Skip to content

Role Based Broken Access Control Implementation : WASA #104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vanitha1822 merged 7 commits into from
Nov 27, 2025
Merged

Role Based Broken Access Control Implementation : WASA #104

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7d7020c
fix: add @preAuthorize to RBAC
vanitha1822 Nov 18, 2025
732fca4
fix: wasa RBAC implementation
vanitha1822 Nov 27, 2025
41df6e2
Merge branch 'release-3.6.1' into nd/vs/wasa_1921
vanitha1822 Nov 27, 2025
5b7b281
fix: remove duplicate dependency
vanitha1822 Nov 27, 2025
bd9dae2
fix: coderabbit comments
vanitha1822 Nov 27, 2025
aa303bf
fix: update role
vanitha1822 Nov 27, 2025
8fa3350
fix: enable the request matcher
vanitha1822 Nov 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
Expand All @@ -71,6 +75,7 @@
<artifactId>logback-ecs-encoder</artifactId>
<version>1.3.2</version>
</dependency>

<!-- Swagger -->
<dependency>
<groupId>org.springdoc</groupId>
Expand Down
15 changes: 15 additions & 0 deletions src/main/java/com/iemr/tm/controller/anc/AntenatalCareController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;

import org.springframework.web.bind.annotation.PostMapping;
Expand Down Expand Up @@ -66,6 +67,7 @@ public void setAncServiceImpl(ANCServiceImpl ancServiceImpl) {
*/
@Operation(summary = "Save ANC nurse data")
@PostMapping(value = { "/save/nurseData" })
@PreAuthorize("hasRole('NURSE') ")
public String saveBenANCNurseData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) throws Exception {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -98,6 +100,7 @@ public String saveBenANCNurseData(@RequestBody String requestObj,

@Operation(summary = "Save ANC doctor data")
@PostMapping(value = { "/save/doctorData" })
@PreAuthorize("hasRole('DOCTOR') ")
public String saveBenANCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -132,6 +135,7 @@ public String saveBenANCDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get ANC beneficiary visit details from nurse")
@PostMapping(value = { "/getBenVisitDetailsFrmNurseANC" })
@Transactional(rollbackFor = Exception.class)
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVisitDetailsFrmNurseANC(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand All @@ -158,6 +162,7 @@ public String getBenVisitDetailsFrmNurseANC(
@Operation(summary = "Get ANC beneficiary details from nurse")
@PostMapping(value = { "/getBenANCDetailsFrmNurseANC" })
@Transactional(rollbackFor = Exception.class)
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenANCDetailsFrmNurseANC(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand All @@ -184,6 +189,7 @@ public String getBenANCDetailsFrmNurseANC(

@Operation(summary = "Get ANC beneficiary history from nurse")
@PostMapping(value = { "/getBenANCHistoryDetails" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenANCHistoryDetails(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand All @@ -209,6 +215,7 @@ public String getBenANCHistoryDetails(

@Operation(summary = "Get ANC beneficiary vitals from nurse")
@PostMapping(value = { "/getBenANCVitalDetailsFrmNurseANC" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenANCVitalDetailsFrmNurseANC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand All @@ -235,6 +242,7 @@ public String getBenANCVitalDetailsFrmNurseANC(

@Operation(summary = "Get ANC beneficiary examination details from nurse")
@PostMapping(value = { "/getBenExaminationDetailsANC" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenExaminationDetailsANC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand All @@ -260,6 +268,7 @@ public String getBenExaminationDetailsANC(

@Operation(summary = "Get ANC beneficiary case record")
@PostMapping(value = { "/getBenCaseRecordFromDoctorANC" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
@Transactional(rollbackFor = Exception.class)
public String getBenCaseRecordFromDoctorANC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
Expand Down Expand Up @@ -288,6 +297,7 @@ public String getBenCaseRecordFromDoctorANC(
@Operation(summary = "Check high risk pregnancy status for ANC beneficiary")
@PostMapping(value = { "/getHRPStatus" })
@Transactional(rollbackFor = Exception.class)
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getHRPStatus(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -316,6 +326,7 @@ public String getHRPStatus(

@Operation(summary = "Update ANC beneficiary data")
@PostMapping(value = { "/update/ANCScreen" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateANCCareNurse(@RequestBody String requestObj) {

OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -344,6 +355,7 @@ public String updateANCCareNurse(@RequestBody String requestObj) {

@Operation(summary = "Update ANC beneficiary history")
@PostMapping(value = { "/update/historyScreen" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateANCHistoryNurse(@RequestBody String requestObj) {

OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -372,6 +384,7 @@ public String updateANCHistoryNurse(@RequestBody String requestObj) {

@Operation(summary = "Update ANC beneficiary vitals")
@PostMapping(value = { "/update/vitalScreen" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateANCVitalNurse(@RequestBody String requestObj) {

OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -400,6 +413,7 @@ public String updateANCVitalNurse(@RequestBody String requestObj) {

@Operation(summary = "Update ANC examination data")
@PostMapping(value = { "/update/examinationScreen" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateANCExaminationNurse(@RequestBody String requestObj) {

OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -428,6 +442,7 @@ public String updateANCExaminationNurse(@RequestBody String requestObj) {

@Operation(summary = "Update ANC doctor data")
@PostMapping(value = { "/update/doctorData" })
@PreAuthorize("hasRole('DOCTOR') ")
public String updateANCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {

Expand Down
17 changes: 17 additions & 0 deletions src/main/java/com/iemr/tm/controller/cancerscreening/CancerScreeningController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;

import org.springframework.web.bind.annotation.PostMapping;
Expand Down Expand Up @@ -70,6 +71,7 @@ public void setCancerScreeningServiceImpl(CSServiceImpl cSServiceImpl) {
*/
@Operation(summary = "Save cancer screening data collected by nurse")
@PostMapping(value = { "/save/nurseData" })
@PreAuthorize("hasRole('NURSE') ")
public String saveBenCancerScreeningNurseData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) throws Exception {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -106,6 +108,7 @@ public String saveBenCancerScreeningNurseData(@RequestBody String requestObj,
*/
@Operation(summary = "Update cancer screening data by the doctor")
@PostMapping(value = { "/save/doctorData" })
@PreAuthorize("hasRole('DOCTOR') ")
public String saveBenCancerScreeningDoctorData(@RequestBody String requestObj,
@RequestHeader String Authorization) {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -137,6 +140,7 @@ public String saveBenCancerScreeningDoctorData(@RequestBody String requestObj,

@Operation(summary = "Get beneficiary visit details")
@PostMapping(value = { "/getBenDataFrmNurseToDocVisitDetailsScreen" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -166,6 +170,7 @@ public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
*/
@Operation(summary = "Get beneficiary cancer history")
@PostMapping(value = { "/getBenDataFrmNurseToDocHistoryScreen" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenDataFrmNurseScrnToDocScrnHistory(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -195,6 +200,7 @@ public String getBenDataFrmNurseScrnToDocScrnHistory(
*/
@Operation(summary = "Get beneficiary vitals")
@PostMapping(value = { "/getBenDataFrmNurseToDocVitalScreen" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenDataFrmNurseScrnToDocScrnVital(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -224,6 +230,7 @@ public String getBenDataFrmNurseScrnToDocScrnVital(
*/
@Operation(summary = "Get beneficiary examination details")
@PostMapping(value = { "/getBenDataFrmNurseToDocExaminationScreen" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenDataFrmNurseScrnToDocScrnExamination(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -253,6 +260,7 @@ public String getBenDataFrmNurseScrnToDocScrnExamination(
*/
@Operation(summary = "Get beneficiary family history")
@PostMapping(value = { "/getBenCancerFamilyHistory" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCancerFamilyHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -284,6 +292,7 @@ public String getBenCancerFamilyHistory(
*/
@Operation(summary = "Get beneficiary personal history")
@PostMapping(value = { "/getBenCancerPersonalHistory" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCancerPersonalHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -315,6 +324,7 @@ public String getBenCancerPersonalHistory(
*/
@Operation(summary = "Get beneficiary personal diet history")
@PostMapping(value = { "/getBenCancerPersonalDietHistory" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCancerPersonalDietHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -346,6 +356,7 @@ public String getBenCancerPersonalDietHistory(
*/
@Operation(summary = "Get beneficiary obstetric history")
@PostMapping(value = { "/getBenCancerObstetricHistory" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCancerObstetricHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -376,6 +387,7 @@ public String getBenCancerObstetricHistory(
*/
@Operation(summary = "Get beneficiary case record and referral details")
@PostMapping(value = { "/getBenCaseRecordFromDoctorCS" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
@Transactional(rollbackFor = Exception.class)
public String getBenCaseRecordFromDoctorCS(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
Expand All @@ -402,6 +414,7 @@ public String getBenCaseRecordFromDoctorCS(

@Operation(summary = "Update cancer screening history")
@PostMapping(value = { "/update/historyScreen" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateCSHistoryNurse(
@Param(value = "{\"historyDetails\": {\"familyHistory\":{\"diseases\": [{\"beneficiaryRegID\":\"Long\", \"benVisitID\":\"Long\", "
+ "\"providerServiceMapID\":\"Integer\", \"cancerDiseaseType\":\"String\", \"otherDiseaseType\":\"String\", \"familyMemberList\":\"List\", "
Expand Down Expand Up @@ -453,6 +466,7 @@ public String updateCSHistoryNurse(
*/
@Operation(summary = "Update beneficiary vitals")
@PostMapping(value = { "/update/vitalScreen" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String upodateBenVitalDetail(
@Param(value = "{\"ID\": \"Long\", \"beneficiaryRegID\":\"Long\",\"benVisitID\":\"Long\","
+ "\"weight_Kg\":\"Double\", \"height_cm\":\"Double\", \"waistCircumference_cm\":\"Double\", \"bloodGlucose_Fasting\":\"Short\","
Expand Down Expand Up @@ -491,6 +505,7 @@ public String upodateBenVitalDetail(
*/
@Operation(summary = "Update beneficiary examination details")
@PostMapping(value = { "/update/examinationScreen" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String upodateBenExaminationDetail(@RequestBody String requestObj) {

OutputResponse response = new OutputResponse();
Expand Down Expand Up @@ -526,6 +541,7 @@ public String upodateBenExaminationDetail(@RequestBody String requestObj) {
*/
@Operation(summary = "Update cancer diagnosis details by oncologist")
@PostMapping(value = { "/update/examinationScreen/diagnosis" })
@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('ONCOLOGIST') ")
public String updateCancerDiagnosisDetailsByOncologist(
@Param(value = "{\"beneficiaryRegID\":\"Long\", \"benVisitID\":\"Long\", \"visitCode\":\"Long\", "
+ "\"provisionalDiagnosisOncologist\":\"String\", \"modifiedBy\":\"string\"}") @RequestBody String requestObj) {
Expand Down Expand Up @@ -560,6 +576,7 @@ public String updateCancerDiagnosisDetailsByOncologist(
*/
@Operation(summary = "Update cancer screening data")
@PostMapping(value = { "/update/doctorData" })
@PreAuthorize("hasRole('DOCTOR') ")
public String updateCancerScreeningDoctorData(@RequestBody String requestObj) {

OutputResponse response = new OutputResponse();
Expand Down
Loading