function update_authoriser($form, $data, $authoriser_id)
{
// Update the stored authorisation requests
read_form_auths($data->id, $auth);
if ($authoriser_id == 0) {
delete_form_auths($auth);
} else {
$auth->authoriser = $authoriser_id;
$auth->request_date = time();
write_form_auths($auth);
}
// Determine the URL to use to link to the form
$program = new moodle_url('/local/obu_forms/process.php') . '?id=' . $data->id;
// Email the new status to the author and to Student Central (if not the next authoriser)
$author = get_complete_user_data('id', $data->author);
$sc = get_complete_user_data('username', 'csa');
$sc_id = $sc->id;
if (!$form->modular) {
// Use the default CSA Team contact and notification details (PG)
$sc_contact = $sc;
$sc_notifications = $sc;
} else {
// Use the SCAT contact and notification details (UMP)
$sc_contact = get_complete_user_data('username', 'scat');
$sc_notifications = get_complete_user_data('username', 'scat_notifications');
}
// Add email headers to help prevent auto-responders
$author->customheaders = array('Precedence: Bulk', 'X-Auto-Response-Suppress: All', 'Auto-Submitted: auto-generated');
$sc_contact->customheaders = array('Precedence: Bulk', 'X-Auto-Response-Suppress: All', 'Auto-Submitted: auto-generated');
get_form_status($author->id, $form, $data, $text, $button_text);
// get the status from the author's perspective
// If a staff form, extract any given student number
$student_number = '';
if (!$form->student) {
load_form_fields($data, $fields);
if (array_key_exists('student_number', $fields)) {
$student_number = ' [' . $fields['student_number'] . ']';
}
}
$html = '<h4><a href="' . $program . '">' . $form->formref . ': ' . $form->name . $student_number . '</a></h4>' . $text;
email_to_user($author, $sc_contact, 'The Status of Your Form ' . $form->formref . $student_number, html_to_text($html), $html);
if ($authoriser_id != $sc_id) {
get_form_status($sc_id, $form, $data, $text, $button_text);
// get the status from the perspective of Student Central
$html = '<h4><a href="' . $program . '">' . $form->formref . ': ' . $form->name . $student_number . '</a></h4>' . $text;
email_to_user($sc_notifications, $author, 'Form ' . $form->formref . $student_number . ' Status Update (' . $author->username . ')', html_to_text($html), $html);
}
// Notify the next authoriser (if there is one)
if ($authoriser_id) {
if ($authoriser_id == $sc_id) {
$authoriser = $sc_notifications;
} else {
$authoriser = get_complete_user_data('id', $authoriser_id);
}
if ($authoriser->username != 'csa-tbd') {
// No notification possible if authoriser TBD
$form_link = '<a href="' . $program . '">' . $form->formref . ' ' . get_string('form_title', 'local_obu_forms') . $student_number . '</a>';
$email_link = '<a href="mailto:' . $sc_contact->email . '?Subject=' . get_string('auths', 'local_obu_forms') . '" target="_top">' . $sc_contact->email . '</a>';
$html = get_string('request_authorisation', 'local_obu_forms', array('form' => $form_link, 'name' => $sc_contact->alternatename, 'phone' => $sc_contact->phone1, 'email' => $email_link));
email_to_user($authoriser, $author, 'Request for Form ' . $form->formref . $student_number . ' Authorisation (' . $author->username . ')', html_to_text($html), $html);
}
}
}
if ($record->authorisation_state == 1) {
// Form rejected
$status_text = get_string('status_rejected', 'local_obu_forms');
} else {
if ($record->authorisation_state == 2) {
// Form processed
$status_text = get_string('status_processed', 'local_obu_forms');
} else {
$status_text = '';
}
}
}
if ($status_text) {
$status_text = '<h3>' . $status_text . '</h3>';
}
get_form_status($USER->id, $form, $record, $text, $button_text);
// get the authorisation trail and the next action (from the user's perspective)
$status_text .= $text;
if ($button_text != 'authorise') {
// If not the next authoriser, check that this user can view the form
if (!is_manager($form) && $USER->id != $record->author) {
$message = get_string('form_unavailable', 'local_obu_forms');
}
} else {
// Display any notes prepared for the authoriser
$text = '';
if ($record->authorisation_level == 1) {
$text = $form->auth_1_notes;
} else {
if ($record->authorisation_level == 2) {
$text = $form->auth_2_notes;
/**
* Used to stop executing the page if the form is locked and the user is a non-admin.
* If the user is an admin, we will let them update the page, but they will be warned.
* @param int $patient_id The patient ID to check for
* @param int $slot_id The slot ID to check for
*/
function check_if_locked($patient_id, $slot_id)
{
$form_status = get_form_status($patient_id, $slot_id);
$user_role = get_user_role($_SESSION['id']);
//get id of Doctor (not patient!)
// Prevent all non-admins from editing a locked form.
if ($form_status == STATUS_LOCKED and $user_role != 'ADMIN') {
// Form is locked, sorry, you can't edit it!
die("Sorry, this form is locked! <a href = 'patient-info.php?patient_id={$patient_id}'>Click here for a read-only copy of this patient's data</a>");
} elseif ($form_status == STATUS_LOCKED and $user_role == 'ADMIN') {
echo '<div class="alert alert-danger"><strong>Attention! </strong>';
echo 'This form is <strong>locked/read-only</strong> to all users, except admins. You may edit this form (as an admin).</div>';
}
}
$PAGE->set_heading($heading);
// The page contents
echo $OUTPUT->header();
echo $OUTPUT->heading($heading);
$process = $home . 'local/obu_forms/process.php';
$redirect = $home . 'local/obu_forms/redirect.php';
$auths = get_form_auths($authoriser_id);
// Get outstanding authorisation requests
foreach ($auths as $auth) {
if ($authoriser_id != 0 || $auth->authoriser != $authoriser->id) {
read_form_data($auth->data_id, $data);
$template = read_form_template_by_id($data->template_id);
$form = read_form_settings($template->form_id);
// Check first that the user is a manager of this type of form and that it hasn't already been finally approved or rejected
if (is_manager($form) && $data->authorisation_state == 0) {
get_form_status($USER->id, $form, $data, $text, $button);
// Get the authorisation trail and the next action (from the user's perspective)
// If a staff form, extract any given student number
$student_number = '';
if (!$form->student) {
load_form_fields($data, $fields);
if (array_key_exists('student_number', $fields)) {
$student_number = ' [' . $fields['student_number'] . ']';
}
}
echo '<h4><a href="' . $process . '?id=' . $data->id . '">' . $form->formref . ': ' . $form->name . $student_number . '</a></h4>';
echo $text . '<' . $form->formref . '>';
if ($authoriser_username != 'csa') {
// They can't redirect away from themselves
echo '<p><a href="' . $redirect . '?id=' . $data->id . '">' . get_string('redirect_form', 'local_obu_forms') . '</a></p>';
}
// If you need an example backend script, please see `submit_pain_form.php`
include 'core/init.php';
/* For Debugging */
error_reporting(E_ALL);
ini_set('display_errors', 1);
/* patient_id will be propagated through a GET variable */
$form_status = STATUS_EMPTY;
//assume EMPTY until we determine otherwise
if (!isset($_GET['patient_id']) or !isset($_GET['slot_id']) or !isset($_GET['addnew'])) {
die("Patient ID and Slot ID and Addnew required");
}
$patient_id = clean_up($_GET['patient_id']);
$slot_id = clean_up($_GET['slot_id']);
$addnew = clean_up($_GET['addnew']);
// whether this is new (SQL INSERT) or adding (SQL UPDATE)
$form_status = get_form_status($patient_id, $slot_id);
$user_role = get_user_role($_SESSION['id']);
//role of user (doctor, med student, admin); not the patient
if ($form_status == STATUS_LOCKED and $user_role != 'ADMIN') {
// Form is locked, sorry, you can't edit it!
die("Sorry, this form is locked! <a href = 'patient-info.php?patient_id={$patient_id}'>Click here for a read-only copy of this patient's data</a>");
}
/*----------------------------------------------------------------------------------------------------------------------
* Step 1: Collect our POST variables into PHP variables for readability.
* We will perform data validation with helper functions.
* Pay careful attention to variables which have bounds
* As well as date parsing. SQL date convention is: YYYY-MM-DD
* As well as Yes/No or True/False responses. SQL convention dictates we
* store such information as CHAR(1): 'Y' or 'N'.
* There is a lot of information here, but we are simply just collecting the information from POST variables
* and performing any cleaning or validation