diff --git a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/document/controller/ProgressNoteController.java b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/document/controller/ProgressNoteController.java index 0850f0a89..b748cea2f 100644 --- a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/document/controller/ProgressNoteController.java +++ b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/document/controller/ProgressNoteController.java @@ -9,6 +9,7 @@ import com.healthlink.his.document.service.IProgressNoteReminderService; import com.healthlink.his.document.service.IProgressNoteService; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.transaction.annotation.Transactional; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; @@ -51,6 +52,7 @@ public class ProgressNoteController { * 分页查询病程记录列表 */ @GetMapping("/page") + @PreAuthorize("hasAuthority('document:progressnote:list')") public R getPage( @RequestParam(value = "patientName", required = false) String patientName, @RequestParam(value = "noteType", required = false) Integer noteType, @@ -73,6 +75,7 @@ public class ProgressNoteController { * 查询病程记录详情 */ @GetMapping("/detail") + @PreAuthorize("hasAuthority('document:progressnote:list')") public R getDetail(@RequestParam Long id) { ProgressNote note = progressNoteService.getById(id); if (note == null) return R.fail("病程记录不存在"); @@ -83,6 +86,7 @@ public class ProgressNoteController { * 新增病程记录 */ @PostMapping("/add") + @PreAuthorize("hasAuthority('document:progressnote:add')") @Transactional(rollbackFor = Exception.class) public R add(@RequestBody ProgressNote note) { note.setSignStatus(0); @@ -104,6 +108,7 @@ public class ProgressNoteController { * 修改病程记录(仅未签名可修改) */ @PutMapping("/update") + @PreAuthorize("hasAuthority('document:progressnote:edit')") @Transactional(rollbackFor = Exception.class) public R update(@RequestBody ProgressNote note) { ProgressNote existing = progressNoteService.getById(note.getId()); @@ -119,6 +124,7 @@ public class ProgressNoteController { * 删除病程记录(仅未签名可删除) */ @DeleteMapping("/delete") + @PreAuthorize("hasAuthority('document:progressnote:remove')") @Transactional(rollbackFor = Exception.class) public R delete(@RequestParam Long id) { ProgressNote note = progressNoteService.getById(id); @@ -132,6 +138,7 @@ public class ProgressNoteController { * 签名病程记录 */ @PostMapping("/sign") + @PreAuthorize("hasAuthority('document:progressnote:edit')") @Transactional(rollbackFor = Exception.class) public R sign(@RequestBody Map params) { Long id = Long.valueOf(params.get("id").toString()); @@ -151,6 +158,7 @@ public class ProgressNoteController { * 审核病程记录(上级医师) */ @PostMapping("/review") + @PreAuthorize("hasAuthority('document:progressnote:edit')") @Transactional(rollbackFor = Exception.class) public R review(@RequestBody Map params) { Long id = Long.valueOf(params.get("id").toString()); @@ -169,6 +177,7 @@ public class ProgressNoteController { * 获取时限监控面板 */ @GetMapping("/monitor") + @PreAuthorize("hasAuthority('document:progressnote:list')") public R getMonitor(@RequestParam(required = false) Long encounterId) { Map result = new HashMap<>(); Date now = new Date(); @@ -216,6 +225,7 @@ public class ProgressNoteController { * 获取提醒列表 */ @GetMapping("/reminders") + @PreAuthorize("hasAuthority('document:progressnote:list')") public R getReminders( @RequestParam(value = "status", required = false) Integer status, @RequestParam(value = "encounterId", required = false) Long encounterId) { @@ -230,6 +240,7 @@ public class ProgressNoteController { * 获取病程记录统计 */ @GetMapping("/stats") + @PreAuthorize("hasAuthority('document:progressnote:list')") public R getStats(@RequestParam Long encounterId) { Map stats = new HashMap<>(); LambdaQueryWrapper wrapper = new LambdaQueryWrapper<>(); diff --git a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/inpatientmanage/controller/NursingRecordController.java b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/inpatientmanage/controller/NursingRecordController.java index e59588dba..cf53c2514 100755 --- a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/inpatientmanage/controller/NursingRecordController.java +++ b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/inpatientmanage/controller/NursingRecordController.java @@ -8,6 +8,7 @@ import com.healthlink.his.web.inpatientmanage.dto.NursingRecordDto; import com.healthlink.his.web.inpatientmanage.dto.NursingSearchParam; import lombok.extern.slf4j.Slf4j; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; @@ -40,6 +41,7 @@ public class NursingRecordController { * @return 患者信息 */ @GetMapping("/patient-page") + @PreAuthorize("hasAuthority('nursing:record:list')") public R getPatientInfoPage(NursingSearchParam nursingSearchParam, @RequestParam(value = "searchKey", defaultValue = "") String searchKey, @RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo, @@ -58,6 +60,7 @@ public class NursingRecordController { * @return 患者护理记录单信息 */ @GetMapping("/nursing-patient-page") + @PreAuthorize("hasAuthority('nursing:record:list')") public R getNursingPatientPage(NursingSearchParam nursingSearchParam, @RequestParam(value = "searchKey", defaultValue = "") String searchKey, @RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo, @@ -72,6 +75,7 @@ public class NursingRecordController { * @param nursingRecordDto 护理记录实体 */ @PostMapping("/save-nursing") + @PreAuthorize("hasAuthority('nursing:record:add')") public R saveRecord(@Validated @RequestBody NursingRecordDto nursingRecordDto) { return nursingRecordAppService.saveRecord(nursingRecordDto); } @@ -82,6 +86,7 @@ public class NursingRecordController { * @param nursingRecordDto 护理记录实体 */ @PostMapping("/update-nursing") + @PreAuthorize("hasAuthority('nursing:record:edit')") public R updateRecord(@Validated @RequestBody NursingRecordDto nursingRecordDto) { return nursingRecordAppService.updateRecord(nursingRecordDto); } @@ -92,6 +97,7 @@ public class NursingRecordController { * @param recordList 记录单List */ @PostMapping("/delete-nursing") + @PreAuthorize("hasAuthority('nursing:record:remove')") public R delRecord(@Validated @RequestBody List recordList) { return nursingRecordAppService.delRecord(recordList); } @@ -106,6 +112,7 @@ public class NursingRecordController { * @return 患者护理记录单信息 */ @GetMapping("/emr-template-page") + @PreAuthorize("hasAuthority('nursing:record:list')") public R getEmrTemplate(NursingSearchParam nursingSearchParam, @RequestParam(value = "searchKey", defaultValue = "") String searchKey, @RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo, @@ -120,6 +127,7 @@ public class NursingRecordController { * @param emrTemplateDto 病历模板信息 */ @PostMapping("/emr-template-save") + @PreAuthorize("hasAuthority('nursing:record:add')") public R saveEmrTemplate(@Validated @RequestBody NursingEmrTemplateDto emrTemplateDto) { return nursingRecordAppService.saveEmrTemplate(emrTemplateDto); } @@ -131,6 +139,7 @@ public class NursingRecordController { * @return 操作结果 */ @PostMapping("/emr-template-del") + @PreAuthorize("hasAuthority('nursing:record:remove')") public R deleteEmrTemplate(@Validated @RequestBody List idList) { return nursingRecordAppService.deleteEmrTemplate(idList); } @@ -142,6 +151,7 @@ public class NursingRecordController { * @return 操作结果 */ @PostMapping("/emr-template-update") + @PreAuthorize("hasAuthority('nursing:record:edit')") public R updateEmrTemplate(@Validated @RequestBody NursingEmrTemplateDto emrTemplateDto) { return nursingRecordAppService.updateEmrTemplate(emrTemplateDto); } @@ -153,6 +163,7 @@ public class NursingRecordController { * @return 结果 */ @PostMapping("/batch-save") + @PreAuthorize("hasAuthority('nursing:record:edit')") public R batchSaveRecord(@Validated @RequestBody BatchNursingRecordDto batchDto) { return nursingRecordAppService.batchSaveRecord(batchDto); } diff --git a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/nursing/controller/NursingExecutionController.java b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/nursing/controller/NursingExecutionController.java index eb3b9ef1e..88b1b4a4c 100644 --- a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/nursing/controller/NursingExecutionController.java +++ b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/nursing/controller/NursingExecutionController.java @@ -7,6 +7,7 @@ import com.healthlink.his.nursing.domain.*; import com.healthlink.his.nursing.service.*; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.transaction.annotation.Transactional; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; @@ -25,6 +26,7 @@ public class NursingExecutionController { // ==================== 执行扫码 ==================== @GetMapping("/scan/page") + @PreAuthorize("hasAuthority('nursing:execution:list')") public R getScanPage( @RequestParam(value = "scanType", required = false) String scanType, @RequestParam(value = "patientName", required = false) String patientName, @@ -38,6 +40,7 @@ public class NursingExecutionController { } @PostMapping("/scan/add") + @PreAuthorize("hasAuthority('nursing:execution:add')") @Transactional(rollbackFor = Exception.class) public R addScan(@RequestBody NursingExecutionScan scan) { scan.setScanTime(new Date()); @@ -48,6 +51,7 @@ public class NursingExecutionController { // ==================== 交接班 ==================== @GetMapping("/handoff/page") + @PreAuthorize("hasAuthority('nursing:execution:list')") public R getHandoffPage( @RequestParam(value = "ward", required = false) String ward, @RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo, @@ -59,6 +63,7 @@ public class NursingExecutionController { } @PostMapping("/handoff/add") + @PreAuthorize("hasAuthority('nursing:execution:add')") @Transactional(rollbackFor = Exception.class) public R addHandoff(@RequestBody NursingHandoffRecord record) { record.setStatus(0); @@ -68,6 +73,7 @@ public class NursingExecutionController { } @PostMapping("/handoff/confirm") + @PreAuthorize("hasAuthority('nursing:execution:edit')") @Transactional(rollbackFor = Exception.class) public R confirmHandoff(@RequestParam Long id) { NursingHandoffRecord record = handoffService.getById(id); @@ -79,6 +85,7 @@ public class NursingExecutionController { } @GetMapping("/handoff/key-patients") + @PreAuthorize("hasAuthority('nursing:execution:list')") public R getKeyPatients( @RequestParam(value = "ward", required = false) String ward) { LambdaQueryWrapper w = new LambdaQueryWrapper<>(); @@ -105,6 +112,7 @@ public class NursingExecutionController { // ==================== 输液巡视 ==================== @GetMapping("/infusion/page") + @PreAuthorize("hasAuthority('nursing:execution:list')") public R getInfusionPage( @RequestParam(value = "patientName", required = false) String patientName, @RequestParam(value = "patencyStatus", required = false) String status, @@ -118,6 +126,7 @@ public class NursingExecutionController { } @PostMapping("/infusion/add") + @PreAuthorize("hasAuthority('nursing:execution:add')") @Transactional(rollbackFor = Exception.class) public R addInfusion(@RequestBody NursingInfusionPatrol patrol) { patrol.setPatrolTime(new Date());