diff --git a/interface/patient_file/encounter/forms.php b/interface/patient_file/encounter/forms.php index 49a5a27688c..ae6213809be 100644 --- a/interface/patient_file/encounter/forms.php +++ b/interface/patient_file/encounter/forms.php @@ -38,68 +38,89 @@ function imdeleted() { " . - "(Delete)"; - } - echo "
\n"; - - if ($result = getFormByEncounter($pid, $encounter, "id, date, form_id, form_name,formdir,user")) { - echo ""; - foreach ($result as $iter) { - $formdir = $iter['formdir']; - - // Skip forms that we are not authorized to see. - if (($auth_notes_a) || - ($auth_notes && $iter['user'] == $_SESSION['authUser']) || - ($auth_relaxed && ($formdir == 'sports_fitness' || $formdir == 'podiatry'))) ; - else continue; - - // $form_info = getFormInfoById($iter['id']); - echo ''; - $user = getNameFromUsername($iter['user']); - - $form_name = ($formdir == 'newpatient') ? "Patient Encounter" : $iter['form_name']; - - echo ''; - echo "\n" . - "\n" . - ""; - } - echo "
' . - $user['fname'] . " " . $user['lname'] .'$form_name"; - - // Use the form's report.php for display. - // - include_once($GLOBALS['incdir'] . "/forms/$formdir/report.php"); - call_user_func($formdir . "_report", $pid, $iter['encounter'], 2, $iter['form_id']); - - echo "
"; - } +$auth_notes_a = acl_check('encounters', 'notes_a'); +$auth_notes = acl_check('encounters', 'notes'); +$auth_relaxed = acl_check('encounters', 'relaxed'); + +if (is_numeric($pid)) { + // Check for no access to the patient's squad. + $result = getPatientData($pid, "fname,lname,squad"); + echo " for " . $result['fname'] . " " . $result['lname']; + if ($result['squad'] && ! acl_check('squads', $result['squad'])) { + $auth_notes_a = $auth_notes = $auth_relaxed = 0; + } + // Check for no access to the encounter's sensitivity level. + $result = sqlQuery("SELECT sensitivity FROM form_encounter WHERE " . + "pid = '$pid' AND encounter = '$encounter' LIMIT 1"); + if ($result['sensitivity'] && !acl_check('sensitivities', $result['sensitivity'])) { + $auth_notes_a = $auth_notes = $auth_relaxed = 0; + } +} + +echo ":"; +if (acl_check('admin', 'super')) { + echo "  " . + "(Delete)"; +} +echo "
\n"; + +if ($result = getFormByEncounter($pid, $encounter, "id, date, form_id, form_name, formdir, user, deleted")) { + echo ""; + echo ""; + foreach ($result as $iter) { + $formdir = $iter['formdir']; + + // skip forms whose 'deleted' flag is set to 1 + if ($iter['deleted'] == 1) continue; + + // Skip forms that we are not authorized to see. + if (($auth_notes_a) || + ($auth_notes && $iter['user'] == $_SESSION['authUser']) || + ($auth_relaxed && ($formdir == 'sports_fitness' || $formdir == 'podiatry'))) ; + else continue; + + // $form_info = getFormInfoById($iter['id']); + echo ''; + $user = getNameFromUsername($iter['user']); + + $form_name = ($formdir == 'newpatient') ? "Patient Encounter" : $iter['form_name']; + + echo ''; + echo "\n" . + "\n" . + ""; + } + echo "
UserForm
' . + $user['fname'] . " " . $user['lname'] .'"; + + // a link to edit the form + echo "$form_name"; + + if (acl_check('admin', 'super')) { + // a link to delete the form from the encounter + echo " (Delete)"; + } + + echo " "; + + // Use the form's report.php for display. + // + include_once($GLOBALS['incdir'] . "/forms/$formdir/report.php"); + call_user_func($formdir . "_report", $pid, $iter['encounter'], 2, $iter['form_id']); + + echo "
"; +} ?>