diff --git a/pom.xml b/pom.xml
index 5fac3076..223fc771 100644
--- a/pom.xml
+++ b/pom.xml
@@ -64,6 +64,10 @@
slf4j-simple
${slf4j.version}
+
+ org.springframework.boot
+ spring-boot-starter-security
+
co.elastic.logging
logback-ecs-encoder
diff --git a/src/main/java/com/iemr/mmu/controller/anc/ANCController.java b/src/main/java/com/iemr/mmu/controller/anc/ANCController.java
index 178f080b..7c135c67 100644
--- a/src/main/java/com/iemr/mmu/controller/anc/ANCController.java
+++ b/src/main/java/com/iemr/mmu/controller/anc/ANCController.java
@@ -26,6 +26,7 @@
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.repository.query.Param;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -59,6 +60,7 @@ public class ANCController {
*/
@Operation(summary = "Save ANC nurse data")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE')")
public String saveBenANCNurseData(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
try {
@@ -91,6 +93,7 @@ public String saveBenANCNurseData(@RequestBody String requestObj) {
*/
@Operation(summary = "Save ANC doctor data")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize(" hasRole('DOCTOR')")
public String saveBenANCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
OutputResponse response = new OutputResponse();
@@ -116,6 +119,7 @@ public String saveBenANCDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get beneficiary visit details from nurse ANC")
@PostMapping(value = { "/getBenVisitDetailsFrmNurseANC" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
@Transactional(rollbackFor = Exception.class)
public String getBenVisitDetailsFrmNurseANC(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -147,6 +151,7 @@ public String getBenVisitDetailsFrmNurseANC(
@Operation(summary = "Get beneficiary ANC care details from nurse ANC")
@PostMapping(value = { "/getBenANCDetailsFrmNurseANC" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenANCDetailsFrmNurseANC(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -178,7 +183,7 @@ public String getBenANCDetailsFrmNurseANC(
*/
@Operation(summary = "Get beneficiary ANC history details from nurse to doctor ")
@PostMapping(value = { "/getBenANCHistoryDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenANCHistoryDetails(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -209,6 +214,7 @@ public String getBenANCHistoryDetails(
*/
@Operation(summary = "Get beneficiary ANC vital details from nurse ANC")
@PostMapping(value = { "/getBenANCVitalDetailsFrmNurseANC" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenANCVitalDetailsFrmNurseANC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -240,7 +246,7 @@ public String getBenANCVitalDetailsFrmNurseANC(
*/
@Operation(summary = "Get beneficiary ANC examination details from nurse to doctor ")
@PostMapping(value = { "/getBenExaminationDetailsANC" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenExaminationDetailsANC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -272,6 +278,7 @@ public String getBenExaminationDetailsANC(
@Operation(summary = "Get beneficiary doctor entered details")
@PostMapping(value = { "/getBenCaseRecordFromDoctorANC" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenCaseRecordFromDoctorANC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -298,6 +305,7 @@ public String getBenCaseRecordFromDoctorANC(
@Operation(summary = "Check high risk pregnancy status for ANC beneficiary")
@PostMapping(value = { "/getHRPStatus" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getHRPStatus(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -326,6 +334,7 @@ public String getHRPStatus(
@Operation(summary = "Update ANC care data in doctor screen")
@PostMapping(value = { "/update/ANCScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateANCCareNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -356,6 +365,7 @@ public String updateANCCareNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update ANC history data in doctor screen")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateANCHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -385,6 +395,7 @@ public String updateANCHistoryNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update ANC vital data in doctor screen")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateANCVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -415,6 +426,7 @@ public String updateANCVitalNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update ANC examination data in doctor screen")
@PostMapping(value = { "/update/examinationScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateANCExaminationNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -445,6 +457,7 @@ public String updateANCExaminationNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update ANC doctor data")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateANCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
diff --git a/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java b/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java
index 99428f89..f06acd5d 100644
--- a/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java
+++ b/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -67,6 +68,7 @@ public void setCancerScreeningServiceImpl(CSServiceImpl cSServiceImpl) {
*/
@Operation(summary = "Save cancer screening nurse data")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE')")
public String saveBenCancerScreeningNurseData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
OutputResponse response = new OutputResponse();
@@ -106,6 +108,7 @@ else if (nurseDataSaveSuccessFlag == 2)
*/
@Operation(summary = "Save cancer screening doctor data")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR')")
public String saveBenCancerScreeningDoctorData(@RequestBody String requestObj,
@RequestHeader String authorization) {
OutputResponse response = new OutputResponse();
@@ -132,6 +135,7 @@ public String saveBenCancerScreeningDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get beneficiary visit details from nurse screen")
@PostMapping(value = { "/getBenDataFrmNurseToDocVisitDetailsScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
@ApiParam(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -161,6 +165,7 @@ public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
*/
@Operation(summary = "Get beneficiary cancer history details from nurse screen")
@PostMapping(value = { "/getBenDataFrmNurseToDocHistoryScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenDataFrmNurseScrnToDocScrnHistory(
@ApiParam(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -189,6 +194,7 @@ public String getBenDataFrmNurseScrnToDocScrnHistory(
*/
@Operation(summary = "Get beneficiary vital details from nurse screen")
@PostMapping(value = { "/getBenDataFrmNurseToDocVitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenDataFrmNurseScrnToDocScrnVital(
@ApiParam(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -218,6 +224,7 @@ public String getBenDataFrmNurseScrnToDocScrnVital(
*/
@Operation(summary = "Get beneficiary examination details from nurse screen")
@PostMapping(value = { "/getBenDataFrmNurseToDocExaminationScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenDataFrmNurseScrnToDocScrnExamination(
@ApiParam(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -247,6 +254,7 @@ public String getBenDataFrmNurseScrnToDocScrnExamination(
*/
@Operation(summary = "Get beneficiary cancer family history")
@PostMapping(value = { "/getBenCancerFamilyHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenCancerFamilyHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -278,6 +286,7 @@ public String getBenCancerFamilyHistory(
*/
@Operation(summary = "Get beneficiary cancer personal history")
@PostMapping(value = { "/getBenCancerPersonalHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenCancerPersonalHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -309,6 +318,7 @@ public String getBenCancerPersonalHistory(
*/
@Operation(summary = "Get beneficiary cancer personal diet history")
@PostMapping(value = { "/getBenCancerPersonalDietHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenCancerPersonalDietHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -340,6 +350,7 @@ public String getBenCancerPersonalDietHistory(
*/
@Operation(summary = "Get beneficiary cancer obstetric history")
@PostMapping(value = { "/getBenCancerObstetricHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenCancerObstetricHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -370,6 +381,7 @@ public String getBenCancerObstetricHistory(
*/
@Operation(summary = "Get beneficiary doctor entered details")
@PostMapping(value = { "/getBenCaseRecordFromDoctorCS" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
@Transactional(rollbackFor = Exception.class)
public String getBenCaseRecordFromDoctorCS(
@ApiParam(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -396,6 +408,7 @@ public String getBenCaseRecordFromDoctorCS(
@Operation(summary = "Update cancer screening history nurse data in doctor screen")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateCSHistoryNurse(
@ApiParam(value = "{\"historyDetails\": {\"familyHistory\":{\"diseases\": [{\"beneficiaryRegID\":\"Long\", \"benVisitID\":\"Long\", "
+ "\"providerServiceMapID\":\"Integer\", \"cancerDiseaseType\":\"String\", \"otherDiseaseType\":\"String\", \"familyMemberList\":\"List\", "
@@ -440,6 +453,7 @@ public String updateCSHistoryNurse(
*/
@Operation(summary = "Update beneficiary vital detail")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String upodateBenVitalDetail(
@ApiParam(value = "{\"ID\": \"Long\", \"beneficiaryRegID\":\"Long\",\"benVisitID\":\"Long\","
+ "\"weight_Kg\":\"Double\", \"height_cm\":\"Double\", \"waistCircumference_cm\":\"Double\", \"bloodGlucose_Fasting\":\"Short\","
@@ -476,6 +490,7 @@ public String upodateBenVitalDetail(
*/
@Operation(summary = "Update beneficiary examination detail")
@PostMapping(value = { "/update/examinationScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String upodateBenExaminationDetail(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -505,6 +520,7 @@ public String upodateBenExaminationDetail(@RequestBody String requestObj) {
*/
@Operation(summary = "Update cancer diagnosis details by oncologist")
@PostMapping(value = { "/update/examinationScreen/diagnosis" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('ONCOLOGIST')")
public String updateCancerDiagnosisDetailsByOncologist(
@ApiParam(value = "{\"beneficiaryRegID\":\"Long\", \"benVisitID\":\"Long\", \"visitCode\":\"Long\", "
+ "\"provisionalDiagnosisOncologist\":\"String\", \"modifiedBy\":\"string\"}") @RequestBody String requestObj) {
@@ -536,6 +552,7 @@ public String updateCancerDiagnosisDetailsByOncologist(
*/
@Operation(summary = "Update cancer screening doctor data")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateCancerScreeningDoctorData(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
diff --git a/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java b/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java
index d05c4655..c0df03d6 100644
--- a/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java
+++ b/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java
@@ -32,7 +32,7 @@
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
-
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
@@ -95,6 +95,7 @@ public void setCommonNurseServiceImpl(CommonNurseServiceImpl commonNurseServiceI
@Operation(summary = "Provides doctor worklist")
@GetMapping(value = { "/getDocWorklistNew/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('DOCTOR')")
public String getDocWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("serviceID") Integer serviceID, @PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -118,6 +119,7 @@ public String getDocWorkListNew(@PathVariable("providerServiceMapID") Integer pr
@Operation(summary = "Provides doctor worklist future scheduled for TM")
@GetMapping(value = { "/getDocWorkListNewFutureScheduledForTM/{providerServiceMapID}/{serviceID}" })
+ @PreAuthorize("hasRole('DOCTOR')")
public String getDocWorkListNewFutureScheduledForTM(
@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("serviceID") Integer serviceID) {
@@ -143,6 +145,7 @@ public String getDocWorkListNewFutureScheduledForTM(
@Operation(summary = "Get nurse worklist new")
@GetMapping(value = { "/getNurseWorklistNew/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('NURSE')")
public String getNurseWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -166,6 +169,7 @@ public String getNurseWorkListNew(@PathVariable("providerServiceMapID") Integer
*/
@Operation(summary = "Get nurse worklist TM referred")
@GetMapping(value = { "/getNurseWorklistTMreferred/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('NURSE')")
public String getNurseWorklistTMreferred(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -184,6 +188,7 @@ public String getNurseWorklistTMreferred(@PathVariable("providerServiceMapID") I
@Operation(summary = "Get doctor entered previous significant Ffindings")
@PostMapping(value = { "/getDoctorPreviousSignificantFindings" })
+ @PreAuthorize("hasRole('DOCTOR')")
public String getDoctorPreviousSignificantFindings(
@ApiParam(value = "{\"beneficiaryRegID\": \"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -208,6 +213,7 @@ public String getDoctorPreviousSignificantFindings(
@Operation(summary = "Get lab technician worklist new")
@GetMapping(value = { "/getLabWorklistNew/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('LAB_TECHNICIAN') || hasRole('LABTECHNICIAN')")
public String getLabWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -226,6 +232,7 @@ public String getLabWorkListNew(@PathVariable("providerServiceMapID") Integer pr
@Operation(summary = "Get radiologist worklist new")
@GetMapping(value = { "/getRadiologist-worklist-New/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('RADIOLOGIST')")
public String getRadiologistWorklistNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -244,6 +251,7 @@ public String getRadiologistWorklistNew(@PathVariable("providerServiceMapID") In
@Operation(summary = "Get oncologist worklist new")
@GetMapping(value = { "/getOncologist-worklist-New/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('ONCOLOGIST')")
public String getOncologistWorklistNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -262,6 +270,7 @@ public String getOncologistWorklistNew(@PathVariable("providerServiceMapID") Int
@Operation(summary = "Get pharma worklist new")
@GetMapping(value = { "/getPharma-worklist-New/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('PHARMACIST')")
public String getPharmaWorklistNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -280,6 +289,7 @@ public String getPharmaWorklistNew(@PathVariable("providerServiceMapID") Integer
@Operation(summary = "Get case-sheet print data for beneficiary.")
@PostMapping(value = { "/get/Case-sheet/printData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getCasesheetPrintData(@RequestBody String comingReq,
@RequestHeader(value = "Authorization") String authorization) {
OutputResponse response = new OutputResponse();
@@ -299,6 +309,7 @@ public String getCasesheetPrintData(@RequestBody String comingReq,
@Operation(summary = "Get beneficiary past history")
@PostMapping(value = { "/getBenPastHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenPastHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -323,6 +334,7 @@ public String getBenPastHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @Re
@Operation(summary = "Get beneficiary tobacco history")
@PostMapping(value = { "/getBenTobaccoHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenTobaccoHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -347,6 +359,7 @@ public String getBenTobaccoHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}")
@Operation(summary = "Get beneficiary alcohol history")
@PostMapping(value = { "/getBenAlcoholHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenAlcoholHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -371,6 +384,7 @@ public String getBenAlcoholHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}")
@Operation(summary = "Get beneficiary allergy history")
@PostMapping(value = { "/getBenAllergyHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenANCAllergyHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -396,6 +410,7 @@ public String getBenANCAllergyHistory(
@Operation(summary = "Get beneficiary medication history")
@PostMapping(value = { "/getBenMedicationHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenMedicationHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -421,6 +436,7 @@ public String getBenMedicationHistory(
@Operation(summary = "Get beneficiary family history")
@PostMapping(value = { "/getBenFamilyHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenFamilyHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -445,6 +461,7 @@ public String getBenFamilyHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @
@Operation(summary = "Get beneficiary menstrual history")
@PostMapping(value = { "/getBenMenstrualHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenMenstrualHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -470,7 +487,8 @@ public String getBenMenstrualHistory(
@Operation(summary = "Get beneficiary past obstetric history")
@PostMapping(value = { "/getBenPastObstetricHistory" })
- public String getBenPastObstetricHistory(
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
+ public String getBenPastObstetricHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -495,6 +513,7 @@ public String getBenPastObstetricHistory(
@Operation(summary = "Get beneficiary comorbidity condition details")
@PostMapping(value = { "/getBenComorbidityConditionHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenANCComorbidityConditionHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -520,6 +539,7 @@ public String getBenANCComorbidityConditionHistory(
@Operation(summary = "Get beneficiary optional vaccine details")
@PostMapping(value = { "/getBenOptionalVaccineHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenOptionalVaccineHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -545,6 +565,7 @@ public String getBenOptionalVaccineHistory(
@Operation(summary = "Get beneficiary child vaccine(Immunization) details")
@PostMapping(value = { "/getBenChildVaccineHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenImmunizationHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -570,6 +591,7 @@ public String getBenImmunizationHistory(
@Operation(summary = "Get beneficiary perinatal history details")
@PostMapping(value = { "/getBenPerinatalHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenPerinatalHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -595,6 +617,7 @@ public String getBenPerinatalHistory(
@Operation(summary = "Get beneficiary child feeding history details")
@PostMapping(value = { "/getBenFeedingHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenFeedingHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -619,6 +642,7 @@ public String getBenFeedingHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}")
@Operation(summary = "Get beneficiary child development history details")
@PostMapping(value = { "/getBenDevelopmentHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenDevelopmentHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -647,6 +671,7 @@ public String getBenDevelopmentHistory(
*/
@Operation(summary = "Get casesheet history of beneficiary")
@PostMapping(value = { "/getBeneficiaryCaseSheetHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBeneficiaryCaseSheetHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -665,6 +690,7 @@ public String getBeneficiaryCaseSheetHistory(
@Operation(summary = "TC specialist")
@GetMapping(value = { "/getTCSpecialistWorklist/{providerServiceMapID}/{serviceID}" })
+ @PreAuthorize("hasRole('TC_SPECIALIST') || hasRole('TCSPECIALIST')")
public String getTCSpecialistWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("serviceID") Integer serviceID,HttpServletRequest request) {
OutputResponse response = new OutputResponse();
@@ -698,6 +724,7 @@ public String getTCSpecialistWorkListNew(@PathVariable("providerServiceMapID") I
@Operation(summary = "TC specialist future scheduled")
@GetMapping(value = {
"/getTCSpecialistWorklistFutureScheduled/{providerServiceMapID}/{serviceID}" })
+ @PreAuthorize("hasRole('TC_SPECIALIST') || hasRole('TCSPECIALIST')")
public String getTCSpecialistWorklistFutureScheduled(
@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("serviceID") Integer serviceID, HttpServletRequest request) {
@@ -730,6 +757,7 @@ public String getTCSpecialistWorklistFutureScheduled(
@Operation(summary = "Download file from file system")
@PostMapping(value = { "/downloadFile" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public ResponseEntity downloadFile(@RequestBody String requestOBJ, HttpServletRequest request)
throws Exception {
JSONObject obj = new JSONObject(requestOBJ);
@@ -760,6 +788,7 @@ public ResponseEntity downloadFile(@RequestBody String requ
@Operation(summary = "Get beneficiary physical history")
@PostMapping(value = { "/getBenPhysicalHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenPhysicalHistory(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -785,6 +814,7 @@ public String getBenPhysicalHistory(
@Operation(summary = "Get beneficiary symptomatic questionnaire answer details")
@PostMapping(value = { "/getBenSymptomaticQuestionnaireDetails" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenSymptomaticQuestionnaireDetails(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -810,6 +840,7 @@ public String getBenSymptomaticQuestionnaireDetails(
@Operation(summary = "Get beneficiary previous diabetes history")
@PostMapping(value = { "/getBenPreviousDiabetesHistoryDetails" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenPreviousDiabetesHistoryDetails(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -840,6 +871,7 @@ public String getBenPreviousDiabetesHistoryDetails(
*/
@Operation(summary = "Get beneficiary TM case record")
@PostMapping(value = { "/get/Case-sheet/TMReferredprintData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getTMReferredPrintData(@RequestBody String comingRequest,
@RequestHeader(value = "Authorization") String authorization,
@RequestHeader(value = "ServerAuthorization") String serverAuthorization) {
@@ -877,6 +909,7 @@ public String getTMReferredPrintData(@RequestBody String comingRequest,
@Operation(summary = "Get beneficiary previous referral history")
@PostMapping(value = { "/getBenPreviousReferralHistoryDetails" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenPreviousReferralHistoryDetails(
@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
@@ -903,6 +936,7 @@ public String getBenPreviousReferralHistoryDetails(
@Operation(summary = "Get beneficiary TM case record")
@PostMapping(value = { "/get/Case-sheet/centralServerTMCaseSheet" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getTMCaseSheetFromCentralServer(@RequestBody String comingRequest,
@RequestHeader(value = "Authorization") String authorization) {
OutputResponse response = new OutputResponse();
@@ -940,6 +974,7 @@ public String getTMCaseSheetFromCentralServer(@RequestBody String comingRequest,
*/
@Operation(summary = "Calculate beneficiary BMI status")
@PostMapping(value = { "/calculateBMIStatus" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String calculateBMIStatus(
@ApiParam(value = "{\"bmi\":\"double\",\"yearMonth\":\"String\",\"gender\":\"String\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -957,6 +992,7 @@ public String calculateBMIStatus(
@Operation(summary = "Update beneficiary status flag")
@PostMapping(value = { "/update/benDetailsAndSubmitToNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String saveBeneficiaryVisitDetail(
@ApiParam(value = "{\"beneficiaryRegID\": \"Long\"}") @RequestBody String comingRequest) {
@@ -991,6 +1027,7 @@ public String saveBeneficiaryVisitDetail(
@Operation(summary = "Extend redis session for 30 minutes")
@PostMapping(value = { "/extend/redisSession" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('PHARMACIST') || hasRole('LAB_TECHNICIAN') || hasRole('RADIOLOGIST') || hasRole('ONCOLOGIST') || hasRole('TC_SPECIALIST') || hasRole('TCSPECIALIST') || hasRole('REGISTRAR')")
public String extendRedisSession() {
OutputResponse response = new OutputResponse();
try {
@@ -1003,6 +1040,7 @@ public String extendRedisSession() {
@Operation(summary = "Soft delete prescribed medicine")
@PostMapping(value = { "/doctor/delete/prescribedMedicine" })
+ @PreAuthorize("hasRole('DOCTOR')")
public String deletePrescribedMedicine(@RequestBody String requestOBJ) {
OutputResponse response = new OutputResponse();
try {
diff --git a/src/main/java/com/iemr/mmu/controller/common/main/InsertCommonController.java b/src/main/java/com/iemr/mmu/controller/common/main/InsertCommonController.java
index cd3a7576..faa6b0dc 100644
--- a/src/main/java/com/iemr/mmu/controller/common/main/InsertCommonController.java
+++ b/src/main/java/com/iemr/mmu/controller/common/main/InsertCommonController.java
@@ -27,6 +27,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -42,6 +43,7 @@
@RestController
@RequestMapping(value = "/commonInsert", headers = "Authorization")
+@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public class InsertCommonController {
private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
@Autowired
diff --git a/src/main/java/com/iemr/mmu/controller/common/master/CommonMasterController.java b/src/main/java/com/iemr/mmu/controller/common/master/CommonMasterController.java
index 89e816d1..d37dcdaf 100644
--- a/src/main/java/com/iemr/mmu/controller/common/master/CommonMasterController.java
+++ b/src/main/java/com/iemr/mmu/controller/common/master/CommonMasterController.java
@@ -24,6 +24,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
@@ -55,6 +56,7 @@ public void setCommonMasterServiceImpl(CommonMasterServiceImpl commonMasterServi
*/
@Operation(summary = "Master data for visit reasons & categories")
@GetMapping(value = "/get/visitReasonAndCategories", consumes = "application/json", produces = "application/json")
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getVisitReasonAndCategories() {
logger.info("getVisitReasonAndCategories ...");
OutputResponse response = new OutputResponse();
@@ -68,8 +70,10 @@ public String getVisitReasonAndCategories() {
* @param visitCategoryID
* @return nurse master data for the provided visitCategoryID
*/
+
@Operation(summary = "Master data API for nurse")
@GetMapping(value = "/nurse/masterData/{visitCategoryID}/{providerServiceMapID}/{gender}", consumes = "application/json", produces = "application/json")
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String nurseMasterData(@PathVariable("visitCategoryID") Integer visitCategoryID,
@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("gender") String gender) {
logger.info("Nurse master Data for categoryID:" + visitCategoryID + " and providerServiceMapID:"
@@ -87,8 +91,10 @@ public String nurseMasterData(@PathVariable("visitCategoryID") Integer visitCate
* @param visitCategoryID
* @return doctor master data for the provided visitCategoryID
*/
+
@Operation(summary = "Master data API for doctor")
@GetMapping(value = "/doctor/masterData/{visitCategoryID}/{providerServiceMapID}/{gender}/{facilityID}/{vanID}", produces = "application/json")
+ @PreAuthorize("hasRole('DOCTOR')")
public String doctorMasterData(@PathVariable("visitCategoryID") Integer visitCategoryID,
@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("gender") String gender,
@PathVariable("facilityID") Integer facilityID, @PathVariable("vanID") Integer vanID) {
@@ -103,6 +109,7 @@ public String doctorMasterData(@PathVariable("visitCategoryID") Integer visitCat
@Operation(summary = "Get ECG abnormalities")
@GetMapping(value = "/ecgAbnormalities", consumes = "application/json", produces = "application/json")
+ @PreAuthorize("hasRole('LAB_TECHNICIAN') || hasRole('LABTECHNICIAN')")
public String getECGAbnormalities() {
OutputResponse response = new OutputResponse();
diff --git a/src/main/java/com/iemr/mmu/controller/covid19/CovidController.java b/src/main/java/com/iemr/mmu/controller/covid19/CovidController.java
index 959c9cc7..7eff6468 100644
--- a/src/main/java/com/iemr/mmu/controller/covid19/CovidController.java
+++ b/src/main/java/com/iemr/mmu/controller/covid19/CovidController.java
@@ -28,6 +28,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -65,6 +66,7 @@ public class CovidController {
@Operation(summary = "Save covid nurse data")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE')")
public String saveBenCovid19NurseData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
OutputResponse outputResponse = new OutputResponse();
@@ -100,6 +102,7 @@ public String saveBenCovid19NurseData(@RequestBody String requestObj,
*/
@Operation(summary = "Save covid doctor data")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR')")
public String saveBenCovidDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
OutputResponse response = new OutputResponse();
@@ -126,6 +129,7 @@ public String saveBenCovidDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get beneficiary visit details from nurse covid 19")
@PostMapping(value = { "/getBenVisitDetailsFrmNurseCovid" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
@Transactional(rollbackFor = Exception.class)
public String getBenVisitDetailsFrmNurseCovid19(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -158,7 +162,7 @@ public String getBenVisitDetailsFrmNurseCovid19(
*/
@Operation(summary = "Get beneficiary covid 19 history details from nurse to doctor ")
@PostMapping(value = { "/getBenCovid19HistoryDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenCovid19HistoryDetails(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -189,6 +193,7 @@ public String getBenCovid19HistoryDetails(
*/
@Operation(summary = "Get beneficiary covid 19 vital details from nurse NCD care")
@PostMapping(value = { "/getBenVitalDetailsFrmNurseCovid" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenVitalDetailsFrmNurseNCDCare(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -217,6 +222,7 @@ public String getBenVitalDetailsFrmNurseNCDCare(
@Operation(summary = "Get beneficiary doctor entered details")
@PostMapping(value = { "/getBenCaseRecordFromDoctorCovid" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenCaseRecordFromDoctorCovid19(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -243,6 +249,7 @@ public String getBenCaseRecordFromDoctorCovid19(
@Operation(summary = "Update history data in doctor screen")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -275,6 +282,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update covid vital data in doctor screen")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -304,6 +312,7 @@ public String updateVitalNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update covid 19 doctor data")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateCovid19DoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
diff --git a/src/main/java/com/iemr/mmu/controller/dataSyncActivity/StartSyncActivity.java b/src/main/java/com/iemr/mmu/controller/dataSyncActivity/StartSyncActivity.java
index 1e43ed66..83c5dcfe 100644
--- a/src/main/java/com/iemr/mmu/controller/dataSyncActivity/StartSyncActivity.java
+++ b/src/main/java/com/iemr/mmu/controller/dataSyncActivity/StartSyncActivity.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -47,6 +48,7 @@
*/
@RestController
@RequestMapping(value = "/dataSyncActivity", headers = "Authorization", consumes = "application/json", produces = "application/json")
+@PreAuthorize("hasRole('DATASYNC') || hasRole('DATA_SYNC') ")
public class StartSyncActivity {
private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
diff --git a/src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java b/src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java
index 524094e5..2a9f3450 100644
--- a/src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java
+++ b/src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java
@@ -24,6 +24,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -47,6 +48,7 @@
*/
@RestController
@RequestMapping(value = "/dataSync", headers = "Authorization")
+@PreAuthorize("hasRole('DATASYNC') || hasRole('DATA_SYNC') ")
public class MMUDataSyncVanToServer {
private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
diff --git a/src/main/java/com/iemr/mmu/controller/fileSync/FileSyncController.java b/src/main/java/com/iemr/mmu/controller/fileSync/FileSyncController.java
index b5b1a34a..d902af0d 100644
--- a/src/main/java/com/iemr/mmu/controller/fileSync/FileSyncController.java
+++ b/src/main/java/com/iemr/mmu/controller/fileSync/FileSyncController.java
@@ -24,6 +24,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestHeader;
@@ -38,6 +39,7 @@
@RequestMapping("/fileSyncController")
@RestController
+@PreAuthorize("hasRole('DATASYNC') || hasRole('DATA_SYNC') ")
public class FileSyncController {
private final Logger logger = LoggerFactory.getLogger(this.getClass().getName());
diff --git a/src/main/java/com/iemr/mmu/controller/generalOPD/GeneralOPDController.java b/src/main/java/com/iemr/mmu/controller/generalOPD/GeneralOPDController.java
index b7fa65a0..18eeef9b 100644
--- a/src/main/java/com/iemr/mmu/controller/generalOPD/GeneralOPDController.java
+++ b/src/main/java/com/iemr/mmu/controller/generalOPD/GeneralOPDController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -64,6 +65,7 @@ public void setGeneralOPDServiceImpl(GeneralOPDServiceImpl generalOPDServiceImpl
*/
@Operation(summary = "Save general OPD nurse data")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE') ")
public String saveBenGenOPDNurseData(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
try {
@@ -96,6 +98,7 @@ public String saveBenGenOPDNurseData(@RequestBody String requestObj) {
*/
@Operation(summary = "Save general OPD doctor data")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String saveBenGenOPDDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
OutputResponse response = new OutputResponse();
@@ -122,6 +125,7 @@ public String saveBenGenOPDDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get beneficiary visit details from nurse general OPD")
@PostMapping(value = { "/getBenVisitDetailsFrmNurseGOPD" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVisitDetailsFrmNurseGOPD(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -153,7 +157,7 @@ public String getBenVisitDetailsFrmNurseGOPD(
*/
@Operation(summary = "Get beneficiary general OPD history details from nurse to doctor ")
@PostMapping(value = { "/getBenHistoryDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenHistoryDetails(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -184,6 +188,7 @@ public String getBenHistoryDetails(
*/
@Operation(summary = "Get beneficiary vital details from nurse general OPD")
@PostMapping(value = { "/getBenVitalDetailsFrmNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVitalDetailsFrmNurse(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -215,7 +220,7 @@ public String getBenVitalDetailsFrmNurse(
*/
@Operation(summary = "Get beneficiary general OPD examination details from nurse to doctor ")
@PostMapping(value = { "/getBenExaminationDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenExaminationDetails(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -247,6 +252,7 @@ public String getBenExaminationDetails(
@Operation(summary = "Get beneficiary doctor entered details")
@PostMapping(value = { "/getBenCaseRecordFromDoctorGeneralOPD" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCaseRecordFromDoctorGeneralOPD(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -273,6 +279,7 @@ public String getBenCaseRecordFromDoctorGeneralOPD(
@Operation(summary = "Update general OPD visit screen nurse data in doctor screen")
@PostMapping(value = { "/update/visitDetailsScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateVisitNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -303,6 +310,7 @@ public String updateVisitNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update history data in doctor Screen")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -333,6 +341,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update general OPD vital data in doctor screen")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -363,6 +372,7 @@ public String updateVitalNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update general OPD examination data in doctor screen")
@PostMapping(value = { "/update/examinationScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -392,6 +402,7 @@ public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update general OPD doctor data")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String updateGeneralOPDDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
diff --git a/src/main/java/com/iemr/mmu/controller/labtechnician/LabTechnicianController.java b/src/main/java/com/iemr/mmu/controller/labtechnician/LabTechnicianController.java
index f30dce3b..152f5029 100644
--- a/src/main/java/com/iemr/mmu/controller/labtechnician/LabTechnicianController.java
+++ b/src/main/java/com/iemr/mmu/controller/labtechnician/LabTechnicianController.java
@@ -24,6 +24,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -44,6 +45,7 @@
@RestController
@RequestMapping(value = "/labTechnician", headers = "Authorization", consumes = "application/json", produces = "application/json")
+@PreAuthorize("hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') ")
public class LabTechnicianController {
private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
diff --git a/src/main/java/com/iemr/mmu/controller/location/LocationController.java b/src/main/java/com/iemr/mmu/controller/location/LocationController.java
index 6559182b..e7bab71a 100644
--- a/src/main/java/com/iemr/mmu/controller/location/LocationController.java
+++ b/src/main/java/com/iemr/mmu/controller/location/LocationController.java
@@ -26,13 +26,14 @@
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import com.iemr.mmu.utils.JwtUtil;
+import org.springframework.security.access.prepost.PreAuthorize;
+import com.iemr.mmu.utils.JwtUtil;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import jakarta.servlet.http.HttpServletRequest;
import com.iemr.mmu.utils.CookieUtil;
@@ -45,10 +46,10 @@
@RestController
@RequestMapping(value = "/location", headers = "Authorization")
+@PreAuthorize("hasRole('NURSE') || hasRole('PHARMACIST') || hasRole('LABTECHNICIAN') || hasRole('REGISTRAR') || hasRole('DATASYNC') || hasRole('DATA_SYNC') || hasRole('DOCTOR') || hasRole('LAB_TECHNICIAN') || hasRole('TC_SPECIALIST') || hasRole('ONCOLOGIST') || hasRole('RADIOLOGIST')")
public class LocationController {
private OutputResponse response;
private Logger logger = LoggerFactory.getLogger(CommonMasterController.class);
-
private LocationServiceImpl locationServiceImpl;
@Autowired
diff --git a/src/main/java/com/iemr/mmu/controller/login/IemrMmuLoginController.java b/src/main/java/com/iemr/mmu/controller/login/IemrMmuLoginController.java
index a3fe4869..f2e0f576 100644
--- a/src/main/java/com/iemr/mmu/controller/login/IemrMmuLoginController.java
+++ b/src/main/java/com/iemr/mmu/controller/login/IemrMmuLoginController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
@@ -47,6 +48,7 @@
@RequestMapping(value = "/user", headers = "Authorization")
@RestController
+@PreAuthorize("hasRole('NURSE') || hasRole('PHARMACIST') || hasRole('LABTECHNICIAN') || hasRole('REGISTRAR') || hasRole('DATASYNC') || hasRole('DATA_SYNC') || hasRole('DOCTOR') || hasRole('LAB_TECHNICIAN') || hasRole('TC_SPECIALIST') || hasRole('ONCOLOGIST') || hasRole('RADIOLOGIST')")
public class IemrMmuLoginController {
private Logger logger = LoggerFactory.getLogger(RegistrarController.class);
diff --git a/src/main/java/com/iemr/mmu/controller/ncdCare/NCDCareController.java b/src/main/java/com/iemr/mmu/controller/ncdCare/NCDCareController.java
index 03c4cecc..0e8dd35d 100644
--- a/src/main/java/com/iemr/mmu/controller/ncdCare/NCDCareController.java
+++ b/src/main/java/com/iemr/mmu/controller/ncdCare/NCDCareController.java
@@ -28,6 +28,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -66,6 +67,7 @@ public void setNcdCareServiceImpl(NCDCareServiceImpl ncdCareServiceImpl) {
*/
@Operation(summary = "Save NCD care data collected by nurse")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE') ")
public String saveBenNCDCareNurseData(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
try {
@@ -99,6 +101,7 @@ public String saveBenNCDCareNurseData(@RequestBody String requestObj) {
*/
@Operation(summary = "Save NCD care beneficiary case record and referral")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String saveBenNCDCareDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
OutputResponse response = new OutputResponse();
@@ -125,6 +128,7 @@ public String saveBenNCDCareDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get NCD care beneficiary visit details")
@PostMapping(value = { "/getBenVisitDetailsFrmNurseNCDCare" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
@Transactional(rollbackFor = Exception.class)
public String getBenVisitDetailsFrmNurseNCDCare(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -157,7 +161,7 @@ public String getBenVisitDetailsFrmNurseNCDCare(
*/
@Operation(summary = "Get NCD care beneficiary history")
@PostMapping(value = { "/getBenNCDCareHistoryDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenNCDCareHistoryDetails(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -188,6 +192,7 @@ public String getBenNCDCareHistoryDetails(
*/
@Operation(summary = "Get NCD care beneficiary vitals")
@PostMapping(value = { "/getBenVitalDetailsFrmNurseNCDCare" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenVitalDetailsFrmNurseNCDCare(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -220,6 +225,7 @@ public String getBenVitalDetailsFrmNurseNCDCare(
@Operation(summary = "Get NCD care beneficiary case record and referral")
@PostMapping(value = { "/getBenCaseRecordFromDoctorNCDCare" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenCaseRecordFromDoctorNCDCare(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -246,6 +252,7 @@ public String getBenCaseRecordFromDoctorNCDCare(
@Operation(summary = "Update NCD care beneficiary history")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -278,6 +285,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update NCD care beneficiary vitals")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -307,6 +315,7 @@ public String updateVitalNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update NCD care beneficiary case record and referral")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateNCDCareDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
diff --git a/src/main/java/com/iemr/mmu/controller/ncdscreening/NCDController.java b/src/main/java/com/iemr/mmu/controller/ncdscreening/NCDController.java
index 39d3531b..24cb3cb0 100644
--- a/src/main/java/com/iemr/mmu/controller/ncdscreening/NCDController.java
+++ b/src/main/java/com/iemr/mmu/controller/ncdscreening/NCDController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.GetMapping;
@@ -73,8 +74,8 @@ public void setNcdScreeningServiceImpl(NCDScreeningServiceImpl ncdScreeningServi
* @return success or failure response
*/
@Operation(summary = "Save beneficiary NCD screening details")
-
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE')")
public String saveBeneficiaryNCDScreeningDetails(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
@@ -109,6 +110,7 @@ public String saveBeneficiaryNCDScreeningDetails(@RequestBody String requestObj,
*/
@Operation(summary = "Save NCD screening doctor data")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR')")
public String saveBenNCDScreeningDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
OutputResponse response = new OutputResponse();
@@ -135,8 +137,8 @@ public String saveBenNCDScreeningDoctorData(@RequestBody String requestObj,
}
@Operation(summary = "Get NCD screening visit details")
-
@PostMapping(value = { "/get/nurseData" })
+ @PreAuthorize("hasRole('NURSE')")
public String getNCDScreenigDetails(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -162,6 +164,7 @@ public String getNCDScreenigDetails(
@Operation(summary = "Get NCD screening visit count for beneficiary registration id")
@GetMapping(value = { "/getNcdScreeningVisitCount/{beneficiaryRegID}" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getNcdScreeningVisitCount(@PathVariable("beneficiaryRegID") Long beneficiaryRegID) {
OutputResponse response = new OutputResponse();
try {
@@ -185,6 +188,7 @@ public String getNcdScreeningVisitCount(@PathVariable("beneficiaryRegID") Long b
@Operation(summary = "Get beneficiary visit details from nurse NCD screening")
@PostMapping(value = { "/getBenVisitDetailsFrmNurseNCDScreening" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenVisitDetailsFrmNurseGOPD(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -211,7 +215,7 @@ public String getBenVisitDetailsFrmNurseGOPD(
@Operation(summary = "Get beneficiary general OPD history details from nurse to doctor ")
@PostMapping(value = { "/getBenHistoryDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenHistoryDetails(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -237,6 +241,7 @@ public String getBenHistoryDetails(
@Operation(summary = "Get beneficiary vital details from nurse general OPD")
@PostMapping(value = { "/getBenVitalDetailsFrmNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenVitalDetailsFrmNurse(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -263,6 +268,7 @@ public String getBenVitalDetailsFrmNurse(
@Operation(summary = "Get beneficiary vital details from nurse general OPD")
@PostMapping(value = { "/getBenIdrsDetailsFrmNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String getBenIdrsDetailsFrmNurse(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -294,6 +300,7 @@ public String getBenIdrsDetailsFrmNurse(
*/
@Operation(summary = "Get beneficiary doctor entered details")
@PostMapping(value = { "/getBenCaseRecordFromDoctorNCDScreening" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
@Transactional(rollbackFor = Exception.class)
public String getBenCaseRecordFromDoctorNCDCare(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -321,6 +328,7 @@ public String getBenCaseRecordFromDoctorNCDCare(
@Operation(summary = "Update beneficiary NCD screening details")
@PostMapping(value = { "/update/nurseData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateBeneficiaryNCDScreeningDetails(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -348,6 +356,7 @@ public String updateBeneficiaryNCDScreeningDetails(@RequestBody String requestOb
@Operation(summary = "Update history data in doctor screen")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -372,6 +381,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) {
@Operation(summary = "Update NCD screening vital data in doctor screen")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -395,6 +405,7 @@ public String updateVitalNurse(@RequestBody String requestObj) {
@Operation(summary = "Update history data in doctor screen")
@PostMapping(value = { "/update/idrsScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public String updateIDRSScreen(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -418,6 +429,7 @@ public String updateIDRSScreen(@RequestBody String requestObj) {
@Operation(summary = "Update doctor data")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR')")
public String updateDoctorData(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
diff --git a/src/main/java/com/iemr/mmu/controller/nurse/vitals/AnthropometryVitalsController.java b/src/main/java/com/iemr/mmu/controller/nurse/vitals/AnthropometryVitalsController.java
index f5677647..ef3a5a5a 100644
--- a/src/main/java/com/iemr/mmu/controller/nurse/vitals/AnthropometryVitalsController.java
+++ b/src/main/java/com/iemr/mmu/controller/nurse/vitals/AnthropometryVitalsController.java
@@ -5,6 +5,7 @@
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.repository.query.Param;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -18,6 +19,7 @@
@RestController
@RequestMapping(value = "/anthropometryVitals", headers = "Authorization", consumes = "application/json", produces = "application/json")
+@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')")
public class AnthropometryVitalsController {
private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
diff --git a/src/main/java/com/iemr/mmu/controller/pnc/PostnatalCareController.java b/src/main/java/com/iemr/mmu/controller/pnc/PostnatalCareController.java
index 0e15e43a..ebc01325 100644
--- a/src/main/java/com/iemr/mmu/controller/pnc/PostnatalCareController.java
+++ b/src/main/java/com/iemr/mmu/controller/pnc/PostnatalCareController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -63,6 +64,7 @@ public void setPncServiceImpl(PNCServiceImpl pncServiceImpl) {
*/
@Operation(summary = "Save PNC nurse data")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE')")
public String saveBenPNCNurseData(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
try {
@@ -96,6 +98,7 @@ public String saveBenPNCNurseData(@RequestBody String requestObj) {
*/
@Operation(summary = "Save PNC doctor data")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String saveBenPNCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
OutputResponse response = new OutputResponse();
@@ -121,6 +124,7 @@ public String saveBenPNCDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get PNC beneficiary visit details from nurse")
@PostMapping(value = { "/getBenVisitDetailsFrmNursePNC" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
@Transactional(rollbackFor = Exception.class)
public String getBenVisitDetailsFrmNursePNC(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -154,6 +158,7 @@ public String getBenVisitDetailsFrmNursePNC(
@Operation(summary = "Get PNC beneficiary care details from nurse")
@PostMapping(value = { "/getBenPNCDetailsFrmNursePNC" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenPNCDetailsFrmNursePNC(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -185,7 +190,7 @@ public String getBenPNCDetailsFrmNursePNC(
*/
@Operation(summary = "Get PNC beneficiary history details from nurse to doctor ")
@PostMapping(value = { "/getBenHistoryDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenHistoryDetails(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -216,6 +221,7 @@ public String getBenHistoryDetails(
*/
@Operation(summary = "Get PNC beneficiary vital details from nurse")
@PostMapping(value = { "/getBenVitalDetailsFrmNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVitalDetailsFrmNurse(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -247,7 +253,7 @@ public String getBenVitalDetailsFrmNurse(
*/
@Operation(summary = "Get PNC beneficiary examination details from nurse to doctor ")
@PostMapping(value = { "/getBenExaminationDetailsPNC" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenExaminationDetailsPNC(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -279,6 +285,7 @@ public String getBenExaminationDetailsPNC(
@Operation(summary = "Get PNC beneficiary case record")
@PostMapping(value = { "/getBenCaseRecordFromDoctorPNC" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCaseRecordFromDoctorPNC(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -305,6 +312,7 @@ public String getBenCaseRecordFromDoctorPNC(
@Operation(summary = "Update PNC care data in doctor screen")
@PostMapping(value = { "/update/PNCScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updatePNCCareNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -335,6 +343,7 @@ public String updatePNCCareNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update PNC beneficiary history in doctor screen")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -365,6 +374,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update PNC beneficiary vitals in doctor screen")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -395,6 +405,7 @@ public String updateVitalNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update PNC beneficiary examination data in doctor screen")
@PostMapping(value = { "/update/examinationScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -418,6 +429,7 @@ public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) {
@Operation(summary = "Update PNC doctor data")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String updatePNCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
diff --git a/src/main/java/com/iemr/mmu/controller/quickconsult/QuickConsultController.java b/src/main/java/com/iemr/mmu/controller/quickconsult/QuickConsultController.java
index 5b672df5..24df556c 100644
--- a/src/main/java/com/iemr/mmu/controller/quickconsult/QuickConsultController.java
+++ b/src/main/java/com/iemr/mmu/controller/quickconsult/QuickConsultController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -70,6 +71,7 @@ public void setQuickConsultationServiceImpl(QuickConsultationServiceImpl quickCo
*/
@Operation(summary = "Save quick consult nurse data")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE') ")
public String saveBenQuickConsultDataNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
try {
@@ -102,6 +104,7 @@ public String saveBenQuickConsultDataNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Save quick consultation detail for doctor")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String saveQuickConsultationDetail(
@ApiParam(value = "{\"quickConsultation\":{\"beneficiaryRegID\":\"Long\",\"providerServiceMapID\": \"Integer\", \"benVisitID\":\"Long\", \"benChiefComplaint\":[{\"chiefComplaintID\":\"Integer\", "
+ "\"chiefComplaint\":\"String\", \"duration\":\"Integer\", \"unitOfDuration\":\"String\"}], \"description\":\"String\""
@@ -139,6 +142,7 @@ public String saveQuickConsultationDetail(
@Operation(summary = "Get quick consult beneficiary visit details")
@PostMapping(value = { "/getBenDataFrmNurseToDocVisitDetailsScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -169,6 +173,7 @@ public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
*/
@Operation(summary = "Get quick consult beneficiary vital details")
@PostMapping(value = { "/getBenVitalDetailsFrmNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVitalDetailsFrmNurse(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -201,6 +206,7 @@ public String getBenVitalDetailsFrmNurse(
@Operation(summary = "Get quick consult beneficiary case record")
@PostMapping(value = { "/getBenCaseRecordFromDoctorQuickConsult" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCaseRecordFromDoctorQuickConsult(
@ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -227,6 +233,7 @@ public String getBenCaseRecordFromDoctorQuickConsult(
@Operation(summary = "Update quick consult doctor data")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String updateGeneralOPDQCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String authorization) {
diff --git a/src/main/java/com/iemr/mmu/controller/registrar/main/RegistrarController.java b/src/main/java/com/iemr/mmu/controller/registrar/main/RegistrarController.java
index 89261c5b..ac6cf9c5 100644
--- a/src/main/java/com/iemr/mmu/controller/registrar/main/RegistrarController.java
+++ b/src/main/java/com/iemr/mmu/controller/registrar/main/RegistrarController.java
@@ -29,6 +29,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -82,6 +83,7 @@ public void setNurseServiceImpl(NurseServiceImpl nurseServiceImpl) {
this.nurseServiceImpl = nurseServiceImpl;
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
@Operation(summary = "Get registrar worklist data")
@PostMapping(value = { "/registrarWorkListData" })
public String getRegistrarWorkList(@ApiParam(value = "{\"spID\": \"Integer\"}") @RequestBody String comingRequest)
@@ -100,6 +102,7 @@ public String getRegistrarWorkList(@ApiParam(value = "{\"spID\": \"Integer\"}")
return response.toString();
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
@Operation(summary = "Search for the beneficiary by beneficiary id")
@PostMapping(value = { "/quickSearch" })
public String quickSearchBeneficiary(
@@ -118,6 +121,7 @@ public String quickSearchBeneficiary(
return response.toString();
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
@Operation(summary = "Search for the beneficiary based on provided data")
@PostMapping(value = { "/advanceSearch" })
public String advanceSearch(
@@ -138,6 +142,7 @@ public String advanceSearch(
return response.toString();
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
@Operation(summary = "Get beneficiary details of given beneficiary registration id")
@PostMapping(value = { "/get/benDetailsByRegID" })
public String getBenDetailsByRegID(
@@ -167,6 +172,7 @@ public String getBenDetailsByRegID(
return response.toString();
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST') || hasRole('REGISTRAR')")
@Operation(summary = "Get beneficiary details")
@PostMapping(value = { "/get/beneficiaryDetails" })
public String getBeneficiaryDetails(
@@ -201,6 +207,7 @@ public String getBeneficiaryDetails(
return response.toString();
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST')")
@Operation(summary = "Get beneficiary image")
@PostMapping(value = { "/get/beneficiaryImage" })
public String getBeneficiaryImage(
@@ -226,6 +233,7 @@ public String getBeneficiaryImage(
return response.toString();
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
@Operation(summary = "Search beneficiary for beneficiary id or beneficiary phone no")
@PostMapping(value = { "/quickSearchNew" })
public String quickSearchNew(@RequestBody String requestObj,
@@ -249,6 +257,7 @@ public String quickSearchNew(@RequestBody String requestObj,
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
@Operation(summary = "Search beneficiary advance search new")
@PostMapping(value = { "/advanceSearchNew" })
public String advanceSearchNew(@RequestBody String requestObj,
@@ -272,6 +281,7 @@ public String advanceSearchNew(@RequestBody String requestObj,
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST')")
@Operation(summary = "Get beneficiary details for left side panel of given beneficiary registration id")
@PostMapping(value = { "/get/benDetailsByRegIDForLeftPanelNew" })
public String getBenDetailsForLeftSidePanelByRegID(
@@ -301,7 +311,8 @@ public String getBenDetailsForLeftSidePanelByRegID(
}
return response.toString();
}
-
+
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST')")
@Operation(summary = "Get beneficiary image")
@PostMapping(value = { "/getBenImage" })
public String getBenImage(@RequestBody String requestObj,
@@ -319,6 +330,7 @@ public String getBenImage(@RequestBody String requestObj,
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR')")
@Operation(summary = "Register a new beneficiary")
@PostMapping(value = { "/registrarBeneficaryRegistration" })
public String createBeneficiary(
@@ -381,6 +393,7 @@ public String createBeneficiary(
return response.toString();
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR')")
@Operation(summary = "Register a new beneficiary API")
@PostMapping(value = { "/registrarBeneficaryRegistrationNew" })
public String registrarBeneficaryRegistrationNew(@RequestBody String comingReq,
@@ -399,6 +412,7 @@ public String registrarBeneficaryRegistrationNew(@RequestBody String comingReq,
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR') || hasRole('DOCTOR')")
@Operation(summary = "Update registered beneficiary data")
@PostMapping(value = { "/update/BeneficiaryDetails" })
public String updateBeneficiary(
@@ -457,6 +471,7 @@ public String updateBeneficiary(
return response.toString();
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR')")
@Operation(summary = "Registrar will submit a beneficiary to nurse for revisit")
@PostMapping(value = { "/create/BenReVisitToNurse" })
public String createReVisitForBenToNurse(@RequestBody String requestOBJ) {
@@ -478,6 +493,7 @@ public String createReVisitForBenToNurse(@RequestBody String requestOBJ) {
return response.toString();
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR')")
@Operation(summary = "Beneficiary edit, save or submit")
@PostMapping(value = { "/update/BeneficiaryUpdate" })
public String beneficiaryUpdate(@RequestBody String requestOBJ,
@@ -502,6 +518,7 @@ public String beneficiaryUpdate(@RequestBody String requestOBJ,
return response.toString();
}
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
@Operation(summary = "Get master data for registrar")
@PostMapping(value = { "/registrarMasterData" })
public String masterDataForRegistration(
diff --git a/src/main/java/com/iemr/mmu/controller/reports/ReportGateway.java b/src/main/java/com/iemr/mmu/controller/reports/ReportGateway.java
index 87d5c0de..8792b8c3 100644
--- a/src/main/java/com/iemr/mmu/controller/reports/ReportGateway.java
+++ b/src/main/java/com/iemr/mmu/controller/reports/ReportGateway.java
@@ -24,6 +24,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
@@ -41,6 +42,7 @@
@RestController
@RequestMapping(value = "/report", headers = "Authorization")
+@PreAuthorize("hasRole('NURSE') || hasRole('PHARMACIST') || hasRole('LABTECHNICIAN') || hasRole('DOCTOR') || hasRole('LAB_TECHNICIAN') || hasRole('TC_SPECIALIST') || hasRole('ONCOLOGIST') || hasRole('RADIOLOGIST')")
public class ReportGateway {
private Logger logger = LoggerFactory.getLogger(RegistrarController.class);
diff --git a/src/main/java/com/iemr/mmu/controller/snomedct/SnomedController.java b/src/main/java/com/iemr/mmu/controller/snomedct/SnomedController.java
index 8b79db37..38077310 100644
--- a/src/main/java/com/iemr/mmu/controller/snomedct/SnomedController.java
+++ b/src/main/java/com/iemr/mmu/controller/snomedct/SnomedController.java
@@ -24,6 +24,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -41,6 +42,7 @@
@RequestMapping(value = "/snomed")
@RestController
+@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public class SnomedController {
private Logger logger = LoggerFactory.getLogger(SnomedController.class);
diff --git a/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java b/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java
index 5a5eea00..842f1dca 100644
--- a/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java
+++ b/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java
@@ -24,6 +24,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import com.iemr.mmu.utils.JwtUtil;
import org.springframework.web.bind.annotation.PostMapping;
@@ -31,7 +32,7 @@
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
-
+import com.iemr.mmu.utils.JwtUtil;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
@@ -44,6 +45,7 @@
@RestController
@RequestMapping(value = "/tc", headers = "Authorization", consumes = "application/json", produces = "application/json")
+@PreAuthorize("hasRole('TCSPECIALIST') || hasRole('TC_SPECIALIST') ")
public class TeleConsultationController {
private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
diff --git a/src/main/java/com/iemr/mmu/repo/login/UserLoginRepo.java b/src/main/java/com/iemr/mmu/repo/login/UserLoginRepo.java
index b4cc7fa0..6f6390ee 100644
--- a/src/main/java/com/iemr/mmu/repo/login/UserLoginRepo.java
+++ b/src/main/java/com/iemr/mmu/repo/login/UserLoginRepo.java
@@ -1,5 +1,7 @@
package com.iemr.mmu.repo.login;
+import java.util.List;
+
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;
import org.springframework.data.repository.query.Param;
@@ -13,4 +15,7 @@ public interface UserLoginRepo extends CrudRepository {
@Query(" SELECT u FROM Users u WHERE u.userID = :userID AND u.deleted = false ")
public Users getUserByUserID(@Param("userID") Long userID);
+ @Query(nativeQuery = true,value = "select rolename from m_role where roleid in (select roleid from m_userservicerolemapping where userid=:userID)")
+ List getRoleNamebyUserId(@Param("userID") Long userID);
+
}
diff --git a/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java b/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java
index 83711a10..9733900e 100644
--- a/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java
+++ b/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java
@@ -2,6 +2,7 @@
import java.util.Optional;
import java.util.concurrent.TimeUnit;
+import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -76,6 +77,10 @@ public boolean validateUserIdAndJwtToken(String jwtToken) throws IEMRException {
// Check if user data is present in Redis
Users user = getUserFromCache(userId);
+ if(user != null) {
+ // Store roles in security context or cache for authorization
+ List roles = getUserRoles(user.getUserID());
+ }
if (user == null) {
// If not in Redis, fetch from DB and cache the result
user = fetchUserFromDB(userId);
@@ -129,4 +134,19 @@ private Users fetchUserFromDB(String userId) {
return null;
}
+
+ public List getUserRoles(Long userId) throws IEMRException {
+ if (null == userId || userId <= 0) {
+ throw new IEMRException("Invalid User ID : " + userId);
+ }
+ try {
+ List role = userLoginRepo.getRoleNamebyUserId(userId);
+ if (null == role || role.isEmpty()) {
+ throw new IEMRException("No role found for userId : " + userId);
+ }
+ return role;
+ } catch (Exception e) {
+ throw new IEMRException("Failed to retrieverole for usedId : " + userId + " error : " + e.getMessage());
+ }
+ }
}
diff --git a/src/main/java/com/iemr/mmu/utils/JwtUtil.java b/src/main/java/com/iemr/mmu/utils/JwtUtil.java
index ee6ee025..4774233c 100644
--- a/src/main/java/com/iemr/mmu/utils/JwtUtil.java
+++ b/src/main/java/com/iemr/mmu/utils/JwtUtil.java
@@ -2,11 +2,9 @@
import java.util.function.Function;
import javax.crypto.SecretKey;
-
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
-
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
@@ -59,7 +57,7 @@ public T extractClaim(String token, Function claimsResolver) {
return claims != null ? claimsResolver.apply(claims) : null;
}
- private Claims extractAllClaims(String token) {
+ public Claims extractAllClaims(String token) {
return Jwts.parser()
.verifyWith(getSigningKey())
.build()
diff --git a/src/main/java/com/iemr/mmu/utils/exception/CustomAccessDeniedHandler.java b/src/main/java/com/iemr/mmu/utils/exception/CustomAccessDeniedHandler.java
new file mode 100644
index 00000000..4a53a12f
--- /dev/null
+++ b/src/main/java/com/iemr/mmu/utils/exception/CustomAccessDeniedHandler.java
@@ -0,0 +1,28 @@
+package com.iemr.mmu.utils.exception;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import java.io.IOException;
+import java.util.Map;
+
+@Component
+public class CustomAccessDeniedHandler implements AccessDeniedHandler {
+
+ private static final ObjectMapper mapper = new ObjectMapper();
+ @Override
+ public void handle(HttpServletRequest request,
+ HttpServletResponse response,
+ AccessDeniedException accessDeniedException) throws IOException {
+ response.setStatus(HttpServletResponse.SC_FORBIDDEN); // 403
+ response.setContentType("application/json");
+ Map errorResponse = Map.of("error" , "Forbidden",
+ "message","Access denied");
+ response.getWriter().write(mapper.writeValueAsString(errorResponse));
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/com/iemr/mmu/utils/exception/CustomAuthenticationEntryPoint.java b/src/main/java/com/iemr/mmu/utils/exception/CustomAuthenticationEntryPoint.java
new file mode 100644
index 00000000..9a297fa2
--- /dev/null
+++ b/src/main/java/com/iemr/mmu/utils/exception/CustomAuthenticationEntryPoint.java
@@ -0,0 +1,28 @@
+package com.iemr.mmu.utils.exception;
+
+import java.io.IOException;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import com.google.gson.JsonObject;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Component
+public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+ @Override
+ public void commence(HttpServletRequest request,
+ HttpServletResponse response,
+ AuthenticationException authException) throws IOException {
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // 401
+ response.setContentType("application/json");
+ JsonObject json = new JsonObject();
+ json.addProperty("error", "Unauthorized");
+ json.addProperty("message", authException.getMessage());
+ response.getWriter().write(json.toString());
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/com/iemr/mmu/utils/mapper/RoleAuthenticationFilter.java b/src/main/java/com/iemr/mmu/utils/mapper/RoleAuthenticationFilter.java
new file mode 100644
index 00000000..a28035e3
--- /dev/null
+++ b/src/main/java/com/iemr/mmu/utils/mapper/RoleAuthenticationFilter.java
@@ -0,0 +1,103 @@
+package com.iemr.mmu.utils.mapper;
+
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import com.iemr.mmu.service.common.transaction.CommonServiceImpl;
+import com.iemr.mmu.service.login.IemrMmuLoginServiceImpl;
+import com.iemr.mmu.utils.CookieUtil;
+import com.iemr.mmu.utils.JwtAuthenticationUtil;
+import com.iemr.mmu.utils.JwtUserIdValidationFilter;
+import com.iemr.mmu.utils.JwtUtil;
+import com.iemr.mmu.utils.redis.RedisStorage;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.io.IOException;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Component
+public class RoleAuthenticationFilter extends OncePerRequestFilter {
+ Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
+
+ @Autowired
+ private JwtUtil jwtUtil;
+
+ @Autowired
+ private RedisStorage redisService;
+
+ @Autowired
+ private JwtAuthenticationUtil userService;
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+ throws ServletException, IOException, java.io.IOException {
+ List authRoles = null;
+ try {
+ String jwtFromCookie = CookieUtil.getJwtTokenFromCookie(request);
+ String jwtFromHeader = request.getHeader("Jwttoken");
+
+ String jwtToken = jwtFromCookie != null ? jwtFromCookie : jwtFromHeader;
+ if(null == jwtToken || jwtToken.trim().isEmpty()) {
+ filterChain.doFilter(request, response);
+ return;
+ }
+ Claims extractAllClaims = jwtUtil.extractAllClaims(jwtToken);
+ if(null == extractAllClaims) {
+ filterChain.doFilter(request, response);
+ return;
+ }
+ Object userIdObj = extractAllClaims.get("userId");
+ String userId = userIdObj != null ? userIdObj.toString() : null;
+ if (null == userId || userId.trim().isEmpty()) {
+ filterChain.doFilter(request, response);
+ return;
+ }
+ Long userIdLong;
+ try {
+ userIdLong=Long.valueOf(userId);
+ }catch (NumberFormatException ex) {
+ logger.warn("Invalid userId format: {}",userId);
+ filterChain.doFilter(request, response);
+ return;
+ }
+ authRoles = redisService.getUserRoleFromCache(userIdLong);
+ if (authRoles == null || authRoles.isEmpty()) {
+ List roles = userService.getUserRoles(userIdLong); // assuming this returns multiple roles
+ authRoles = roles.stream()
+ .filter(Objects::nonNull)
+ .map(String::trim)
+ .map(role -> "ROLE_" + role.toUpperCase().replace(" ", "_"))
+ .collect(Collectors.toList());
+ redisService.cacheUserRoles(userIdLong, authRoles);
+ }
+
+ List authorities = authRoles.stream()
+ .map(SimpleGrantedAuthority::new)
+ .collect(Collectors.toList());
+
+ UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userId, null, authorities);
+ SecurityContextHolder.getContext().setAuthentication(auth);
+ } catch (Exception e) {
+ logger.error("Authentication filter error for request {}: {}", request.getRequestURI(), e.getMessage());
+ SecurityContextHolder.clearContext();
+ } finally {
+ filterChain.doFilter(request, response);
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/com/iemr/mmu/utils/mapper/SecurityConfig.java b/src/main/java/com/iemr/mmu/utils/mapper/SecurityConfig.java
new file mode 100644
index 00000000..3fe096d2
--- /dev/null
+++ b/src/main/java/com/iemr/mmu/utils/mapper/SecurityConfig.java
@@ -0,0 +1,53 @@
+package com.iemr.mmu.utils.mapper;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+
+import com.iemr.mmu.utils.exception.CustomAuthenticationEntryPoint;
+import com.iemr.mmu.utils.exception.CustomAccessDeniedHandler;
+
+
+@Configuration
+@EnableMethodSecurity
+@EnableWebSecurity
+public class SecurityConfig {
+ private final RoleAuthenticationFilter roleAuthenticationFilter;
+ private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
+ private final CustomAccessDeniedHandler customAccessDeniedHandler;
+
+ public SecurityConfig(RoleAuthenticationFilter roleAuthenticationFilter,
+ CustomAuthenticationEntryPoint customAuthenticationEntryPoint,
+ CustomAccessDeniedHandler customAccessDeniedHandler) {
+ this.roleAuthenticationFilter = roleAuthenticationFilter;
+ this.customAuthenticationEntryPoint = customAuthenticationEntryPoint;
+ this.customAccessDeniedHandler = customAccessDeniedHandler;
+ }
+
+@Bean
+public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+ CookieCsrfTokenRepository csrfTokenRepository = new CookieCsrfTokenRepository();
+ csrfTokenRepository.setCookieHttpOnly(true);
+ csrfTokenRepository.setCookiePath("/");
+ http
+ .csrf(csrf -> csrf.disable())
+ .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+ .authorizeHttpRequests(auth -> auth
+ .requestMatchers("/user/**").permitAll()
+ .anyRequest().authenticated()
+ )
+ .exceptionHandling(ex -> ex
+ .authenticationEntryPoint(customAuthenticationEntryPoint)
+ .accessDeniedHandler(customAccessDeniedHandler)
+ )
+ .addFilterBefore(roleAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+ return http.build();
+}
+}
diff --git a/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java b/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java
index 5e80ac6d..ed8d170e 100644
--- a/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java
+++ b/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java
@@ -21,12 +21,15 @@
*/
package com.iemr.mmu.utils.redis;
+import java.util.List;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.connection.RedisConnection;
import org.springframework.data.redis.connection.RedisStringCommands.SetOption;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.types.Expiration;
import org.springframework.stereotype.Component;
@@ -106,4 +109,27 @@ public String updateObject(String key, String value , int expirationTime) throws
return key;
}
+ @Autowired
+ private RedisTemplate redisTemplate;
+
+ public void cacheUserRoles(Long userId, List roles) {
+ try {
+ String key = "roles:" + userId;
+ redisTemplate.delete(key); // Clear previous cache
+ redisTemplate.opsForList().rightPushAll(key, roles);
+ } catch (Exception e) {
+ logger.warn("Failed to cache role for user {} : {} ", userId, e.getMessage());
+ }
+
+ }
+
+ public List getUserRoleFromCache(Long userId) {
+ try {
+ return redisTemplate.opsForList().range("roles:" + userId, 0, -1);
+ } catch (Exception e) {
+ logger.warn("Failed to retrieve cached role for user {} : {} ", userId, e.getMessage());
+ return null;
+ }
+ }
+
}