/** * This function controls the permission mask feature by ensuring validity of the mask id * and setting the tmp variable properly. * * @return true */ function permissions_mask() { global $db, $ENTRADA_USER; if (isset($_GET["mask"])) { if (trim($_GET["mask"]) == "close") { $ENTRADA_USER->setAccessId($ENTRADA_USER->getDefaultAccessId()); } elseif ((int) trim($_GET["mask"])) { $query = "SELECT * FROM `permissions` WHERE `permission_id` = " . $db->qstr((int) trim($_GET["mask"])); $result = $db->GetRow($query); if ($result) { if ($result["assigned_to"] == $ENTRADA_USER->getID()) { if ($result["valid_from"] <= time()) { if ($result["valid_until"] >= time()) { $query = "SELECT `id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\t\t\t\t\t\tWHERE `user_id` = " . $db->qstr($result["assigned_by"]) . "\n\t\t\t\t\t\t\t\t\t\tAND `app_id` = " . $db->qstr(AUTH_APP_ID) . "\n\t\t\t\t\t\t\t\t\t\tAND `account_active` = 'true'\n\t\t\t\t\t\t\t\t\t\tAND (`access_starts` = '0' OR `access_starts` <= " . $db->qstr(time()) . ")\n\t\t\t\t\t\t\t\t\t\tAND (`access_expires` = '0' OR `access_expires` >= " . $db->qstr(time()) . ")\n\t\t\t\t\t\t\t\t\t\tAND `organisation_id` = " . $db->qstr($ENTRADA_USER->getActiveOrganisation()); $access_id = $db->getOne($query); if ($access_id) { $ENTRADA_USER->setAccessId($access_id); $ENTRADA_USER->setClinical(getClinicalFromProxy($ENTRADA_USER->getActiveId())); } else { $query = "SELECT `id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\t\t\t\t\t\t\tWHERE `user_id` = " . $db->qstr($result["assigned_by"]) . "\n\t\t\t\t\t\t\t\t\t\t\tAND `app_id` = " . $db->qstr(AUTH_APP_ID) . "\n\t\t\t\t\t\t\t\t\t\t\tAND `account_active` = 'true'\n\t\t\t\t\t\t\t\t\t\t\tAND (`access_starts` = '0' OR `access_starts` <= " . $db->qstr(time()) . ")\n\t\t\t\t\t\t\t\t\t\t\tAND (`access_expires` = '0' OR `access_expires` >= " . $db->qstr(time()) . ")"; $access_id = $db->getOne($query); if ($access_id) { $ENTRADA_USER->setAccessId($access_id); $ENTRADA_USER->setClinical(getClinicalFromProxy($ENTRADA_USER->getActiveId())); } } } else { application_log("notice", $_SESSION["details"]["firstname"] . " " . $_SESSION["details"]["lastname"] . " [" . $ENTRADA_USER->getID() . "] tried to masquerade as proxy id [" . $result["assigned_by"] . "], but their permission to this account has expired."); } } else { application_log("notice", $_SESSION["details"]["firstname"] . " " . $_SESSION["details"]["lastname"] . " [" . $ENTRADA_USER->getID() . "] tried to masquerade as proxy id [" . $result["assigned_by"] . "], but their permission to this account has not yet begun."); } } else { application_log("error", $_SESSION["details"]["firstname"] . " " . $_SESSION["details"]["lastname"] . " [" . $ENTRADA_USER->getID() . "] tried to masquerade as proxy id [" . $result["assigned_by"] . "], but they do not have permission_id [" . $result["permission_id"] . "] does not belong to them. Oooo. Bad news."); } } else { application_log("error", $_SESSION["details"]["firstname"] . " " . $_SESSION["details"]["lastname"] . " [" . $ENTRADA_USER->getID() . "] tried to masquerade as proxy id [" . $result["assigned_by"] . "], but the provided permission_id [" . $result["permission_id"] . "] does not exist in the database."); } } $_SERVER["QUERY_STRING"] = replace_query(array("mask" => false)); } return true; }
if (!defined("PARENT_INCLUDED")) { exit; } elseif (!isset($_SESSION["isAuthorized"]) || !$_SESSION["isAuthorized"]) { header("Location: " . ENTRADA_URL); exit; } elseif (!$ENTRADA_ACL->amIAllowed('annualreport', 'read')) { $ONLOAD[] = "setTimeout('window.location=\\'" . ENTRADA_URL . "/" . $MODULE . "\\'', 15000)"; $ERROR++; $ERRORSTR[] = "Your account does not have the permissions required to use module.<br /><br />If you believe you are receiving this message in error please contact <a href=\"mailto:" . html_encode($AGENT_CONTACTS["publicistrator"]["email"]) . "\">" . html_encode($AGENT_CONTACTS["publicistrator"]["name"]) . "</a> for assistance."; echo display_error(); application_log("error", "Group [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["group"] . "] and role [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["role"] . "] do not have access to this module [" . $MODULE . "]"); } else { define("IN_ANNUAL_REPORT", true); $BREADCRUMB[] = array("url" => ENTRADA_URL . "/annualreport", "title" => "Annual Report"); if ($router && $router->initRoute()) { $ENTRADA_USER->setClinical(getClinicalFromProxy($ENTRADA_USER->getActiveId())); $PREFERENCES = preferences_load($MODULE); /** * Include required js files and css files for use with jquery and flexigrid. */ $HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/tabpane/tabpane.js\"></script>\n"; $HEAD[] = "<link href=\"" . ENTRADA_URL . "/css/annualreport.css\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />\n"; $HEAD[] = "<link href=\"" . ENTRADA_URL . "/css/tabpane.css\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />\n"; $HEAD[] = "<link href=\"" . ENTRADA_URL . "/css/calendar.css\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />\n"; //$JQUERY[] = "<script type=\"text/javascript\" src=\"".ENTRADA_URL."/javascript/jquery/jquery.min.js\"></script>\n"; //$JQUERY[] = "<script type=\"text/javascript\" src=\"".ENTRADA_URL."/javascript/jquery/jquery-ui.min.js\"></script>\n"; //$JQUERY[] = "<link href=\"".ENTRADA_URL."/css/jquery/jquery-ui.css\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />\n"; $JQUERY[] = "<link href=\"" . ENTRADA_URL . "/css/jquery/flexigrid.css\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />"; $JQUERY[] = "<script language=\"javascript\" type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/jquery/flexigrid.pack.js\"></script>\n"; //$JQUERY[] = "<script type=\"text/javascript\">jQuery.noConflict();</script>"; /**