Merge pull request #816 from cmadjar/DicomArchivePermission

Dicom archive permission
aces · Nov 28, 2014 · 648872e · 648872e
2 parents 69df61c + ca21d72
commit 648872e
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 7 deletions.
diff --git a/SQL/0000-00-00-schema.sql b/SQL/0000-00-00-schema.sql
@@ -977,7 +977,8 @@ INSERT INTO `permissions` VALUES
     (23,'edit_final_radiological_review','Can edit final radiological reviews','2'),
     (24,'view_final_radiological_review','Can see final radiological reviews','2'),
     (25,'imaging_browser_view_site','View own-site Imaging Browser pages','2'),
-    (26,'imaging_browser_view_allsites', 'View all-sites Imaging Browser pages', '2');
+    (26,'imaging_browser_view_allsites', 'View all-sites Imaging Browser pages', '2'),
+    (27,'dicom_archive_view_allsites', 'Across all sites view Dicom Archive module and pages', '2');
 
 /*!40000 ALTER TABLE `permissions` ENABLE KEYS */;
 UNLOCK TABLES;

diff --git a/SQL/2014-11-25-DicomArchivePermission.sql b/SQL/2014-11-25-DicomArchivePermission.sql
@@ -0,0 +1 @@
+INSERT INTO permissions (code, description, categoryID) VALUES ("dicom_archive_view_allsites", "Across all sites view Dicom Archive module and pages", 2);
diff --git a/modules/dicom_archive/php/NDB_Form_dicom_archive.class.inc b/modules/dicom_archive/php/NDB_Form_dicom_archive.class.inc
@@ -33,6 +33,18 @@ class NDB_Form_Dicom_Archive extends NDB_Form
      * Keeps array of protocols from mri_protocol
      */
     var $protocols;
+
+    /**
+     * Determine whether the user has permission to view this page
+     *
+     * @return bool whether the user has access
+     */
+    function _hasAccess()
+    {
+        $user = User::singleton();
+        return $user->hasPermission('dicom_archive_view_allsites');
+    }
+
     /**
     * Sets up main parameters
     *
@@ -46,7 +58,7 @@ class NDB_Form_Dicom_Archive extends NDB_Form
             die();
         }
 
-        if (!empty($_REQUEST['tarchiveID'])) {
+        if ((!empty($_REQUEST['tarchiveID'])) && ($this->_hasAccess())) {
             $tarchiveID = $_REQUEST['tarchiveID'];
             $this->tpl_data['archive'] = $this->_getTarchiveData(
                 $tarchiveID, 'tarchive'

diff --git a/modules/dicom_archive/php/NDB_Menu_Filter_dicom_archive.class.inc b/modules/dicom_archive/php/NDB_Menu_Filter_dicom_archive.class.inc
@@ -37,11 +37,8 @@ class NDB_Menu_Filter_Dicom_Archive extends NDB_Menu_Filter
      */
     function _hasAccess()
     {
-        $user =& User::singleton();
-        if (Utility::isErrorX($user)) {
-            return PEAR::raiseError("User Error: " .$user->getMessage());
-        }
-        return $user->hasPermission('view_final_radiological_review');
+        $user = User::singleton();
+        return $user->hasPermission('dicom_archive_view_allsites');
     }
 
     /**
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		INSERT INTO permissions (code, description, categoryID) VALUES ("dicom_archive_view_allsites", "Across all sites view Dicom Archive module and pages", 2);