Exemplo n.º 1
0
/**
 * This function controls the permission mask feature by ensuring validity of the mask id
 * and setting the tmp variable properly.
 *
 * @return true
 */
function permissions_mask()
{
    global $db, $ENTRADA_USER;
    if (isset($_GET["mask"])) {
        if (trim($_GET["mask"]) == "close") {
            $ENTRADA_USER->setAccessId($ENTRADA_USER->getDefaultAccessId());
        } elseif ((int) trim($_GET["mask"])) {
            $query = "SELECT * FROM `permissions` WHERE `permission_id` = " . $db->qstr((int) trim($_GET["mask"]));
            $result = $db->GetRow($query);
            if ($result) {
                if ($result["assigned_to"] == $ENTRADA_USER->getID()) {
                    if ($result["valid_from"] <= time()) {
                        if ($result["valid_until"] >= time()) {
                            $query = "SELECT `id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\t\t\t\t\t\tWHERE `user_id` = " . $db->qstr($result["assigned_by"]) . "\n\t\t\t\t\t\t\t\t\t\tAND `app_id` = " . $db->qstr(AUTH_APP_ID) . "\n\t\t\t\t\t\t\t\t\t\tAND `account_active` = 'true'\n\t\t\t\t\t\t\t\t\t\tAND (`access_starts` = '0' OR `access_starts` <= " . $db->qstr(time()) . ")\n\t\t\t\t\t\t\t\t\t\tAND (`access_expires` = '0' OR `access_expires` >= " . $db->qstr(time()) . ")\n\t\t\t\t\t\t\t\t\t\tAND `organisation_id` = " . $db->qstr($ENTRADA_USER->getActiveOrganisation());
                            $access_id = $db->getOne($query);
                            if ($access_id) {
                                $ENTRADA_USER->setAccessId($access_id);
                                $ENTRADA_USER->setClinical(getClinicalFromProxy($ENTRADA_USER->getActiveId()));
                            } else {
                                $query = "SELECT `id` FROM `" . AUTH_DATABASE . "`.`user_access`\n\t\t\t\t\t\t\t\t\t\t\tWHERE `user_id` = " . $db->qstr($result["assigned_by"]) . "\n\t\t\t\t\t\t\t\t\t\t\tAND `app_id` = " . $db->qstr(AUTH_APP_ID) . "\n\t\t\t\t\t\t\t\t\t\t\tAND `account_active` = 'true'\n\t\t\t\t\t\t\t\t\t\t\tAND (`access_starts` = '0' OR `access_starts` <= " . $db->qstr(time()) . ")\n\t\t\t\t\t\t\t\t\t\t\tAND (`access_expires` = '0' OR `access_expires` >= " . $db->qstr(time()) . ")";
                                $access_id = $db->getOne($query);
                                if ($access_id) {
                                    $ENTRADA_USER->setAccessId($access_id);
                                    $ENTRADA_USER->setClinical(getClinicalFromProxy($ENTRADA_USER->getActiveId()));
                                }
                            }
                        } else {
                            application_log("notice", $_SESSION["details"]["firstname"] . " " . $_SESSION["details"]["lastname"] . " [" . $ENTRADA_USER->getID() . "] tried to masquerade as proxy id [" . $result["assigned_by"] . "], but their permission to this account has expired.");
                        }
                    } else {
                        application_log("notice", $_SESSION["details"]["firstname"] . " " . $_SESSION["details"]["lastname"] . " [" . $ENTRADA_USER->getID() . "] tried to masquerade as proxy id [" . $result["assigned_by"] . "], but their permission to this account has not yet begun.");
                    }
                } else {
                    application_log("error", $_SESSION["details"]["firstname"] . " " . $_SESSION["details"]["lastname"] . " [" . $ENTRADA_USER->getID() . "] tried to masquerade as proxy id [" . $result["assigned_by"] . "], but they do not have permission_id [" . $result["permission_id"] . "] does not belong to them. Oooo. Bad news.");
                }
            } else {
                application_log("error", $_SESSION["details"]["firstname"] . " " . $_SESSION["details"]["lastname"] . " [" . $ENTRADA_USER->getID() . "] tried to masquerade as proxy id [" . $result["assigned_by"] . "], but the provided permission_id [" . $result["permission_id"] . "] does not exist in the database.");
            }
        }
        $_SERVER["QUERY_STRING"] = replace_query(array("mask" => false));
    }
    return true;
}
if (!defined("PARENT_INCLUDED")) {
    exit;
} elseif (!isset($_SESSION["isAuthorized"]) || !$_SESSION["isAuthorized"]) {
    header("Location: " . ENTRADA_URL);
    exit;
} elseif (!$ENTRADA_ACL->amIAllowed('annualreport', 'read')) {
    $ONLOAD[] = "setTimeout('window.location=\\'" . ENTRADA_URL . "/" . $MODULE . "\\'', 15000)";
    $ERROR++;
    $ERRORSTR[] = "Your account does not have the permissions required to use module.<br /><br />If you believe you are receiving this message in error please contact <a href=\"mailto:" . html_encode($AGENT_CONTACTS["publicistrator"]["email"]) . "\">" . html_encode($AGENT_CONTACTS["publicistrator"]["name"]) . "</a> for assistance.";
    echo display_error();
    application_log("error", "Group [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["group"] . "] and role [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["role"] . "] do not have access to this module [" . $MODULE . "]");
} else {
    define("IN_ANNUAL_REPORT", true);
    $BREADCRUMB[] = array("url" => ENTRADA_URL . "/annualreport", "title" => "Annual Report");
    if ($router && $router->initRoute()) {
        $ENTRADA_USER->setClinical(getClinicalFromProxy($ENTRADA_USER->getActiveId()));
        $PREFERENCES = preferences_load($MODULE);
        /**
         * Include required js files and css files for use with jquery and flexigrid.
         */
        $HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/tabpane/tabpane.js\"></script>\n";
        $HEAD[] = "<link href=\"" . ENTRADA_URL . "/css/annualreport.css\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />\n";
        $HEAD[] = "<link href=\"" . ENTRADA_URL . "/css/tabpane.css\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />\n";
        $HEAD[] = "<link href=\"" . ENTRADA_URL . "/css/calendar.css\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />\n";
        //$JQUERY[] = "<script type=\"text/javascript\" src=\"".ENTRADA_URL."/javascript/jquery/jquery.min.js\"></script>\n";
        //$JQUERY[] = "<script type=\"text/javascript\" src=\"".ENTRADA_URL."/javascript/jquery/jquery-ui.min.js\"></script>\n";
        //$JQUERY[] = "<link href=\"".ENTRADA_URL."/css/jquery/jquery-ui.css\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />\n";
        $JQUERY[] = "<link href=\"" . ENTRADA_URL . "/css/jquery/flexigrid.css\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />";
        $JQUERY[] = "<script language=\"javascript\" type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/jquery/flexigrid.pack.js\"></script>\n";
        //$JQUERY[] = "<script type=\"text/javascript\">jQuery.noConflict();</script>";
        /**