From 278d7d39a490a120c500e136d64843e2ac04a176 Mon Sep 17 00:00:00 2001
From: chenqi <chen.qi@jin-group.cn>
Date: Thu, 18 Jun 2026 16:55:35 +0800
Subject: [PATCH] =?UTF-8?q?feat(security):=20=E6=B7=BB=E5=8A=A0=E6=8E=A7?=
 =?UTF-8?q?=E5=88=B6=E5=99=A8=E6=96=B9=E6=B3=95=E6=9D=83=E9=99=90=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 在放射科增强控制器中添加安全注解导入
- 为实验室历史记录比较接口添加感染科室列表权限验证
- 为实验室结果添加接口添加感染科室编辑权限验证
- 为实验室趋势查询接口添加感染科室列表权限验证
- 为门诊增强控制器添加安全注解导入
- 为出院小结分页接口添加门诊出院列表权限验证
- 为出院小结添加接口添加门诊出院添加权限验证
- 为出院完成接口添加门诊出院编辑权限验证
---
 .../web/check/controller/RadiologyEnhancedController.java    | 5 +++++
 .../his/web/lab/controller/LabHistoryController.java         | 4 ++++
 .../outpatient/controller/OutpatientEnhancedController.java  | 4 ++++
 3 files changed, 13 insertions(+)

diff --git a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/check/controller/RadiologyEnhancedController.java b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/check/controller/RadiologyEnhancedController.java
index 8933aa3be..40447014d 100644
--- a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/check/controller/RadiologyEnhancedController.java
+++ b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/check/controller/RadiologyEnhancedController.java
@@ -7,6 +7,7 @@ import com.healthlink.his.check.domain.*;
 import com.healthlink.his.check.service.*;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
@@ -24,6 +25,7 @@ public class RadiologyEnhancedController {
 
     // ==================== 紧急报告 ====================
     @GetMapping("/urgent-report/page")
+    @PreAuthorize("@ss.hasPermi('infection:check:list')")
     public R<?> getUrgentReportPage(
             @RequestParam(value = "patientName", required = false) String patientName,
             @RequestParam(value = "notifyStatus", required = false) Integer status,
@@ -37,6 +39,7 @@ public class RadiologyEnhancedController {
     }
 
     @PostMapping("/urgent-report/add")
+    @PreAuthorize("@ss.hasPermi('infection:check:edit')")
     @Transactional(rollbackFor = Exception.class)
     public R<?> addUrgentReport(@RequestBody RadiologyUrgentReport r) {
         r.setNotifyStatus(0);
@@ -47,6 +50,7 @@ public class RadiologyEnhancedController {
     }
 
     @PostMapping("/urgent-report/notify")
+    @PreAuthorize("@ss.hasPermi('infection:check:edit')")
     @Transactional(rollbackFor = Exception.class)
     public R<?> notifyReport(@RequestParam Long id) {
         RadiologyUrgentReport r = urgentReportService.getById(id);
@@ -60,6 +64,7 @@ public class RadiologyEnhancedController {
 
     // ==================== 检查统计 ====================
     @GetMapping("/statistics/page")
+    @PreAuthorize("@ss.hasPermi('infection:check:list')")
     public R<?> getStatisticsPage(
             @RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo,
             @RequestParam(value = "pageSize", defaultValue = "20") Integer pageSize) {
diff --git a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/lab/controller/LabHistoryController.java b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/lab/controller/LabHistoryController.java
index 2f32f54be..d5ab78b48 100644
--- a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/lab/controller/LabHistoryController.java
+++ b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/lab/controller/LabHistoryController.java
@@ -7,6 +7,7 @@ import com.healthlink.his.lab.domain.LabResultComparison;
 import com.healthlink.his.lab.service.ILabResultComparisonService;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
@@ -20,6 +21,7 @@ public class LabHistoryController {
     private final ILabResultComparisonService comparisonService;
 
     @GetMapping("/compare")
+    @PreAuthorize("@ss.hasPermi('infection:lab:list')")
     public R<?> compareResults(
             @RequestParam Long patientId,
             @RequestParam(required = false) String testItem) {
@@ -31,6 +33,7 @@ public class LabHistoryController {
     }
 
     @PostMapping("/add")
+    @PreAuthorize("@ss.hasPermi('infection:lab:edit')")
     @Transactional(rollbackFor = Exception.class)
     public R<?> addResult(@RequestBody LabResultComparison result) {
         result.setCreateTime(new java.util.Date());
@@ -39,6 +42,7 @@ public class LabHistoryController {
     }
 
     @GetMapping("/trend")
+    @PreAuthorize("@ss.hasPermi('infection:lab:list')")
     public R<?> getTrend(
             @RequestParam Long patientId,
             @RequestParam String testItem) {
diff --git a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/outpatient/controller/OutpatientEnhancedController.java b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/outpatient/controller/OutpatientEnhancedController.java
index 4936b3acf..1109d531d 100644
--- a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/outpatient/controller/OutpatientEnhancedController.java
+++ b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/outpatient/controller/OutpatientEnhancedController.java
@@ -15,6 +15,7 @@ import com.healthlink.his.prescription.domain.PrescriptionInterceptLog;
 import com.healthlink.his.prescription.service.IPrescriptionInterceptLogService;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
@@ -105,6 +106,7 @@ public class OutpatientEnhancedController {
 
     // ==================== 出院小结 ====================
     @GetMapping("/discharge/page")
+    @PreAuthorize("hasAuthority('outpatient:discharge:list')")
     public R<?> getDischargePage(
             @RequestParam(value = "status", required = false) Integer status,
             @RequestParam(value = "pageNo", defaultValue = "1") Integer pageNo,
@@ -116,6 +118,7 @@ public class OutpatientEnhancedController {
     }
 
     @PostMapping("/discharge/add")
+    @PreAuthorize("hasAuthority('outpatient:discharge:add')")
     @Transactional(rollbackFor = Exception.class)
     public R<?> addDischarge(@RequestBody DischargeSummary summary) {
         summary.setStatus(0);
@@ -125,6 +128,7 @@ public class OutpatientEnhancedController {
     }
 
     @PostMapping("/discharge/complete")
+    @PreAuthorize("hasAuthority('outpatient:discharge:edit')")
     @Transactional(rollbackFor = Exception.class)
     public R<?> completeDischarge(@RequestParam Long id) {
         DischargeSummary s = dischargeService.getById(id);