Embedding phpGACL.

Documentation/README.phpgacl

@@ -1,12 +1,41 @@
  Hints for Using phpGACL with OpenEMR
  by Rod Roark <rod at sunsetsystems dot com>
 
+Installation Instructions
 
-OpenEMR by default does not use or require phpGACL, though it is
-highly recommended. Setting it up takes some careful study, planning
-and a bit of time. If you don't have the time then you should hire
-an experienced person to set things up for you. Helpful installation
-and configuration instructions can be found on the wiki at the
+phpGACL access controls are embedded and installed by default in OpenEMR
+versions 2.9.0.3 or later. The administration of the access controls is
+within OpenEMR in the admin->acl menu. The library/acl.inc file can be
+easily modified to turn off phpGACL or to use an external version.
+
+
+Upgrading Instructions
+
+After you have upgraded to a new version of OpenEMR, you should
+run the acl_upgrade.php program using your web browser
+(e.g. http:https://openemr.location/acl_upgrade.php). This will ensure your
+phpGACL database contains all the required OpenEMR Access Control
+Objects.
+
+
+For Developers
+
+If you add a new Access Control Object to the OpenEMR codebase, then
+also add it to the following three sites:
+1. Header notes of the library/acl.inc file
+2. acl_setup.php file
+3. acl_upgrade.php file
+
+
+Miscellaneous Information (the below information is only applicable
+to OpenEMR versions less than 2.9.0.3 or to users who choose to
+install an external version of phpGACL)
+
+If you are using an OpenEMR version previous to 2.9.0.3, then phpGACL
+has not been automatically installed. Setting it up takes some careful
+study, planning and a bit of time. If you don't have the time then you
+should hire an experienced person to set things up for you. Helpful
+installation and configuration instructions can be found on the wiki at the
 www.oemr.org site.
 
 Alternatively, it's possible to set up your own access rules without
@@ -90,21 +119,3 @@ Then if "write" or "wsome" or "addonly" access applies, key in that
 as the return value, otherwise a return value is not required. Then
 click the Submit button to save that particular access rule. Repeat
 until all your ACL rules are defined.
-
-
-Upgrading Instructions
-
-After you have upgraded to a new version of OpenEMR, you should
-consider running the acl_upgrade.php program using your web browser
-(e.g. http:https://openemr.location/acl_upgrade.php). This will ensure your
-phpGACL database contains all the required OpenEMR Access Control
-Objects.
-
-
-For Developers
-
-If you add a new Access Control Object to the OpenEMR codebase, then
-also add it to the following three sites:
-1. Header notes of the library/acl.inc file
-2. acl_setup.php file
-3. acl_upgrade.php file

INSTALL

@@ -118,9 +118,10 @@ something more secure (such as chmod 644) before actively using OpenEMR.
 Should anything fail during step 3, you may have to remove the existing database
 or tables before you can try again.
 
-Step 4 is very much like step 3, except the only thing taking place is the
-writing of SQL configuration to disk. Should it fail due to permissions or any
-other reason, you may click the reload button to try again.
+Step 4 is the writing of SQL configuration to disk and the
+installation/configuration of the phpGACL access controls. Should it display
+errors related to file writing priviledges you may click the back button to
+try again (after fixing file permission).
 
 Once setup is completed, one last thing must be done before OpenEMR can be used.
 The file openemr/interface/globals.php must be edited by hand to reflect the
@@ -160,16 +161,12 @@ and custom/faxcover.txt; it also requires the following utilities:
 
 IV. Setting Up Access Control
 
-You can either choose to install phpGACL, which is very powerful access control
-software, or you can use the default OpenEMR access controls, which are very
-limited. If you choose to install phpGACL (see http:https://phpgacl.sourceforge.net/),
-recommend reading the phpGACL manual, the /openemr/Documentation/README.phpgacl
-file, and the online wiki at www.oemr.org for installation and configuration
-instructions. Also recommend reading the comments in /openemr/library/acl.inc
-and also modifying that file to point to your phpGACL installation directory.
-
-It is reasonable to first get a basic OpenEMR installation working and then add
-these extended access controls later.
+Since OpenEMR version 2.9.0.3, phpGACL access control software is installed
+and configured automatically during OpenEMR setup. This is very powerful
+access control software. To learn more about phpGACL
+(see http:https://phpgacl.sourceforge.net/), recommend reading the phpGACL manual,
+the /openemr/Documentation/README.phpgacl file, and the online wiki at
+www.oemr.org. Also recommend reading the comments in /openemr/library/acl.inc.
 
 V. Upgrading
 
@@ -197,6 +194,6 @@ management (normally you should), run the sl_convert.php script
 (e.g. http:https://openemr.location/sl_convert.php). Note this script may
 run for several minutes or longer.
 
-If phpGACL is installed, then you should also upgrade your Access Controls
-by running the acl_upgrade.php program using your web browser
-(e.g. http:https://openemr.location/acl_upgrade.php).
+If phpGACL is installed (automatically installed since OpenEMR version 2.9.0.3),
+then you should upgrade your Access Controls by running the acl_upgrade.php
+program using your web browser (e.g. http:https://openemr.location/acl_upgrade.php).

acl_setup.php

@@ -6,9 +6,9 @@
  // as published by the Free Software Foundation; either version 2
  // of the License, or (at your option) any later version.
  //
- // This program may be run after phpGACL has been installed, and will
- // create the Access Control Objects and their sections as required
- // by OpenEMR. See openemr/library/acl.inc file for the list of
+ // This program is run by the OpenEMR setup.php script to install phpGACL
+ // and creates the Access Control Objects and their sections.
+ // See openemr/library/acl.inc file for the list of
  // currently supported Access Control Objects(ACO), which this
  // script will install. This script also creates several
  // ARO groups, an "admin" ARO, and some reasonable ACL entries for
@@ -21,10 +21,10 @@
  // Accounting
  //
  // Upgrade Howto
- // If you have previously installed phpGACL, and have since upgraded
- // to a new version of OpenEMR, then should consider upgrading
- // the phpGACL database with the acl_upgrade.php script to ensure
- // the database includes all the required Access Control Objects(ACO).
+ // When upgrading to a new version of OpenEMR, run the acl_upgrade.php
+ // script to update the phpGACL access controls. This is required to
+ // ensure the database includes all the required Access Control 
+ // Objects(ACO).
  //
 
  include_once('library/acl.inc');
@@ -38,11 +38,8 @@
  // Create the ACO sections. Every ACO must have a section.
  //
  if ($gacl->add_object_section('Accounting', 'acct', 10, 0, 'ACO') === FALSE) {
- die("<br>This is not working. Make sure you have:<br>" .
- "* Set the correct phpgacl database name, user and password in gacl.ini.php<br>" .
- "* Done the same in gacl.class.php<br>" .
- "* Run setup.php from the phpGACL distribution<br>" .
- "* Not already run this script successfully<br>");
+ echo "Unable to create the access controls for OpenEMR. You have likely already run this script (acl_setup.php) successfully.<br>Other possible problems include php-GACL configuration file errors (gacl.ini.php or gacl.class.php).<br>";
+ return;
  }
  $gacl->add_object_section('Administration', 'admin' , 10, 0, 'ACO');
  $gacl->add_object_section('Encounters' , 'encounters' , 10, 0, 'ACO');
@@ -195,13 +192,8 @@
 <link rel=STYLESHEET href="interface/themes/style_blue.css">
 </head>
 <body>
-<span class="title">OpenEMR ACL Setup</span>
-<br><br>
-<span class="text">
-
-All done!
-
-</span>
-
+<b>OpenEMR ACL Setup</b>
+<br>
+All done configuring and installing access controls (php-GACL)!
 </body>
 </html>

acl_upgrade.php

@@ -6,9 +6,7 @@
 //
 // This script will update the phpGACL database, which include
 // Access Control Objects(ACO), Groups(ARO), and Access Control
-// Lists(ACL) created by the the acl_setup.php(2.8.1 onward)
-// program, to the most recent version.
-// (this assumes phpGACL has been previously installed)
+// Lists(ACL) to the most recent version.
 // It will display whether each update already exist
 // or if it was updated succesfully.
 //

interface/globals.php

@@ -170,7 +170,7 @@
 $v_major = '2';
 $v_minor = '9';
 $v_patch = '0';
-$tag = '.2'; // minor revision number, should be empty for production releases
+$tag = '.3'; // minor revision number, should be empty for production releases
 
 // This name appears on the login page and in the title bar of most windows.
 // It's nice to customize this to be the name of your clinic.

interface/main/backup.php

@@ -123,7 +123,7 @@
  $cmd = "cd $webserver_root; tar --same-owner --ignore-failed-read -zcphf $BACKUP_DIR/openemr.tar.gz .";
 }
 if ($form_step == 5) {
- if (!empty($phpgacl_location)) {
+ if ((!empty($phpgacl_location)) && ($phpgacl_location != $GLOBALS['fileroot']."/gacl")) {
  $form_status .= "Dumping phpGACL web directory tree ...<br />";
  echo nl2br($form_status);
  $cmd = "cd $phpgacl_location; tar --same-owner --ignore-failed-read -zcphf $BACKUP_DIR/phpgacl.tar.gz .";

interface/usergroup/adminacl.php

@@ -508,7 +508,7 @@ function generic_click(cthis) {
 </head>
 
 <body class="body_top">
- <span class='title'><?php xl('Access Control List Administration','e'); ?></span>
+ <span class='title'><?php xl('Access Control List Administration','e'); ?></span>&nbsp;<a href='../../gacl/admin/acl_admin.php' onclick='top.restoreSession()'><span class='back'>(Advanced)</span></a>
  <br><br> 
  <div id='membership_edit'>
  <span class=bold><input type='checkbox' id='membership_show'><?php xl('User Memberships','e'); ?></span>

library/acl.inc

@@ -1,10 +1,27 @@
 <?php
- // If you have installed phpGACL (http:https://phpgacl.sourceforge.net/)
- // and have configured it for your site, then uncomment the following
- // statement and change it to point to the location where
- // gacl.class.php is intalled.
- //
- // $phpgacl_location = "/var/www/gacl";
+// php-GACL access controls are included in OpenEMR. The below
+// function will automatically create the path where gacl.class.php
+// can be found. Note that this path can be manually set below
+// for users who are using an external version of php-GACL.
+// Also note that php-GACL access controls can be turned off
+// below.
+ if (isset ($GLOBALS['fileroot'])) {
+ //normal use during OpenEMR
+ $phpgacl_location = $GLOBALS['fileroot'] . "/gacl";
+ }
+ else { 
+ //special case during OpenEMR and php-GACL install/upgrade scripts,
+ //which are run from main OpenEMR directory.
+ $phpgacl_location = "gacl";
+ }
+//
+// If using an external version of php-GACL, then uncomment following
+// line and manually place the path below.
+//$phpgacl_location = "/var/www/gacl";
+//
+// If you want to turn off php-GACL, then uncomment the following line.
+//unset($phpgacl_location);
+//
 
  // The following Access Control Objects (ACO) are currently supported.
  // These are the "things to be protected":
@@ -291,7 +308,12 @@
  $full_name = $first_name . " " . $middle_name . " " . $last_name;
  }
  else {
- $full_name = $first_name . " " . $last_name;
+ if ($last_name) {
+ $full_name = $first_name . " " . $last_name;
+ }
+ else {
+ $full_name = $first_name;
+ }
  }
 
  //If this is not the first group to be added, then will skip below