ if ( isset($this->iuser) ) {
+ $gacl->add_object('users', $this->iuname, $this->iuser, 10, 0, 'ARO');
+ $gacl->add_group_object($admin, 'users', $this->iuser, 'ARO');
+ }
+ else {
+ $gacl->add_object('users', 'Administrator', 'admin' ,10, 0, 'ARO');
+ $gacl->add_group_object($admin, 'users', 'admin', 'ARO');
+ }
 
  // Declare return terms for language translations
  // xl('write') xl('wsome') xl('addonly')

diff --git a/library/acl.inc b/library/acl.inc
@@ -307,7 +307,7 @@
  //
  // This will either create or edit a user aro object, and then place it
  // in the requested groups. It will not allow removal of the 'admin'
- // user from the 'admin' group.
+ // user or gacl_protected users from the 'admin' group.
  // $arr_group_titles = titles of the groups that user will be added to.
  // $user_name = username, which is login name.
  // $first_name = first name
@@ -321,6 +321,18 @@
  include_once("$phpgacl_location/gacl_api.class.php");
  $gacl = new gacl_api();
 
+ //see if this user is gacl protected (ie. do not allow
+ //removal from the Administrators group)
+ require_once(dirname(__FILE__).'/user.inc');
+ require_once(dirname(__FILE__).'/calendar.inc');
+ $userNametoID = getIDfromUser($user_name);
+ if (checkUserSetting("gacl_protect","1",$userNametoID) || $user_name == "admin") {
+ $gacl_protect = true;
+ }
+ else {
+ $gacl_protect = false;
+ }
+
  //get array of all available group ID numbers
  $parent_id = $gacl->get_root_group_id();
  $arr_all_group_ids = $gacl->get_group_children($parent_id, 'ARO', 'RECURSE');
@@ -378,11 +390,11 @@
  }
 
  //
- //Below will not allow 'admin' user to be removed from 'admin' group
+ //Below will not allow 'admin' or gacl_protected user to be removed from 'admin' group
  //
- if ($user_name == 'admin') {
+ if ($gacl_protect) {
  $boolean_admin=0;
- $admin_id = $gacl->get_object_id($section_aro_value, 'admin', 'ARO');
+ $admin_id = $gacl->get_object_id($section_aro_value, $user_name, 'ARO');
  $arr_admin = $gacl->get_object_groups($admin_id, 'ARO', 'NO_RECURSE');
  foreach ($arr_admin as $value3) {
  $arr_admin_data = $gacl->get_group_data($value3, 'ARO');
@@ -394,7 +406,7 @@
  foreach ($arr_all_group_ids as $value4) {
  $arr_temp = $gacl->get_group_data($value4, 'ARO');
  if ($arr_temp[2] == 'admin') {
- $gacl->add_group_object($value4, $section_aro_value, 'admin', 'ARO');
+ $gacl->add_group_object($value4, $section_aro_value, $user_name, 'ARO');
  }
  }
  }

diff --git a/library/ajax/adminacl_ajax.php b/library/ajax/adminacl_ajax.php
@@ -15,6 +15,8 @@
 //
 include_once("../../interface/globals.php");
 include_once("$srcdir/acl.inc");
+include_once("$srcdir/user.inc");
+include_once("$srcdir/calendar.inc");
 
 header("Content-type: text/xml");
 header("Cache-Control: no-cache");
@@ -76,10 +78,18 @@
  echo user_group_listings_xml($_POST["name"], $error);
  exit;
  }
- if (($_POST["name"] == "admin") && in_array("Administrators",$_POST["selection"])) {
+ // check if user is protected. If so, then state message unable to remove from admin group.
+ $userNametoID = getIDfromUser($_POST["name"]);
+ if (checkUserSetting("gacl_protect","1",$userNametoID) || ($_POST["name"] == "admin")) {
+ $gacl_protect = true;
+ }
+ else {
+ $gacl_protect = false;
+ }
+ if ($gacl_protect && in_array("Administrators",$_POST["selection"])) {
  //unable to remove admin user from administrators group, process remove,
  // send soft error, then return data
- array_push($error, (xl('Not allowed to remove the admin user from the Administrators group') . "!"));
+ array_push($error, (xl('Not allowed to remove this user from the Administrators group') . "!"));
  remove_user_aros($_POST["name"], $_POST["selection"]);
  echo user_group_listings_xml($_POST["name"], $error);
  exit;

diff --git a/library/classes/Installer.class.php b/library/classes/Installer.class.php
@@ -311,13 +311,6 @@ public function install_gacl()
  return TRUE;
  }
 
- public function configure_gacl()
- {
- //give the administrator user admin priviledges
- $groupArray = array("Administrators");
- return set_user_aro($groupArray,$this->iuser,$this->iuname,"","");
- }
-
  public function quick_install() {
  if ( ! $this->login_is_valid() ) {
  return False;
@@ -357,9 +350,6 @@ public function quick_install() {
  if ( ! $this->install_gacl()) {
  return False;
  }
- if ( ! $this->configure_gacl()) {
- return False;
- }
 
  return True;
  }

diff --git a/library/user.inc b/library/user.inc
@@ -42,6 +42,30 @@ function getUserSetting($label,$user=NULL) {
  return $result;
 }
 
+//This will check a user setting (does not check for default setting)
+// $name is the setting name in the 'users' table
+// $value is the setting value to be checked in the 'users' table
+// $user is the user id number in the 'users' table
+// Returns true if setting exist and false if does not exist
+function checkUserSetting($label, $value, $user=NULL) {
+
+ // if no user id is sent, then use the currently logged in user
+ if (!isset($user)) {
+ $user = $_SESSION['authUserID'];
+ }
+
+ // Check for the user settings (return true if positive or false if negative)
+ $row = sqlQuery("SELECT setting_value FROM user_settings " .
+ "WHERE setting_user=? AND setting_label=? AND setting_value=?", array($user, $label, $value) );
+ if (empty($row)) {
+ return false;
+ }
+ else {
+ return true;
+ } 
+
+}
+
 //This will set a user setting
 // $name is the setting name in the 'users' table
 // $value is the setting value to be set in the 'users' table

diff --git a/setup.php b/setup.php
@@ -438,11 +438,6 @@ function cloneClicked() {
  echo $installer->error_message;
  break;
  }
-
- if ( ! $installer->configure_gacl() ) {
- echo $installer->error_message;
- break;
- }
 
  // display the status information for gacl setup
  echo $installer->debug_message;

diff --git a/sql/database.sql b/sql/database.sql
@@ -3096,6 +3096,8 @@ INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES
 INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES (0, 'prescriptions_ps_expand', '1');
 INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES (0, 'surgery_ps_expand', '1');
 INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES (0, 'vitals_ps_expand', '1');
+INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES (0, 'gacl_protect', '0');
+INSERT INTO user_settings ( setting_user, setting_label, setting_value ) VALUES (1, 'gacl_protect', '1');
 
 -- --------------------------------------------------------