diff --git a/interface/patient_file/encounter/forms.php b/interface/patient_file/encounter/forms.php
index 49a5a27688c..ae6213809be 100644
--- a/interface/patient_file/encounter/forms.php
+++ b/interface/patient_file/encounter/forms.php
@@ -38,68 +38,89 @@ function imdeleted() {
" .
- "(Delete)";
- }
- echo "
\n";
-
- if ($result = getFormByEncounter($pid, $encounter, "id, date, form_id, form_name,formdir,user")) {
- echo "
";
- foreach ($result as $iter) {
- $formdir = $iter['formdir'];
-
- // Skip forms that we are not authorized to see.
- if (($auth_notes_a) ||
- ($auth_notes && $iter['user'] == $_SESSION['authUser']) ||
- ($auth_relaxed && ($formdir == 'sports_fitness' || $formdir == 'podiatry'))) ;
- else continue;
-
- // $form_info = getFormInfoById($iter['id']);
- echo '';
- $user = getNameFromUsername($iter['user']);
-
- $form_name = ($formdir == 'newpatient') ? "Patient Encounter" : $iter['form_name'];
-
- echo '' .
- $user['fname'] . " " . $user['lname'] .' | ';
- echo "$form_name | \n" .
- " | \n" .
- "";
-
- // Use the form's report.php for display.
- //
- include_once($GLOBALS['incdir'] . "/forms/$formdir/report.php");
- call_user_func($formdir . "_report", $pid, $iter['encounter'], 2, $iter['form_id']);
-
- echo " |
";
- }
- echo "
";
- }
+$auth_notes_a = acl_check('encounters', 'notes_a');
+$auth_notes = acl_check('encounters', 'notes');
+$auth_relaxed = acl_check('encounters', 'relaxed');
+
+if (is_numeric($pid)) {
+ // Check for no access to the patient's squad.
+ $result = getPatientData($pid, "fname,lname,squad");
+ echo " for " . $result['fname'] . " " . $result['lname'];
+ if ($result['squad'] && ! acl_check('squads', $result['squad'])) {
+ $auth_notes_a = $auth_notes = $auth_relaxed = 0;
+ }
+ // Check for no access to the encounter's sensitivity level.
+ $result = sqlQuery("SELECT sensitivity FROM form_encounter WHERE " .
+ "pid = '$pid' AND encounter = '$encounter' LIMIT 1");
+ if ($result['sensitivity'] && !acl_check('sensitivities', $result['sensitivity'])) {
+ $auth_notes_a = $auth_notes = $auth_relaxed = 0;
+ }
+}
+
+echo ":";
+if (acl_check('admin', 'super')) {
+ echo " " .
+ "(Delete)";
+}
+echo "
\n";
+
+if ($result = getFormByEncounter($pid, $encounter, "id, date, form_id, form_name, formdir, user, deleted")) {
+ echo "";
+ echo "User | Form | |
";
+ foreach ($result as $iter) {
+ $formdir = $iter['formdir'];
+
+ // skip forms whose 'deleted' flag is set to 1
+ if ($iter['deleted'] == 1) continue;
+
+ // Skip forms that we are not authorized to see.
+ if (($auth_notes_a) ||
+ ($auth_notes && $iter['user'] == $_SESSION['authUser']) ||
+ ($auth_relaxed && ($formdir == 'sports_fitness' || $formdir == 'podiatry'))) ;
+ else continue;
+
+ // $form_info = getFormInfoById($iter['id']);
+ echo '';
+ $user = getNameFromUsername($iter['user']);
+
+ $form_name = ($formdir == 'newpatient') ? "Patient Encounter" : $iter['form_name'];
+
+ echo '' .
+ $user['fname'] . " " . $user['lname'] .' | ';
+ echo "";
+
+ // a link to edit the form
+ echo "$form_name";
+
+ if (acl_check('admin', 'super')) {
+ // a link to delete the form from the encounter
+ echo " (Delete)";
+ }
+
+ echo " | \n" .
+ " | \n" .
+ "";
+
+ // Use the form's report.php for display.
+ //
+ include_once($GLOBALS['incdir'] . "/forms/$formdir/report.php");
+ call_user_func($formdir . "_report", $pid, $iter['encounter'], 2, $iter['form_id']);
+
+ echo " |
";
+ }
+ echo "
";
+}
?>