Developers Guide to ACLs

OpenEMR Development
#1

Is there a guide for developers on how to use the ACLs?

1 Like
#2

I never found one for OpenEMR, I had to dig in and see how OpenEMR was using it in the codebase. It follows similar principles as security ACLs and it looks like the phpGacl project which OpenEMR uses has a pretty good manual that explains the concepts it uses pretty well: http://phpgacl.sourceforge.net/manual.pdf

Reading the manual and looking at OpenEMR’s implementation of phpGacl can probably give you everything you need.

1 Like
#3

@adunsulag

Here is a case where the backend does not match the frontend.

image
image1820×648 106 KB

I am expecting to see a Forms section in the access control to assign access to the fee sheet.
So, I dig through the code and find this:

//acl check
if (!AclMain::aclCheckForm('fee_sheet') || !AclMain::aclCheckCore('patients', 'encounters')) {
    ?>
    <script>alert(<?php echo xlj("Not authorized"); ?>)</script>;
    <?php
    formJump();
}

Which in turn leads me here

public static function aclCheckForm($formdir, $user = '', $return_value = '')
{
    require_once(dirname(__FILE__) . '/../../../library/registry.inc');
    $tmp = getRegistryEntryByDirectory($formdir, 'aco_spec');
    return self::aclCheckAcoSpec($tmp['aco_spec'], $user, $return_value);
}

So, I look at the forms registry to find what is assigned to the fee sheet.

Which is this

image
image1754×73 3.44 KB

So, I go to my ACL and assigned this to my group.

image
image855×377 16.7 KB

But I still get this when trying to open the fee_sheet

image
image1172×260 16.1 KB

#4

@juggernautsei did you ever get this resolved? I’m having a similar issue with creating a new encounter.

#5

@snailwell, I don’t remember the solution to this. I marked @adunsulag reply as the solution to the issue.
What are you trying to accomplish?

#6

Trying to determine which permission controls the ability to create a new encounter. this line leads me to this:

image
image2006×68 13.9 KB

…but assigning that permission to a user from the ACL page does not allow them to create an encounter.

#7

In the screenshot that you shared, the dropdown is where the control on who can manually create and encounter. In the dropdown, you should see mine only or all. Select one of those to set who can create an encounter.