wangyizhe/his
1
3
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

feat(security): add @PreAuthorize to nurse station and doctor station controllers

Browse Source 
- ProgressNoteController: added PreAuthorize for all endpoints
- NursingExecutionController: added PreAuthorize for scan, handoff, and infusion endpoints
- NursingRecordController: added PreAuthorize for all nursing record endpoints
- OutpatientEnhancedController: added PreAuthorize for discharge summary endpoints
This commit is contained in:
chenqi
2026-06-18 17:11:41 +08:00
parent 1e4838076e
commit 04a8fbb751
3 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/document/controller/ProgressNoteController.java
View File

@@ -9,6 +9,7 @@ import com.healthlink.his.document.service.IProgressNoteReminderService;
import com.healthlink.his.document.service.IProgressNoteService;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
@@ -51,6 +52,7 @@ public class ProgressNoteController {
* 分页查询病程记录列表
*/
@GetMapping("/page")
@PreAuthorize("hasAuthority('document:progressnote:list')")
public R<?> getPage(
@RequestParam(value = "patientName", required = false) String patientName,
@RequestParam(value = "noteType", required = false) Integer noteType,
@@ -73,6 +75,7 @@ public class ProgressNoteController {
* 查询病程记录详情
*/
@GetMapping("/detail")
@PreAuthorize("hasAuthority('document:progressnote:list')")
public R<?> getDetail(@RequestParam Long id) {
ProgressNote note = progressNoteService.getById(id);
if (note == null) return R.fail("病程记录不存在");
@@ -83,6 +86,7 @@ public class ProgressNoteController {
* 新增病程记录
*/
@PostMapping("/add")
@PreAuthorize("hasAuthority('document:progressnote:add')")
@Transactional(rollbackFor = Exception.class)
public R<?> add(@RequestBody ProgressNote note) {
note.setSignStatus(0);
@@ -104,6 +108,7 @@ public class ProgressNoteController {
* 修改病程记录(仅未签名可修改)
*/
@PutMapping("/update")
@PreAuthorize("hasAuthority('document:progressnote:edit')")
@Transactional(rollbackFor = Exception.class)
public R<?> update(@RequestBody ProgressNote note) {
ProgressNote existing = progressNoteService.getById(note.getId());
@@ -119,6 +124,7 @@ public class ProgressNoteController {
* 删除病程记录(仅未签名可删除)
*/
@DeleteMapping("/delete")
@PreAuthorize("hasAuthority('document:progressnote:remove')")
@Transactional(rollbackFor = Exception.class)
public R<?> delete(@RequestParam Long id) {
ProgressNote note = progressNoteService.getById(id);
@@ -132,6 +138,7 @@ public class ProgressNoteController {
* 签名病程记录
*/
@PostMapping("/sign")
@PreAuthorize("hasAuthority('document:progressnote:edit')")
@Transactional(rollbackFor = Exception.class)
public R<?> sign(@RequestBody Map<String, Object> params) {
Long id = Long.valueOf(params.get("id").toString());
@@ -151,6 +158,7 @@ public class ProgressNoteController {
* 审核病程记录(上级医师)
*/
@PostMapping("/review")
@PreAuthorize("hasAuthority('document:progressnote:edit')")
@Transactional(rollbackFor = Exception.class)
public R<?> review(@RequestBody Map<String, Object> params) {
Long id = Long.valueOf(params.get("id").toString());
@@ -169,6 +177,7 @@ public class ProgressNoteController {
* 获取时限监控面板
*/
@GetMapping("/monitor")
@PreAuthorize("hasAuthority('document:progressnote:list')")
public R<?> getMonitor(@RequestParam(required = false) Long encounterId) {
Map<String, Object> result = new HashMap<>();
Date now = new Date();
@@ -216,6 +225,7 @@ public class ProgressNoteController {
* 获取提醒列表
*/
@GetMapping("/reminders")
@PreAuthorize("hasAuthority('document:progressnote:list')")
public R<?> getReminders(
@RequestParam(value = "status", required = false) Integer status,
@RequestParam(value = "encounterId", required = false) Long encounterId) {
@@ -230,6 +240,7 @@ public class ProgressNoteController {
* 获取病程记录统计
*/
@GetMapping("/stats")
@PreAuthorize("hasAuthority('document:progressnote:list')")
public R<?> getStats(@RequestParam Long encounterId) {
Map<String, Object> stats = new HashMap<>();
LambdaQueryWrapper<ProgressNote> wrapper = new LambdaQueryWrapper<>();

11
healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/inpatientmanage/controller/NursingRecordController.java
View File

@@ -8,6 +8,7 @@ import com.healthlink.his.web.inpatientmanage.dto.NursingRecordDto;
import com.healthlink.his.web.inpatientmanage.dto.NursingSearchParam;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;
@@ -40,6 +41,7 @@ public class NursingRecordController {
* @return 患者信息
*/
@GetMapping("/patient-page")
@PreAuthorize("hasAuthority('nursing:record:list')")
public R<?> getPatientInfoPage(NursingSearchParam nursingSearchParam,
@RequestParam(value = "searchKey", defaultValue = "") String searchKey,
@RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo,
@@ -58,6 +60,7 @@ public class NursingRecordController {
* @return 患者护理记录单信息
*/
@GetMapping("/nursing-patient-page")
@PreAuthorize("hasAuthority('nursing:record:list')")
public R<?> getNursingPatientPage(NursingSearchParam nursingSearchParam,
@RequestParam(value = "searchKey", defaultValue = "") String searchKey,
@RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo,
@@ -72,6 +75,7 @@ public class NursingRecordController {
* @param nursingRecordDto 护理记录实体
*/
@PostMapping("/save-nursing")
@PreAuthorize("hasAuthority('nursing:record:add')")
public R<?> saveRecord(@Validated @RequestBody NursingRecordDto nursingRecordDto) {
return nursingRecordAppService.saveRecord(nursingRecordDto);
}
@@ -82,6 +86,7 @@ public class NursingRecordController {
* @param nursingRecordDto 护理记录实体
*/
@PostMapping("/update-nursing")
@PreAuthorize("hasAuthority('nursing:record:edit')")
public R<?> updateRecord(@Validated @RequestBody NursingRecordDto nursingRecordDto) {
return nursingRecordAppService.updateRecord(nursingRecordDto);
}
@@ -92,6 +97,7 @@ public class NursingRecordController {
* @param recordList 记录单List
*/
@PostMapping("/delete-nursing")
@PreAuthorize("hasAuthority('nursing:record:remove')")
public R<?> delRecord(@Validated @RequestBody List<NursingRecordDto> recordList) {
return nursingRecordAppService.delRecord(recordList);
}
@@ -106,6 +112,7 @@ public class NursingRecordController {
* @return 患者护理记录单信息
*/
@GetMapping("/emr-template-page")
@PreAuthorize("hasAuthority('nursing:record:list')")
public R<?> getEmrTemplate(NursingSearchParam nursingSearchParam,
@RequestParam(value = "searchKey", defaultValue = "") String searchKey,
@RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo,
@@ -120,6 +127,7 @@ public class NursingRecordController {
* @param emrTemplateDto 病历模板信息
*/
@PostMapping("/emr-template-save")
@PreAuthorize("hasAuthority('nursing:record:add')")
public R<?> saveEmrTemplate(@Validated @RequestBody NursingEmrTemplateDto emrTemplateDto) {
return nursingRecordAppService.saveEmrTemplate(emrTemplateDto);
}
@@ -131,6 +139,7 @@ public class NursingRecordController {
* @return 操作结果
*/
@PostMapping("/emr-template-del")
@PreAuthorize("hasAuthority('nursing:record:remove')")
public R<?> deleteEmrTemplate(@Validated @RequestBody List<Long> idList) {
return nursingRecordAppService.deleteEmrTemplate(idList);
}
@@ -142,6 +151,7 @@ public class NursingRecordController {
* @return 操作结果
*/
@PostMapping("/emr-template-update")
@PreAuthorize("hasAuthority('nursing:record:edit')")
public R<?> updateEmrTemplate(@Validated @RequestBody NursingEmrTemplateDto emrTemplateDto) {
return nursingRecordAppService.updateEmrTemplate(emrTemplateDto);
}
@@ -153,6 +163,7 @@ public class NursingRecordController {
* @return 结果
*/
@PostMapping("/batch-save")
@PreAuthorize("hasAuthority('nursing:record:edit')")
public R<?> batchSaveRecord(@Validated @RequestBody BatchNursingRecordDto batchDto) {
return nursingRecordAppService.batchSaveRecord(batchDto);
}

9
healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/nursing/controller/NursingExecutionController.java
View File

@@ -7,6 +7,7 @@ import com.healthlink.his.nursing.domain.*;
import com.healthlink.his.nursing.service.*;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
@@ -25,6 +26,7 @@ public class NursingExecutionController {
// ==================== 执行扫码 ====================
@GetMapping("/scan/page")
@PreAuthorize("hasAuthority('nursing:execution:list')")
public R<?> getScanPage(
@RequestParam(value = "scanType", required = false) String scanType,
@RequestParam(value = "patientName", required = false) String patientName,
@@ -38,6 +40,7 @@ public class NursingExecutionController {
}
@PostMapping("/scan/add")
@PreAuthorize("hasAuthority('nursing:execution:add')")
@Transactional(rollbackFor = Exception.class)
public R<?> addScan(@RequestBody NursingExecutionScan scan) {
scan.setScanTime(new Date());
@@ -48,6 +51,7 @@ public class NursingExecutionController {
// ==================== 交接班 ====================
@GetMapping("/handoff/page")
@PreAuthorize("hasAuthority('nursing:execution:list')")
public R<?> getHandoffPage(
@RequestParam(value = "ward", required = false) String ward,
@RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo,
@@ -59,6 +63,7 @@ public class NursingExecutionController {
}
@PostMapping("/handoff/add")
@PreAuthorize("hasAuthority('nursing:execution:add')")
@Transactional(rollbackFor = Exception.class)
public R<?> addHandoff(@RequestBody NursingHandoffRecord record) {
record.setStatus(0);
@@ -68,6 +73,7 @@ public class NursingExecutionController {
}
@PostMapping("/handoff/confirm")
@PreAuthorize("hasAuthority('nursing:execution:edit')")
@Transactional(rollbackFor = Exception.class)
public R<?> confirmHandoff(@RequestParam Long id) {
NursingHandoffRecord record = handoffService.getById(id);
@@ -79,6 +85,7 @@ public class NursingExecutionController {
}
@GetMapping("/handoff/key-patients")
@PreAuthorize("hasAuthority('nursing:execution:list')")
public R<?> getKeyPatients(
@RequestParam(value = "ward", required = false) String ward) {
LambdaQueryWrapper<NursingHandoffRecord> w = new LambdaQueryWrapper<>();
@@ -105,6 +112,7 @@ public class NursingExecutionController {
// ==================== 输液巡视 ====================
@GetMapping("/infusion/page")
@PreAuthorize("hasAuthority('nursing:execution:list')")
public R<?> getInfusionPage(
@RequestParam(value = "patientName", required = false) String patientName,
@RequestParam(value = "patencyStatus", required = false) String status,
@@ -118,6 +126,7 @@ public class NursingExecutionController {
}
@PostMapping("/infusion/add")
@PreAuthorize("hasAuthority('nursing:execution:add')")
@Transactional(rollbackFor = Exception.class)
public R<?> addInfusion(@RequestBody NursingInfusionPatrol patrol) {
patrol.setPatrolTime(new Date());