From 74aa24f36eefa2ad4b62f374ea65af88f075ac3a Mon Sep 17 00:00:00 2001
From: chenqi <chen.qi@jin-group.cn>
Date: Sat, 20 Jun 2026 16:30:54 +0800
Subject: [PATCH] =?UTF-8?q?fix(security):=20=E4=BF=AE=E5=A4=8DEmpiControll?=
 =?UTF-8?q?er=20@PreAuthorize=E6=A0=BC=E5=BC=8F=E9=94=99=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../his/web/empi/controller/EmpiController.java           | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/empi/controller/EmpiController.java b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/empi/controller/EmpiController.java
index 77a06a1c6..ddb122350 100644
--- a/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/empi/controller/EmpiController.java
+++ b/healthlink-his-server/healthlink-his-application/src/main/java/com/healthlink/his/web/empi/controller/EmpiController.java
@@ -26,7 +26,7 @@ public class EmpiController {
 
     @Operation(summary = "合并患者")
     @PostMapping("/merge")
-    @PreAuthorize("infection:empi:edit")
+    @PreAuthorize("@ss.hasPermi('infection:empi:edit')")
     public AjaxResult merge(@RequestParam Long primaryId, @RequestParam List<Long> secondaryIds) {
         empiAppService.mergePersons(primaryId, secondaryIds);
         return AjaxResult.success();
@@ -34,7 +34,7 @@ public class EmpiController {
 
     @Operation(summary = "拆分患者")
     @PostMapping("/split")
-    @PreAuthorize("infection:empi:edit")
+    @PreAuthorize("@ss.hasPermi('infection:empi:edit')")
     public AjaxResult split(@RequestParam Long primaryId, @RequestParam List<Long> secondaryIds) {
         empiAppService.splitPatients(primaryId, secondaryIds);
         return AjaxResult.success();
@@ -42,14 +42,14 @@ public class EmpiController {
 
     @Operation(summary = "检测重复患者")
     @GetMapping("/duplicates")
-    @PreAuthorize("infection:empi:list")
+    @PreAuthorize("@ss.hasPermi('infection:empi:list')")
     public AjaxResult detectDuplicates() {
         return AjaxResult.success(empiAppService.detectDuplicates());
     }
 
     @Operation(summary = "跨系统同步")
     @PostMapping("/sync")
-    @PreAuthorize("infection:empi:edit")
+    @PreAuthorize("@ss.hasPermi('infection:empi:edit')")
     public AjaxResult syncCrossSystem(@RequestParam String globalId) {
         return AjaxResult.success(empiAppService.syncCrossSystem(globalId));
     }