feat(security): 添加控制器方法权限验证

- 在放射科增强控制器中添加安全注解导入 - 为实验室历史记录比较接口添加感染科室列表权限验证 - 为实验室结果添加接口添加感染科室编辑权限验证 - 为实验室趋势查询接口添加感染科室列表权限验证 - 为门诊增强控制器添加安全注解导入 - 为出院小结分页接口添加门诊出院列表权限验证 - 为出院小结添加接口添加门诊出院添加权限验证 - 为出院完成接口添加门诊出院编辑权限验证
2026-06-18 16:55:35 +08:00
parent b682bde47f
commit 278d7d39a4
3 changed files with 13 additions and 0 deletions
--- a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/check/controller/RadiologyEnhancedController.java
+++ b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/check/controller/RadiologyEnhancedController.java
@@ -7,6 +7,7 @@ import com.healthlink.his.check.domain.*;
 import com.healthlink.his.check.service.*;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
@@ -24,6 +25,7 @@ public class RadiologyEnhancedController {

    // ==================== 紧急报告 ====================
    @GetMapping("/urgent-report/page")
+    @PreAuthorize("@ss.hasPermi('infection:check:list')")
    public R<?> getUrgentReportPage(
            @RequestParam(value = "patientName", required = false) String patientName,
            @RequestParam(value = "notifyStatus", required = false) Integer status,
@@ -37,6 +39,7 @@ public class RadiologyEnhancedController {
    }

    @PostMapping("/urgent-report/add")
+    @PreAuthorize("@ss.hasPermi('infection:check:edit')")
    @Transactional(rollbackFor = Exception.class)
    public R<?> addUrgentReport(@RequestBody RadiologyUrgentReport r) {
        r.setNotifyStatus(0);
@@ -47,6 +50,7 @@ public class RadiologyEnhancedController {
    }

    @PostMapping("/urgent-report/notify")
+    @PreAuthorize("@ss.hasPermi('infection:check:edit')")
    @Transactional(rollbackFor = Exception.class)
    public R<?> notifyReport(@RequestParam Long id) {
        RadiologyUrgentReport r = urgentReportService.getById(id);
@@ -60,6 +64,7 @@ public class RadiologyEnhancedController {

    // ==================== 检查统计 ====================
    @GetMapping("/statistics/page")
+    @PreAuthorize("@ss.hasPermi('infection:check:list')")
    public R<?> getStatisticsPage(
            @RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo,
            @RequestParam(value = "pageSize", defaultValue = "20") Integer pageSize) {
--- a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/lab/controller/LabHistoryController.java
+++ b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/lab/controller/LabHistoryController.java
@@ -7,6 +7,7 @@ import com.healthlink.his.lab.domain.LabResultComparison;
 import com.healthlink.his.lab.service.ILabResultComparisonService;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
@@ -20,6 +21,7 @@ public class LabHistoryController {
    private final ILabResultComparisonService comparisonService;

    @GetMapping("/compare")
+    @PreAuthorize("@ss.hasPermi('infection:lab:list')")
    public R<?> compareResults(
            @RequestParam Long patientId,
            @RequestParam(required = false) String testItem) {
@@ -31,6 +33,7 @@ public class LabHistoryController {
    }

    @PostMapping("/add")
+    @PreAuthorize("@ss.hasPermi('infection:lab:edit')")
    @Transactional(rollbackFor = Exception.class)
    public R<?> addResult(@RequestBody LabResultComparison result) {
        result.setCreateTime(new java.util.Date());
@@ -39,6 +42,7 @@ public class LabHistoryController {
    }

    @GetMapping("/trend")
+    @PreAuthorize("@ss.hasPermi('infection:lab:list')")
    public R<?> getTrend(
            @RequestParam Long patientId,
            @RequestParam String testItem) {
--- a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/outpatient/controller/OutpatientEnhancedController.java
+++ b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/outpatient/controller/OutpatientEnhancedController.java
@@ -15,6 +15,7 @@ import com.healthlink.his.prescription.domain.PrescriptionInterceptLog;
 import com.healthlink.his.prescription.service.IPrescriptionInterceptLogService;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
@@ -105,6 +106,7 @@ public class OutpatientEnhancedController {

    // ==================== 出院小结 ====================
    @GetMapping("/discharge/page")
+    @PreAuthorize("hasAuthority('outpatient:discharge:list')")
    public R<?> getDischargePage(
            @RequestParam(value = "status", required = false) Integer status,
            @RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo,
@@ -116,6 +118,7 @@ public class OutpatientEnhancedController {
    }

    @PostMapping("/discharge/add")
+    @PreAuthorize("hasAuthority('outpatient:discharge:add')")
    @Transactional(rollbackFor = Exception.class)
    public R<?> addDischarge(@RequestBody DischargeSummary summary) {
        summary.setStatus(0);
@@ -125,6 +128,7 @@ public class OutpatientEnhancedController {
    }

    @PostMapping("/discharge/complete")
+    @PreAuthorize("hasAuthority('outpatient:discharge:edit')")
    @Transactional(rollbackFor = Exception.class)
    public R<?> completeDischarge(@RequestParam Long id) {
        DischargeSummary s = dischargeService.getById(id);