bradymiller wrote on Wednesday, July 24, 2013:
Hi,
I was asked to address the following here:
“We’re stumped about how to disable patient account deletion while preserving the balance of Superuser functions.”
here is the code of that patient delete button:
if (acl_check('admin', 'super')) {
echo "<td style='padding-left:1em;'><a class='css_button iframe' href='../deleter.php?patient=" .
htmlspecialchars($pid,ENT_QUOTES) . "' onclick='top.restoreSession()'>" .
"<span>".htmlspecialchars(xl('Delete'),ENT_NOQUOTES).
"</span></a></td>";
}
Note this button access is controlled by the admin->super ACO, which is described here:
http://www.open-emr.org/wiki/index.php/Access_Controls_Listing#Superuser_-can_delete_patients.2C_encounters.2C_issues.28super.29
Note that the ACL stuff is extremely minimal at this point and really just scratching the surface of what phpGACL can do. Guessing that at some point in the future, there will be much more granularity (ie. hundreds of ACO keys and several more return values).
There’s not really a “correct” way to add aco’s. If you are thinking of adding one or more, then bounce the idea of of us and can we can let you know if it makes sense (or if expanding a current aco makes more sense etc.). The one thing to always ensure, though, is to think of an ACO as a key to unlock something and don’t add ACO’s that deny access; otherwise it just gets too confusing.
Sometimes can also incorporate cool things as is what is done in the add list widget ACO’s, which are easy to customize. Could consider something like this in the basic deleter script (for example, each item that can be deleted from there would be the id of an aco with a ‘delete’ return value; can then also use these in the related Delete links to hide the pertinent delete links). And when deleting a whole patient, then would want to ensure the user had delete privileges of all the elements that would be deleted in addition to the main delete patient aco. Anyways, just thoughts. Whomever does the actual work will get to dictate the direction/solution.
I think an important step simply documenting the function of the current ACO’s (which is why I started the above wiki page awhile ago). Then easier to figure out how to add new ACO’s. There is also a “versioning” mechanism for the gacl stuff, so that it is incorporated into the upgrading safely. Here’s some tips for developers on adding new aco’s: http://www.open-emr.org/wiki/index.php/PhpGacl#Adding_new_ACO.2FACLs
-brady
OpenEMR