Developers Guide to ACLs

Is there a guide for developers on how to use the ACLs?

I never found one for OpenEMR, I had to dig in and see how OpenEMR was using it in the codebase. It follows similar principles as security ACLs and it looks like the phpGacl project which OpenEMR uses has a pretty good manual that explains the concepts it uses pretty well:

Reading the manual and looking at OpenEMR’s implementation of phpGacl can probably give you everything you need.

1 Like


Here is a case where the backend does not match the frontend.

I am expecting to see a Forms section in the access control to assign access to the fee sheet.
So, I dig through the code and find this:

//acl check
if (!AclMain::aclCheckForm('fee_sheet') || !AclMain::aclCheckCore('patients', 'encounters')) {
    <script>alert(<?php echo xlj("Not authorized"); ?>)</script>;

Which in turn leads me here

public static function aclCheckForm($formdir, $user = '', $return_value = '')
    require_once(dirname(__FILE__) . '/../../../library/');
    $tmp = getRegistryEntryByDirectory($formdir, 'aco_spec');
    return self::aclCheckAcoSpec($tmp['aco_spec'], $user, $return_value);

So, I look at the forms registry to find what is assigned to the fee sheet.

Which is this

So, I go to my ACL and assigned this to my group.

But I still get this when trying to open the fee_sheet