phpGACL syncronization

cfapress wrote on Tuesday, December 18, 2007:

Hi All,

I’m still on the path of OpenEMR integration with Active Directory. On that same train of thought, I have a need to sync the Users table in OpenEMR with the Users ARO Section in phpGACL. I checked the current ‘stable’ code and didn’t find anything so I wrote my own.

It’s really simple and doesn’t assign any specific group membership to the users when they are added to phpGACL. Here’s how it works:

1) Load up all *active* OpenEMR users
2) Add users to phpGACL if they aren’t already there
3) Load up all phpGACL users
4) Remove users from phpGACL if they aren’t *active* in OpenEMR

It’s a PHP script that can be run from the command line. It could be incorporated into a daily/hourly cron job if needed.

In my case I have over 150 users who may eventually need access to OpenEMR. I think our Agency is a unique case but my work may benefit others. I still need to get the CVS code downloaded but I wanted to share this piece of work with people here. I can copy-n-paste the code into a forum message but I think it would get the formatting all screwed up.

Jason Morrill
IT Manager
Child & Family Agency

lemonsoftwarero wrote on Saturday, December 22, 2007:

Hi Jason,

Could you send this piece of code to my emailbox? We’ll try to take a look at it, and if the others agree, we’ll commit it to cvs.

Best,
Cristian Navalici

cfapress wrote on Wednesday, December 26, 2007:

Hi Cristian,

I am not able to attach files to messages sent within SourceForge. So I’ll do the next best thing and post the source code here:

===============================================

<?php
/*
* This module will sync the Users table in OpenEMR with phpGACL
* so you don’t need to add objects to the Users section of phpGACL
* by hand.
*
*/

include_once("./acl.inc");
include_once("./sql.inc");
include_once("$phpgacl_location/gacl_api.class.php");

// check acl.inc for the proper variable
if (! isset($phpgacl_location)) {
    // not useing phpGACL, don’t bother with this script
    echo <<<EOL

*** ERROR ***
* You are not using phpGACL for authorization.
* (see acl.inc)
*
* This script is intended for OpenEMR installations which use
* phpGACL for all authorization. See acl.inc and the
* OpenEMR manual for more information and settings about
* phpGACL.
***
EOL;

    die;
}

// we’re using phpGACL… good

$gacl_api_object = new gacl_api();

$section_value = “users”;
$name = “”;   // User’s full name
$value = “”;  // User’s username
$order = 10;  // display order, default=10
$hidden = 0;  // 0=show, 1=hidden
$object_type = “ARO”; // ACO, ARO or AXO

// Gather up all the active usernames from the Users table
$oemrUsers = array();
$sqlH = sqlStatement(“select id, username, fname, lname from users where active=‘1’”);
while ($onerow = sqlFetchArray($sqlH)) { array_push($oemrUsers, $onerow); }

/*==============================*/
/*   Add new users to phpGACL   */
/*==============================*/

foreach ($oemrUsers as $oemrUser) {
    $value = trim($oemrUser[‘username’]);
    $name = trim($oemrUser[‘fname’]." ".$oemrUser[‘lname’]);

    // skip entries with blank usernames OR blank names
    if ($value == "" || $name == "") { continue; }

    // skip over existing users
    if ($gacl_api_object->get_object_id ($section_value, $value, $object_type)) {
        echo "Username $value ( $name ) already exists in phpGACL.\n";
        continue;
    }

    // add new users
    $gacl_api_object->add_object ($section_value, $name, $value, $order, $hidden, $object_type);
    echo "Added username $value ( $name ) to phpGACL.\n";
}

/*===============================*/
/* delete old users from phpGACL */
/*===============================*/

$skip_delete = true;  // should we skip the deletion part?

// Get all the phpGACL users
$phpGACLusers = $gacl_api_object->get_objects($section_value, $hidden, $object_type);
foreach ($phpGACLusers[‘users’] as $phpGACLUser) {
    $found = false;
    // look for the phpGACL user in the active OpenEMR user list
    foreach ($oemrUsers as $oemrUser) {
        if ($oemrUser[‘username’] == $phpGACLUser) {
            $found = true;
            break;
        }
    }

    if ($found == false) {
        // user isn’t active in OpenEMR so delete them from phpGACL
        $phpGACLID = $gacl_api_object->get_object_id($section_value, $phpGACLUser, $object_type);
        if ($phpGACLID && $skip_delete == false) {
            $gacl_api_object->del_object($phpGACLID, $object_type, true);
            echo “Deleted $phpGACLUser from phpGACL. \n”;
        }
    }
}

?>