Merge Release 3.6.1 to main (#137)

* Update version in pom.xml to 3.4.0

* story: amm-1668 task - 1754

* story: amm-1668 task - 1754 dto updated (#92)

* story: amm-1668 task - 1754 dto updated (#93)

* story: amm-1668 task - 1754 dto updated

* story: amm-1668 task - 1754

* fix: amm-1879 doctor signature was not coming for ncdcare

* fix: aam-1896 prescribed quantity was not coming in the casesheet

* Update pom.xml

3.4.0 to 3.4.1

* fix: amm-1919 fix for update doctor data for higher refferal data

* fix: signature enhancement for casesheet

* fix: signature enhancement for casesheet

* fix: signature enhancement for casesheet

* fix: signature enhancement for casesheet for ncdscreening

* fix: updated beneficiaryflowststusrepo file

* fix: wasa-IDOR Vulnerability

* fix: coderabbit comments

* fix: amm-1927 res headers based on origin via allowed cors

* fix: amm-1927 coderabbit comments resolved

* localhost regex added

* Update regex pattern for localhost in interceptor

* fix: remove userid from request

* Role Based Broken Access Control Implementation : WASA (#104)

* fix: add @PreAuthorize to RBAC

* fix: wasa RBAC implementation

* fix: remove duplicate dependency

* fix: coderabbit comments

* fix: update role

* fix: enable the request matcher

* fix:1896 added space for single dose after food string due

* fix:1896 added single dose after and before food confition for calculated qntity

* fix: role based on both jwt and auth token

* add role in register api

* Downgrade from 3.6.2 to 3.6.1 (#132)

* fix: amm-2063 added beneficiarytype but not reflecting in the DB level

* Bump version from 3.6.0 to 3.6.2

* fix: amm-2063 updated the updateBeneficiary flow

* Downgrade version from 3.6.2 to 3.6.1

---------

Co-authored-by: SnehaRH <sneha@navadhiti.com>
Co-authored-by: SnehaRH <77656297+snehar-nd@users.noreply.github.com>

* Cherry-pick health and version API enhancements to release-3.6.1 (#136)

* feat(healt,version): add health and version endpoints

* fix(health): improve Redis health semantics when not configured

* fix(health): scope PROCESSLIST lock-wait check to application DB user

* fix(health):  Removed the unused import

* fix(health): avoid blocking DB I/O under write lock and restore interrupt flag

* fix: add missin close brace

* fix(health): cancel in-flight futures on generic failure

* fix(health): fail-open on advanced MySQL check exceptions to avoid false degraded state

---------

Co-authored-by: Amoghavarsh <93114621+5Amogh@users.noreply.github.com>
Co-authored-by: 5Amogh <amoghavarsh@navadhiti.com>
Co-authored-by: SnehaRH <sneha@navadhiti.com>
Co-authored-by: SnehaRH <77656297+snehar-nd@users.noreply.github.com>
Co-authored-by: Saurav Mishra <80103738+SauravBizbRolly@users.noreply.github.com>
Co-authored-by: Saurav Mishra <saurav.mishra@bizbrolly.com>
Co-authored-by: KOPPIREDDY DURGA PRASAD <144464542+DurgaPrasad-54@users.noreply.github.com>

Author: 5 people

pom.xml

@@ -6,7 +6,7 @@
 
 	<groupId>com.iemr.tm</groupId>
 	<artifactId>tm-api</artifactId>
-	<version>3.4.0</version>
+	<version>3.6.1</version>
 	<packaging>war</packaging>
 
 	<name>TM-API</name>
@@ -56,6 +56,10 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-aop</artifactId>
 		</dependency>
+		<dependency>
+    		<groupId>org.springframework.boot</groupId>
+    		<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>
@@ -71,6 +75,7 @@
 			<artifactId>logback-ecs-encoder</artifactId>
 			<version>1.3.2</version>
 		</dependency>
+		
 		<!-- Swagger -->
 		<dependency>
 			<groupId>org.springdoc</groupId>

src/main/environment/common_ci.properties

@@ -10,7 +10,7 @@ carestreamOrderCreateURL=@env.COMMON_API@carestream/createOrder
 
 ## Identity - Common URLs
 #  Registration
-registrationUrl =@env.COMMON_API@beneficiary/create
+registrationUrl =@env.COMMON_API@beneficiary/createBeneficiary
 
 registrarQuickSearchByIdUrl =@env.COMMON_API@beneficiary/searchUserByID
 
@@ -19,7 +19,7 @@ registrarQuickSearchByPhoneNoUrl =@env.COMMON_API@beneficiary/searchUserByPhone
 getBenImageFromIdentity =@env.IDENTITY_API@id/benImageByBenRegID
 
 ##beneficiary edit
-beneficiaryEditUrl =@env.COMMON_API@beneficiary/update
+beneficiaryEditUrl =@env.COMMON_API@beneficiary/updateBenefciaryDetails
 
 ## Advance Search
 registrarAdvanceSearchUrl =@env.COMMON_API@beneficiary/searchBeneficiary

src/main/environment/common_docker.properties

@@ -10,7 +10,7 @@ carestreamOrderCreateURL=${COMMON_API}/carestream/createOrder
 
 ## Identity - Common URLs
 #  Registration
-registrationUrl=${COMMON_API}/beneficiary/create
+registrationUrl=${COMMON_API}/beneficiary/createBeneficiary
 
 registrarQuickSearchByIdUrl=${COMMON_API}/beneficiary/searchUserByID
 
@@ -19,7 +19,7 @@ registrarQuickSearchByPhoneNoUrl=${COMMON_API}/beneficiary/searchUserByPhone
 getBenImageFromIdentity=${IDENTITY_API}/id/benImageByBenRegID
 
 ## beneficiary edit
-beneficiaryEditUrl=${COMMON_API}/beneficiary/update
+beneficiaryEditUrl=${COMMON_API}/beneficiary/updateBenefciaryDetails
 
 ## Advance Search
 registrarAdvanceSearchUrl=${COMMON_API}/beneficiary/searchBeneficiary

src/main/environment/common_example.properties

@@ -11,7 +11,7 @@ carestreamOrderCreateURL =http://localhost:8083/carestream/createOrder
 
 ## Identity - Common URLs
 #  Registration
-registrationUrl =http://localhost:8083/beneficiary/create
+registrationUrl =http://localhost:8083/beneficiary/createBeneficiary
 
 registrarQuickSearchByIdUrl =http://localhost:8083/beneficiary/searchUserByID
 
@@ -20,7 +20,7 @@ registrarQuickSearchByPhoneNoUrl =http://localhost:8083/beneficiary/searchUserBy
 getBenImageFromIdentity =http://localhost:8094/id/benImageByBenRegID
 
 ##beneficiary edit
-beneficiaryEditUrl =http://localhost:8083/beneficiary/update
+beneficiaryEditUrl =http://localhost:8083/beneficiary/updateBenefciaryDetails
 
 ## Advance Search
 registrarAdvanceSearchUrl =http://localhost:8083/beneficiary/searchBeneficiary

src/main/java/com/iemr/tm/controller/anc/AntenatalCareController.java

@@ -25,6 +25,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 
 import org.springframework.web.bind.annotation.PostMapping;
@@ -66,6 +67,7 @@ public void setAncServiceImpl(ANCServiceImpl ancServiceImpl) {
 	 */
 	@Operation(summary = "Save ANC nurse data")
 	@PostMapping(value = { "/save/nurseData" })
+	@PreAuthorize("hasRole('NURSE') ")
 	public String saveBenANCNurseData(@RequestBody String requestObj,
 			@RequestHeader(value = "Authorization") String Authorization) throws Exception {
 		OutputResponse response = new OutputResponse();
@@ -98,6 +100,7 @@ public String saveBenANCNurseData(@RequestBody String requestObj,
 
 	@Operation(summary = "Save ANC doctor data")
 	@PostMapping(value = { "/save/doctorData" })
+	@PreAuthorize("hasRole('DOCTOR') ")
 	public String saveBenANCDoctorData(@RequestBody String requestObj,
 			@RequestHeader(value = "Authorization") String Authorization) {
 		OutputResponse response = new OutputResponse();
@@ -132,6 +135,7 @@ public String saveBenANCDoctorData(@RequestBody String requestObj,
 	@Operation(summary = "Get ANC beneficiary visit details from nurse")
 	@PostMapping(value = { "/getBenVisitDetailsFrmNurseANC" })
 	@Transactional(rollbackFor = Exception.class)
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenVisitDetailsFrmNurseANC(
 			@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -158,6 +162,7 @@ public String getBenVisitDetailsFrmNurseANC(
 	@Operation(summary = "Get ANC beneficiary details from nurse")
 	@PostMapping(value = { "/getBenANCDetailsFrmNurseANC" })
 	@Transactional(rollbackFor = Exception.class)
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenANCDetailsFrmNurseANC(
 			@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -184,6 +189,7 @@ public String getBenANCDetailsFrmNurseANC(
 
 	@Operation(summary = "Get ANC beneficiary history from nurse")
 	@PostMapping(value = { "/getBenANCHistoryDetails" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenANCHistoryDetails(
 			@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -209,6 +215,7 @@ public String getBenANCHistoryDetails(
 
 	@Operation(summary = "Get ANC beneficiary vitals from nurse")
 	@PostMapping(value = { "/getBenANCVitalDetailsFrmNurseANC" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenANCVitalDetailsFrmNurseANC(
 			@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -235,6 +242,7 @@ public String getBenANCVitalDetailsFrmNurseANC(
 
 	@Operation(summary = "Get ANC beneficiary examination details from nurse")
 	@PostMapping(value = { "/getBenExaminationDetailsANC" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenExaminationDetailsANC(
 			@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -260,6 +268,7 @@ public String getBenExaminationDetailsANC(
 
 	@Operation(summary = "Get ANC beneficiary case record")
 	@PostMapping(value = { "/getBenCaseRecordFromDoctorANC" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	@Transactional(rollbackFor = Exception.class)
 	public String getBenCaseRecordFromDoctorANC(
 			@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -288,6 +297,7 @@ public String getBenCaseRecordFromDoctorANC(
 	@Operation(summary = "Check high risk pregnancy status for ANC beneficiary")
 	@PostMapping(value = { "/getHRPStatus" })
 	@Transactional(rollbackFor = Exception.class)
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getHRPStatus(
 			@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -316,6 +326,7 @@ public String getHRPStatus(
 
 	@Operation(summary = "Update ANC beneficiary data")
 	@PostMapping(value = { "/update/ANCScreen" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String updateANCCareNurse(@RequestBody String requestObj) {
 
 		OutputResponse response = new OutputResponse();
@@ -344,6 +355,7 @@ public String updateANCCareNurse(@RequestBody String requestObj) {
 
 	@Operation(summary = "Update ANC beneficiary history")
 	@PostMapping(value = { "/update/historyScreen" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String updateANCHistoryNurse(@RequestBody String requestObj) {
 
 		OutputResponse response = new OutputResponse();
@@ -372,6 +384,7 @@ public String updateANCHistoryNurse(@RequestBody String requestObj) {
 
 	@Operation(summary = "Update ANC beneficiary vitals")
 	@PostMapping(value = { "/update/vitalScreen" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String updateANCVitalNurse(@RequestBody String requestObj) {
 
 		OutputResponse response = new OutputResponse();
@@ -400,6 +413,7 @@ public String updateANCVitalNurse(@RequestBody String requestObj) {
 
 	@Operation(summary = "Update ANC examination data")
 	@PostMapping(value = { "/update/examinationScreen" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String updateANCExaminationNurse(@RequestBody String requestObj) {
 
 		OutputResponse response = new OutputResponse();
@@ -428,6 +442,7 @@ public String updateANCExaminationNurse(@RequestBody String requestObj) {
 
 	@Operation(summary = "Update ANC doctor data")
 	@PostMapping(value = { "/update/doctorData" })
+	@PreAuthorize("hasRole('DOCTOR') ")
 	public String updateANCDoctorData(@RequestBody String requestObj,
 			@RequestHeader(value = "Authorization") String Authorization) {
 

src/main/java/com/iemr/tm/controller/cancerscreening/CancerScreeningController.java

@@ -25,6 +25,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 
 import org.springframework.web.bind.annotation.PostMapping;
@@ -70,6 +71,7 @@ public void setCancerScreeningServiceImpl(CSServiceImpl cSServiceImpl) {
 	 */
 	@Operation(summary = "Save cancer screening data collected by nurse")
 	@PostMapping(value = { "/save/nurseData" })
+	@PreAuthorize("hasRole('NURSE') ")
 	public String saveBenCancerScreeningNurseData(@RequestBody String requestObj,
 			@RequestHeader(value = "Authorization") String Authorization) throws Exception {
 		OutputResponse response = new OutputResponse();
@@ -106,6 +108,7 @@ public String saveBenCancerScreeningNurseData(@RequestBody String requestObj,
 	 */
 	@Operation(summary = "Update cancer screening data by the doctor")
 	@PostMapping(value = { "/save/doctorData" })
+	@PreAuthorize("hasRole('DOCTOR') ")
 	public String saveBenCancerScreeningDoctorData(@RequestBody String requestObj,
 			@RequestHeader String Authorization) {
 		OutputResponse response = new OutputResponse();
@@ -137,6 +140,7 @@ public String saveBenCancerScreeningDoctorData(@RequestBody String requestObj,
 
 	@Operation(summary = "Get beneficiary visit details")
 	@PostMapping(value = { "/getBenDataFrmNurseToDocVisitDetailsScreen" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
 			@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -166,6 +170,7 @@ public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
 	 */
 	@Operation(summary = "Get beneficiary cancer history")
 	@PostMapping(value = { "/getBenDataFrmNurseToDocHistoryScreen" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenDataFrmNurseScrnToDocScrnHistory(
 			@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -195,6 +200,7 @@ public String getBenDataFrmNurseScrnToDocScrnHistory(
 	 */
 	@Operation(summary = "Get beneficiary vitals")
 	@PostMapping(value = { "/getBenDataFrmNurseToDocVitalScreen" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenDataFrmNurseScrnToDocScrnVital(
 			@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -224,6 +230,7 @@ public String getBenDataFrmNurseScrnToDocScrnVital(
 	 */
 	@Operation(summary = "Get beneficiary examination details")
 	@PostMapping(value = { "/getBenDataFrmNurseToDocExaminationScreen" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenDataFrmNurseScrnToDocScrnExamination(
 			@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -253,6 +260,7 @@ public String getBenDataFrmNurseScrnToDocScrnExamination(
 	 */
 	@Operation(summary = "Get beneficiary family history")
 	@PostMapping(value = { "/getBenCancerFamilyHistory" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenCancerFamilyHistory(
 			@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -284,6 +292,7 @@ public String getBenCancerFamilyHistory(
 	 */
 	@Operation(summary = "Get beneficiary personal history")
 	@PostMapping(value = { "/getBenCancerPersonalHistory" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenCancerPersonalHistory(
 			@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -315,6 +324,7 @@ public String getBenCancerPersonalHistory(
 	 */
 	@Operation(summary = "Get beneficiary personal diet history")
 	@PostMapping(value = { "/getBenCancerPersonalDietHistory" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenCancerPersonalDietHistory(
 			@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -346,6 +356,7 @@ public String getBenCancerPersonalDietHistory(
 	 */
 	@Operation(summary = "Get beneficiary obstetric history")
 	@PostMapping(value = { "/getBenCancerObstetricHistory" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String getBenCancerObstetricHistory(
 			@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
 		OutputResponse response = new OutputResponse();
@@ -376,6 +387,7 @@ public String getBenCancerObstetricHistory(
 	 */
 	@Operation(summary = "Get beneficiary case record and referral details")
 	@PostMapping(value = { "/getBenCaseRecordFromDoctorCS" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	@Transactional(rollbackFor = Exception.class)
 	public String getBenCaseRecordFromDoctorCS(
 			@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -402,6 +414,7 @@ public String getBenCaseRecordFromDoctorCS(
 
 	@Operation(summary = "Update cancer screening history")
 	@PostMapping(value = { "/update/historyScreen" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String updateCSHistoryNurse(
 			@Param(value = "{\"historyDetails\": {\"familyHistory\":{\"diseases\": [{\"beneficiaryRegID\":\"Long\", \"benVisitID\":\"Long\", "
 					+ "\"providerServiceMapID\":\"Integer\", \"cancerDiseaseType\":\"String\", \"otherDiseaseType\":\"String\", \"familyMemberList\":\"List\", "
@@ -453,6 +466,7 @@ public String updateCSHistoryNurse(
 	 */
 	@Operation(summary = "Update beneficiary vitals")
 	@PostMapping(value = { "/update/vitalScreen" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String upodateBenVitalDetail(
 			@Param(value = "{\"ID\": \"Long\", \"beneficiaryRegID\":\"Long\",\"benVisitID\":\"Long\","
 					+ "\"weight_Kg\":\"Double\", \"height_cm\":\"Double\", \"waistCircumference_cm\":\"Double\", \"bloodGlucose_Fasting\":\"Short\","
@@ -491,6 +505,7 @@ public String upodateBenVitalDetail(
 	 */
 	@Operation(summary = "Update beneficiary examination details")
 	@PostMapping(value = { "/update/examinationScreen" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
 	public String upodateBenExaminationDetail(@RequestBody String requestObj) {
 
 		OutputResponse response = new OutputResponse();
@@ -526,6 +541,7 @@ public String upodateBenExaminationDetail(@RequestBody String requestObj) {
 	 */
 	@Operation(summary = "Update cancer diagnosis details by oncologist")
 	@PostMapping(value = { "/update/examinationScreen/diagnosis" })
+	@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('ONCOLOGIST') ")
 	public String updateCancerDiagnosisDetailsByOncologist(
 			@Param(value = "{\"beneficiaryRegID\":\"Long\", \"benVisitID\":\"Long\", \"visitCode\":\"Long\", "
 					+ "\"provisionalDiagnosisOncologist\":\"String\", \"modifiedBy\":\"string\"}") @RequestBody String requestObj) {
@@ -560,6 +576,7 @@ public String updateCancerDiagnosisDetailsByOncologist(
 	 */
 	@Operation(summary = "Update cancer screening data")
 	@PostMapping(value = { "/update/doctorData" })
+	@PreAuthorize("hasRole('DOCTOR') ")
 	public String updateCancerScreeningDoctorData(@RequestBody String requestObj) {
 
 		OutputResponse response = new OutputResponse();