diff --git a/pom.xml b/pom.xml
index 704ab711..0c48c904 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
com.iemr.tm
tm-api
- 3.4.1
+ 3.6.0
war
TM-API
@@ -56,6 +56,10 @@
org.springframework.boot
spring-boot-starter-aop
+
+ org.springframework.boot
+ spring-boot-starter-security
+
org.springframework.boot
spring-boot-starter
@@ -71,6 +75,7 @@
logback-ecs-encoder
1.3.2
+
org.springdoc
diff --git a/src/main/java/com/iemr/tm/controller/anc/AntenatalCareController.java b/src/main/java/com/iemr/tm/controller/anc/AntenatalCareController.java
index aef00a49..2d048061 100644
--- a/src/main/java/com/iemr/tm/controller/anc/AntenatalCareController.java
+++ b/src/main/java/com/iemr/tm/controller/anc/AntenatalCareController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -66,6 +67,7 @@ public void setAncServiceImpl(ANCServiceImpl ancServiceImpl) {
*/
@Operation(summary = "Save ANC nurse data")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE') ")
public String saveBenANCNurseData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) throws Exception {
OutputResponse response = new OutputResponse();
@@ -98,6 +100,7 @@ public String saveBenANCNurseData(@RequestBody String requestObj,
@Operation(summary = "Save ANC doctor data")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String saveBenANCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -132,6 +135,7 @@ public String saveBenANCDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get ANC beneficiary visit details from nurse")
@PostMapping(value = { "/getBenVisitDetailsFrmNurseANC" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVisitDetailsFrmNurseANC(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -158,6 +162,7 @@ public String getBenVisitDetailsFrmNurseANC(
@Operation(summary = "Get ANC beneficiary details from nurse")
@PostMapping(value = { "/getBenANCDetailsFrmNurseANC" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenANCDetailsFrmNurseANC(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -184,6 +189,7 @@ public String getBenANCDetailsFrmNurseANC(
@Operation(summary = "Get ANC beneficiary history from nurse")
@PostMapping(value = { "/getBenANCHistoryDetails" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenANCHistoryDetails(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -209,6 +215,7 @@ public String getBenANCHistoryDetails(
@Operation(summary = "Get ANC beneficiary vitals from nurse")
@PostMapping(value = { "/getBenANCVitalDetailsFrmNurseANC" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenANCVitalDetailsFrmNurseANC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -235,6 +242,7 @@ public String getBenANCVitalDetailsFrmNurseANC(
@Operation(summary = "Get ANC beneficiary examination details from nurse")
@PostMapping(value = { "/getBenExaminationDetailsANC" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenExaminationDetailsANC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -260,6 +268,7 @@ public String getBenExaminationDetailsANC(
@Operation(summary = "Get ANC beneficiary case record")
@PostMapping(value = { "/getBenCaseRecordFromDoctorANC" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
@Transactional(rollbackFor = Exception.class)
public String getBenCaseRecordFromDoctorANC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -288,6 +297,7 @@ public String getBenCaseRecordFromDoctorANC(
@Operation(summary = "Check high risk pregnancy status for ANC beneficiary")
@PostMapping(value = { "/getHRPStatus" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getHRPStatus(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -316,6 +326,7 @@ public String getHRPStatus(
@Operation(summary = "Update ANC beneficiary data")
@PostMapping(value = { "/update/ANCScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateANCCareNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -344,6 +355,7 @@ public String updateANCCareNurse(@RequestBody String requestObj) {
@Operation(summary = "Update ANC beneficiary history")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateANCHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -372,6 +384,7 @@ public String updateANCHistoryNurse(@RequestBody String requestObj) {
@Operation(summary = "Update ANC beneficiary vitals")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateANCVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -400,6 +413,7 @@ public String updateANCVitalNurse(@RequestBody String requestObj) {
@Operation(summary = "Update ANC examination data")
@PostMapping(value = { "/update/examinationScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateANCExaminationNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -428,6 +442,7 @@ public String updateANCExaminationNurse(@RequestBody String requestObj) {
@Operation(summary = "Update ANC doctor data")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String updateANCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
diff --git a/src/main/java/com/iemr/tm/controller/cancerscreening/CancerScreeningController.java b/src/main/java/com/iemr/tm/controller/cancerscreening/CancerScreeningController.java
index 09e217f4..b74f7427 100644
--- a/src/main/java/com/iemr/tm/controller/cancerscreening/CancerScreeningController.java
+++ b/src/main/java/com/iemr/tm/controller/cancerscreening/CancerScreeningController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -70,6 +71,7 @@ public void setCancerScreeningServiceImpl(CSServiceImpl cSServiceImpl) {
*/
@Operation(summary = "Save cancer screening data collected by nurse")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE') ")
public String saveBenCancerScreeningNurseData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) throws Exception {
OutputResponse response = new OutputResponse();
@@ -106,6 +108,7 @@ public String saveBenCancerScreeningNurseData(@RequestBody String requestObj,
*/
@Operation(summary = "Update cancer screening data by the doctor")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String saveBenCancerScreeningDoctorData(@RequestBody String requestObj,
@RequestHeader String Authorization) {
OutputResponse response = new OutputResponse();
@@ -137,6 +140,7 @@ public String saveBenCancerScreeningDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get beneficiary visit details")
@PostMapping(value = { "/getBenDataFrmNurseToDocVisitDetailsScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -166,6 +170,7 @@ public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
*/
@Operation(summary = "Get beneficiary cancer history")
@PostMapping(value = { "/getBenDataFrmNurseToDocHistoryScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenDataFrmNurseScrnToDocScrnHistory(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -195,6 +200,7 @@ public String getBenDataFrmNurseScrnToDocScrnHistory(
*/
@Operation(summary = "Get beneficiary vitals")
@PostMapping(value = { "/getBenDataFrmNurseToDocVitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenDataFrmNurseScrnToDocScrnVital(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -224,6 +230,7 @@ public String getBenDataFrmNurseScrnToDocScrnVital(
*/
@Operation(summary = "Get beneficiary examination details")
@PostMapping(value = { "/getBenDataFrmNurseToDocExaminationScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenDataFrmNurseScrnToDocScrnExamination(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -253,6 +260,7 @@ public String getBenDataFrmNurseScrnToDocScrnExamination(
*/
@Operation(summary = "Get beneficiary family history")
@PostMapping(value = { "/getBenCancerFamilyHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCancerFamilyHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -284,6 +292,7 @@ public String getBenCancerFamilyHistory(
*/
@Operation(summary = "Get beneficiary personal history")
@PostMapping(value = { "/getBenCancerPersonalHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCancerPersonalHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -315,6 +324,7 @@ public String getBenCancerPersonalHistory(
*/
@Operation(summary = "Get beneficiary personal diet history")
@PostMapping(value = { "/getBenCancerPersonalDietHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCancerPersonalDietHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -346,6 +356,7 @@ public String getBenCancerPersonalDietHistory(
*/
@Operation(summary = "Get beneficiary obstetric history")
@PostMapping(value = { "/getBenCancerObstetricHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCancerObstetricHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -376,6 +387,7 @@ public String getBenCancerObstetricHistory(
*/
@Operation(summary = "Get beneficiary case record and referral details")
@PostMapping(value = { "/getBenCaseRecordFromDoctorCS" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
@Transactional(rollbackFor = Exception.class)
public String getBenCaseRecordFromDoctorCS(
@Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -402,6 +414,7 @@ public String getBenCaseRecordFromDoctorCS(
@Operation(summary = "Update cancer screening history")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateCSHistoryNurse(
@Param(value = "{\"historyDetails\": {\"familyHistory\":{\"diseases\": [{\"beneficiaryRegID\":\"Long\", \"benVisitID\":\"Long\", "
+ "\"providerServiceMapID\":\"Integer\", \"cancerDiseaseType\":\"String\", \"otherDiseaseType\":\"String\", \"familyMemberList\":\"List\", "
@@ -453,6 +466,7 @@ public String updateCSHistoryNurse(
*/
@Operation(summary = "Update beneficiary vitals")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String upodateBenVitalDetail(
@Param(value = "{\"ID\": \"Long\", \"beneficiaryRegID\":\"Long\",\"benVisitID\":\"Long\","
+ "\"weight_Kg\":\"Double\", \"height_cm\":\"Double\", \"waistCircumference_cm\":\"Double\", \"bloodGlucose_Fasting\":\"Short\","
@@ -491,6 +505,7 @@ public String upodateBenVitalDetail(
*/
@Operation(summary = "Update beneficiary examination details")
@PostMapping(value = { "/update/examinationScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String upodateBenExaminationDetail(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -526,6 +541,7 @@ public String upodateBenExaminationDetail(@RequestBody String requestObj) {
*/
@Operation(summary = "Update cancer diagnosis details by oncologist")
@PostMapping(value = { "/update/examinationScreen/diagnosis" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('ONCOLOGIST') ")
public String updateCancerDiagnosisDetailsByOncologist(
@Param(value = "{\"beneficiaryRegID\":\"Long\", \"benVisitID\":\"Long\", \"visitCode\":\"Long\", "
+ "\"provisionalDiagnosisOncologist\":\"String\", \"modifiedBy\":\"string\"}") @RequestBody String requestObj) {
@@ -560,6 +576,7 @@ public String updateCancerDiagnosisDetailsByOncologist(
*/
@Operation(summary = "Update cancer screening data")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String updateCancerScreeningDoctorData(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
diff --git a/src/main/java/com/iemr/tm/controller/common/main/WorklistController.java b/src/main/java/com/iemr/tm/controller/common/main/WorklistController.java
index 36217a88..a5bf46a4 100644
--- a/src/main/java/com/iemr/tm/controller/common/main/WorklistController.java
+++ b/src/main/java/com/iemr/tm/controller/common/main/WorklistController.java
@@ -27,6 +27,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
@@ -41,11 +42,14 @@
import com.iemr.tm.service.common.transaction.CommonDoctorServiceImpl;
import com.iemr.tm.service.common.transaction.CommonNurseServiceImpl;
import com.iemr.tm.service.common.transaction.CommonServiceImpl;
+import com.iemr.tm.utils.CookieUtil;
+import com.iemr.tm.utils.JwtUtil;
import com.iemr.tm.utils.mapper.InputMapper;
import com.iemr.tm.utils.response.OutputResponse;
import io.lettuce.core.dynamic.annotation.Param;
import io.swagger.v3.oas.annotations.Operation;
+import jakarta.servlet.http.HttpServletRequest;
@RestController
@RequestMapping(value = "/common", headers = "Authorization", consumes = "application/json", produces = "application/json")
@@ -57,6 +61,9 @@ public class WorklistController {
private CommonServiceImpl commonServiceImpl;
private InputMapper inputMapper = new InputMapper();
+ @Autowired
+ private JwtUtil jwtUtil;
+
@Autowired
public void setCommonServiceImpl(CommonServiceImpl commonServiceImpl) {
this.commonServiceImpl = commonServiceImpl;
@@ -75,6 +82,7 @@ public void setCommonNurseServiceImpl(CommonNurseServiceImpl commonNurseServiceI
// doc worklist new
@Operation(summary = "Get doctor worklist")
@GetMapping(value = { "/getDocWorklistNew/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String getDocWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("serviceID") Integer serviceID, @PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -99,6 +107,7 @@ public String getDocWorkListNew(@PathVariable("providerServiceMapID") Integer pr
// doc worklist new (TM future scheduled beneficiary)
@Operation(summary = "Get doctor future worklist scheduled for telemedicine")
@GetMapping(value = { "/getDocWorkListNewFutureScheduledForTM/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('TC_SPECIALIST') || hasRole('TCSPECIALIST') ")
public String getDocWorkListNewFutureScheduledForTM(
@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("serviceID") Integer serviceID, @PathVariable("vanID") Integer vanID) {
@@ -125,6 +134,7 @@ public String getDocWorkListNewFutureScheduledForTM(
// nurse worklist new
@Operation(summary = "Get nurse worklist")
@GetMapping(value = { "/getNurseWorklistNew/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('NURSE') ")
public String getNurseWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -144,6 +154,7 @@ public String getNurseWorkListNew(@PathVariable("providerServiceMapID") Integer
// nurse worklist TC schedule (current-date) new
@Operation(summary = "Get worklist for teleconsultation for the current date")
@GetMapping(value = { "/getNurseWorkListTcCurrentDate/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('TC_SPECIALIST') || hasRole('TCSPECIALIST') ")
public String getNurseWorkListTcCurrentDateNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -164,6 +175,7 @@ public String getNurseWorkListTcCurrentDateNew(@PathVariable("providerServiceMap
// nurse worklist TC schedule (future-date) new
@Operation(summary = "Get worklist for teleconsultation for the future date")
@GetMapping(value = { "/getNurseWorkListTcFutureDate/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('TC_SPECIALIST') || hasRole('TCSPECIALIST') ")
public String getNurseWorkListTcFutureDateNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -183,6 +195,7 @@ public String getNurseWorkListTcFutureDateNew(@PathVariable("providerServiceMapI
@Operation(summary = "Get previous significant findings")
@PostMapping(value = { "/getDoctorPreviousSignificantFindings" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String getDoctorPreviousSignificantFindings(
@Param(value = "{\"beneficiaryRegID\": \"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -209,6 +222,7 @@ public String getDoctorPreviousSignificantFindings(
// Get Lab technician worklist new
@Operation(summary = "Get lab technician worklist")
@GetMapping(value = { "/getLabWorklistNew/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('LAB_TECHNICIAN') || hasRole('LABTECHNICIAN') ")
public String getLabWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -229,6 +243,7 @@ public String getLabWorkListNew(@PathVariable("providerServiceMapID") Integer pr
// Get radiologist worklist new
@Operation(summary = "Get radiologist worklist")
@GetMapping(value = { "/getRadiologist-worklist-New/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('RADIOLOGIST') ")
public String getRadiologistWorklistNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -249,6 +264,7 @@ public String getRadiologistWorklistNew(@PathVariable("providerServiceMapID") In
// Get oncologist worklist new
@Operation(summary = "Get oncologist worklist")
@GetMapping(value = { "/getOncologist-worklist-New/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('ONCOLOGIST') ")
public String getOncologistWorklistNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -268,6 +284,7 @@ public String getOncologistWorklistNew(@PathVariable("providerServiceMapID") Int
// Get pharma worklist new
@Operation(summary = "Get pharmacist worklist")
@GetMapping(value = { "/getPharma-worklist-New/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('PHARMACIST') ")
public String getPharmaWorklistNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -287,7 +304,8 @@ public String getPharmaWorklistNew(@PathVariable("providerServiceMapID") Integer
@Operation(summary = "Print case sheet of beneficiary")
@PostMapping(value = { "/get/Case-sheet/printData" })
- public String getCasesheetPrintData(@RequestBody String comingReq,
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
+ public String getCasesheetPrintData(@RequestBody String comingReq,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
try {
@@ -307,6 +325,7 @@ public String getCasesheetPrintData(@RequestBody String comingReq,
// Start of Fetch Previous Medical History...
@Operation(summary = "Get beneficiary history")
@PostMapping(value = { "/getBenPastHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenPastHistory(@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -331,6 +350,7 @@ public String getBenPastHistory(@Param(value = "{\"benRegID\":\"Long\"}") @Reque
@Operation(summary = "Get beneficiary tobacco consumption history")
@PostMapping(value = { "/getBenTobaccoHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenTobaccoHistory(@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -355,6 +375,7 @@ public String getBenTobaccoHistory(@Param(value = "{\"benRegID\":\"Long\"}") @Re
@Operation(summary = "Get beneficiary alcohol consumption history")
@PostMapping(value = { "/getBenAlcoholHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenAlcoholHistory(@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -379,6 +400,7 @@ public String getBenAlcoholHistory(@Param(value = "{\"benRegID\":\"Long\"}") @Re
@Operation(summary = "Get beneficiary allergy history")
@PostMapping(value = { "/getBenAllergyHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenANCAllergyHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -404,6 +426,7 @@ public String getBenANCAllergyHistory(
@Operation(summary = "Get beneficiary medication history")
@PostMapping(value = { "/getBenMedicationHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenMedicationHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -429,6 +452,7 @@ public String getBenMedicationHistory(
@Operation(summary = "Get beneficiary family history")
@PostMapping(value = { "/getBenFamilyHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenFamilyHistory(@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -453,6 +477,7 @@ public String getBenFamilyHistory(@Param(value = "{\"benRegID\":\"Long\"}") @Req
@Operation(summary = "Get beneficiary menstrual history")
@PostMapping(value = { "/getBenMenstrualHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenMenstrualHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -478,6 +503,7 @@ public String getBenMenstrualHistory(
@Operation(summary = "Get beneficiary obstetric history")
@PostMapping(value = { "/getBenPastObstetricHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenPastObstetricHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -503,6 +529,7 @@ public String getBenPastObstetricHistory(
@Operation(summary = "Get beneficiary comorbidity condition details")
@PostMapping(value = { "/getBenComorbidityConditionHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenANCComorbidityConditionHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -528,6 +555,7 @@ public String getBenANCComorbidityConditionHistory(
@Operation(summary = "Get beneficiary optional vaccine details")
@PostMapping(value = { "/getBenOptionalVaccineHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenOptionalVaccineHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -553,6 +581,7 @@ public String getBenOptionalVaccineHistory(
@Operation(summary = "Get child beneficiary vaccine details")
@PostMapping(value = { "/getBenChildVaccineHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenImmunizationHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -578,6 +607,7 @@ public String getBenImmunizationHistory(
@Operation(summary = "Get beneficiary perinatal history")
@PostMapping(value = { "/getBenPerinatalHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenPerinatalHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -603,6 +633,7 @@ public String getBenPerinatalHistory(
@Operation(summary = "Get child beneficiary feeding history")
@PostMapping(value = { "/getBenFeedingHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenFeedingHistory(@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -627,6 +658,7 @@ public String getBenFeedingHistory(@Param(value = "{\"benRegID\":\"Long\"}") @Re
@Operation(summary = "Get child beneficiary development history")
@PostMapping(value = { "/getBenDevelopmentHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBenDevelopmentHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -658,6 +690,7 @@ public String getBenDevelopmentHistory(
*/
@Operation(summary = "Get beneficiary casesheet history")
@PostMapping(value = { "/getBeneficiaryCaseSheetHistory" })
+ @PreAuthorize("hasRole('DOCTOR') || hasRole('NURSE') ")
public String getBeneficiaryCaseSheetHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -676,20 +709,24 @@ public String getBeneficiaryCaseSheetHistory(
// TC specialist worklist new
@Operation(summary = "Get teleconsultation specialist worklist")
- @GetMapping(value = { "/getTCSpecialistWorklist/{providerServiceMapID}/{serviceID}/{userID}" })
+ @GetMapping(value = { "/getTCSpecialistWorklist/{providerServiceMapID}/{serviceID}" })
public String getTCSpecialistWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
- @PathVariable("userID") Integer userID, @PathVariable("serviceID") Integer serviceID) {
+ @PathVariable("serviceID") Integer serviceID, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
- if (providerServiceMapID != null && userID != null) {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
+ if (providerServiceMapID != null && userId != null ) {
String s = commonDoctorServiceImpl.getTCSpecialistWorkListNewForTM(providerServiceMapID, userID,
serviceID);
if (s != null)
response.setResponse(s);
+ } else if(userId == null || jwtToken == null) {
+ response.setError(403, "Unauthorized access!");
} else {
- logger.error("Invalid request, either ProviderServiceMapID or userID is invalid. PSMID = "
- + providerServiceMapID + " SID = " + userID);
- response.setError(5000, "Invalid request, either ProviderServiceMapID or userID is invalid");
+ logger.error("Invalid request");
+ response.setError(5000, "Invalid request");
}
} catch (Exception e) {
@@ -702,21 +739,25 @@ public String getTCSpecialistWorkListNew(@PathVariable("providerServiceMapID") I
// TC specialist worklist new, patient App, 14-08-2020
@Operation(summary = "Get teleconsultation specialist worklist for patient app")
@GetMapping(value = {
- "/getTCSpecialistWorklistPatientApp/{providerServiceMapID}/{serviceID}/{userID}/{vanID}" })
+ "/getTCSpecialistWorklistPatientApp/{providerServiceMapID}/{serviceID}/{vanID}" })
public String getTCSpecialistWorkListNewPatientApp(
- @PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("userID") Integer userID,
- @PathVariable("serviceID") Integer serviceID, @PathVariable("vanID") Integer vanID) {
+ @PathVariable("providerServiceMapID") Integer providerServiceMapID,
+ @PathVariable("serviceID") Integer serviceID, @PathVariable("vanID") Integer vanID, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
if (providerServiceMapID != null && userID != null) {
String s = commonDoctorServiceImpl.getTCSpecialistWorkListNewForTMPatientApp(providerServiceMapID,
userID, serviceID, vanID);
if (s != null)
response.setResponse(s);
+ } else if(userId == null || jwtToken == null) {
+ response.setError(403, "Unauthorized access!");
} else {
- logger.error("Invalid request, either ProviderServiceMapID or userID is invalid. PSMID = "
- + providerServiceMapID + " SID = " + userID);
- response.setError(5000, "Invalid request, either ProviderServiceMapID or userID is invalid");
+ logger.error("Invalid request");
+ response.setError(5000, "Invalid request");
}
} catch (Exception e) {
@@ -729,21 +770,26 @@ public String getTCSpecialistWorkListNewPatientApp(
// TC specialist worklist new future scheduled
@Operation(summary = "Get teleconsultation specialist future scheduled")
@GetMapping(value = {
- "/getTCSpecialistWorklistFutureScheduled/{providerServiceMapID}/{serviceID}/{userID}" })
+ "/getTCSpecialistWorklistFutureScheduled/{providerServiceMapID}/{serviceID}" })
public String getTCSpecialistWorklistFutureScheduled(
- @PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("userID") Integer userID,
- @PathVariable("serviceID") Integer serviceID) {
+ @PathVariable("providerServiceMapID") Integer providerServiceMapID,
+ @PathVariable("serviceID") Integer serviceID, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
- if (providerServiceMapID != null && userID != null) {
+
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
+ if (providerServiceMapID != null && userID != null ) {
String s = commonDoctorServiceImpl.getTCSpecialistWorkListNewFutureScheduledForTM(providerServiceMapID,
userID, serviceID);
if (s != null)
response.setResponse(s);
+ } else if(userId == null || jwtToken == null) {
+ response.setError(403, "Unauthorized access!");
} else {
- logger.error("Invalid request, either ProviderServiceMapID or userID is invalid. PSMID = "
- + providerServiceMapID + " UserID = " + userID);
- response.setError(5000, "Invalid request, either ProviderServiceMapID or userID is invalid");
+ logger.error("Invalid request");
+ response.setError(5000, "Invalid request");
}
} catch (Exception e) {
@@ -756,6 +802,7 @@ public String getTCSpecialistWorklistFutureScheduled(
// openkm file download
@Operation(summary = "Add file as string to openKM")
@PostMapping(value = "/getKMFile", produces = MediaType.APPLICATION_JSON, consumes = MediaType.APPLICATION_JSON, headers = "Authorization")
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getKMFile(@Param(value = "{}") @RequestBody String request,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -774,6 +821,7 @@ public String getKMFile(@Param(value = "{}") @RequestBody String request,
@Operation(summary = "Get beneficiary physical history")
@PostMapping(value = { "/getBenPhysicalHistory" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenPhysicalHistory(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -799,6 +847,7 @@ public String getBenPhysicalHistory(
@Operation(summary = "Get beneficiary symptomatic questionnaire answer details")
@PostMapping(value = { "/getBenSymptomaticQuestionnaireDetails" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenSymptomaticQuestionnaireDetails(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -824,6 +873,7 @@ public String getBenSymptomaticQuestionnaireDetails(
@Operation(summary = "Get beneficiary previous diabetes history")
@PostMapping(value = { "/getBenPreviousDiabetesHistoryDetails" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenPreviousDiabetesHistoryDetails(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -850,6 +900,7 @@ public String getBenPreviousDiabetesHistoryDetails(
// nurse worklist coming from MMU application
@Operation(summary = "Get mmu nurse worklist")
@GetMapping(value = { "/getMmuNurseWorklistNew/{providerServiceMapID}/{serviceID}/{vanID}" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getMmuNurseWorklistNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID,
@PathVariable("vanID") Integer vanID) {
OutputResponse response = new OutputResponse();
@@ -868,6 +919,7 @@ public String getMmuNurseWorklistNew(@PathVariable("providerServiceMapID") Integ
@Operation(summary = "Get beneficiary previous referral history")
@PostMapping(value = { "/getBenPreviousReferralHistoryDetails" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenPreviousReferralHistoryDetails(
@Param(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -897,6 +949,7 @@ public String getBenPreviousReferralHistoryDetails(
*/
@Operation(summary = "Get provider specific data")
@PostMapping(value = { "/getProviderSpecificData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getProviderSpecificData(
@Param(value = "{\"benvisitID\":\"Long\",\"benvisitCode\":\"Long\",\"fetchMMUDataFor\":\"String\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -918,6 +971,7 @@ public String getProviderSpecificData(
*/
@Operation(summary = "Calculate beneficiary BMI status")
@PostMapping(value = { "/calculateBMIStatus" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String calculateBMIStatus(
@Param(value = "{\"bmi\":\"double\",\"yearMonth\":\"String\",\"gender\":\"String\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -935,6 +989,7 @@ public String calculateBMIStatus(
@Operation(summary = "Update beneficiary status flag")
@PostMapping(value = { "/update/benDetailsAndSubmitToNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String saveBeneficiaryVisitDetail(
@Param(value = "{\"beneficiaryRegID\": \"Long\"}") @RequestBody String comingRequest) {
@@ -969,6 +1024,7 @@ public String saveBeneficiaryVisitDetail(
@Operation(summary = "Extend redis session for 30 mins")
@PostMapping(value = { "/extend/redisSession" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('PHARMACIST') || hasRole('LABTECHNICIAN') || hasRole('REGISTRAR') || hasRole('DATASYNC') || hasRole('DATA_SYNC') || hasRole('DOCTOR') || hasRole('LAB_TECHNICIAN') || hasRole('TC_SPECIALIST') || hasRole('ONCOLOGIST') || hasRole('RADIOLOGIST')")
public String extendRedisSession() {
OutputResponse response = new OutputResponse();
try {
@@ -982,6 +1038,7 @@ public String extendRedisSession() {
@Operation(summary = "Soft delete prescribed medicine")
@PostMapping(value = { "/doctor/delete/prescribedMedicine" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String deletePrescribedMedicine(@RequestBody String requestOBJ) {
OutputResponse response = new OutputResponse();
try {
diff --git a/src/main/java/com/iemr/tm/controller/common/master/CommonMasterController.java b/src/main/java/com/iemr/tm/controller/common/master/CommonMasterController.java
index 009ed41b..61015517 100644
--- a/src/main/java/com/iemr/tm/controller/common/master/CommonMasterController.java
+++ b/src/main/java/com/iemr/tm/controller/common/master/CommonMasterController.java
@@ -26,6 +26,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
@@ -41,6 +42,7 @@
@RestController
@RequestMapping(value = "/master", headers = "Authorization", consumes = "application/json", produces = "application/json")
/** Objective: provides master data based on given visitCategory */
+@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public class CommonMasterController {
private Logger logger = LoggerFactory.getLogger(CommonMasterController.class);
diff --git a/src/main/java/com/iemr/tm/controller/covid19/CovidController.java b/src/main/java/com/iemr/tm/controller/covid19/CovidController.java
index 93d10011..e65558c6 100644
--- a/src/main/java/com/iemr/tm/controller/covid19/CovidController.java
+++ b/src/main/java/com/iemr/tm/controller/covid19/CovidController.java
@@ -28,6 +28,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -61,6 +62,7 @@ public class CovidController {
@Operation(summary = "Save COVID nurse data")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE') ")
public String saveBenNCDCareNurseData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) throws Exception {
OutputResponse response = new OutputResponse();
@@ -97,6 +99,7 @@ public String saveBenNCDCareNurseData(@RequestBody String requestObj,
*/
@Operation(summary = "Save COVID doctor data")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String saveBenCovidDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -129,6 +132,7 @@ public String saveBenCovidDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get COVID beneficiary visit details")
@PostMapping(value = { "/getBenVisitDetailsFrmNurseCovid" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVisitDetailsFrmNurseCovid19(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -160,6 +164,7 @@ public String getBenVisitDetailsFrmNurseCovid19(
*/
@Operation(summary = "Get COVID beneficiary history")
@PostMapping(value = { "/getBenCovid19HistoryDetails" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCovid19HistoryDetails(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -190,6 +195,7 @@ public String getBenCovid19HistoryDetails(
*/
@Operation(summary = "Get COVID beneficiary vitals")
@PostMapping(value = { "/getBenVitalDetailsFrmNurseCovid" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVitalDetailsFrmNurseNCDCare(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -222,6 +228,7 @@ public String getBenVitalDetailsFrmNurseNCDCare(
@Operation(summary = "Get COVID beneficiary case-record and referral details")
@PostMapping(value = { "/getBenCaseRecordFromDoctorCovid" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCaseRecordFromDoctorCovid19(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -248,6 +255,7 @@ public String getBenCaseRecordFromDoctorCovid19(
@Operation(summary = "Update COVID beneficiary history")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -285,6 +293,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update COVID beneficiary vitals")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -319,6 +328,7 @@ public String updateVitalNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update COVID beneficiary case-record and referral details")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String updateCovid19DoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
diff --git a/src/main/java/com/iemr/tm/controller/dataSyncActivity/StartSyncActivity.java b/src/main/java/com/iemr/tm/controller/dataSyncActivity/StartSyncActivity.java
index 7d23c218..44ccc183 100644
--- a/src/main/java/com/iemr/tm/controller/dataSyncActivity/StartSyncActivity.java
+++ b/src/main/java/com/iemr/tm/controller/dataSyncActivity/StartSyncActivity.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
@@ -38,6 +39,7 @@
import com.iemr.tm.service.dataSyncActivity.DownloadDataFromServerImpl;
import com.iemr.tm.service.dataSyncActivity.UploadDataToServerImpl;
import com.iemr.tm.utils.response.OutputResponse;
+
import io.swagger.v3.oas.annotations.Operation;
/***
@@ -45,6 +47,7 @@
*/
@RestController
@RequestMapping(value = "/dataSyncActivity", headers = "Authorization", consumes = "application/json", produces = "application/json")
+@PreAuthorize("hasRole('DATASYNC') || hasRole('DATA_SYNC') ")
public class StartSyncActivity {
private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
diff --git a/src/main/java/com/iemr/tm/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java b/src/main/java/com/iemr/tm/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java
index 3f32247a..0b58f698 100644
--- a/src/main/java/com/iemr/tm/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java
+++ b/src/main/java/com/iemr/tm/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java
@@ -24,6 +24,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -48,6 +49,7 @@
*/
@RestController
@RequestMapping(value = "/dataSync", headers = "Authorization", consumes = "application/json", produces = "application/json")
+@PreAuthorize("hasRole('DATASYNC') || hasRole('DATA_SYNC') ")
public class MMUDataSyncVanToServer {
private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
diff --git a/src/main/java/com/iemr/tm/controller/foetalmonitor/FoetalMonitorController.java b/src/main/java/com/iemr/tm/controller/foetalmonitor/FoetalMonitorController.java
index e902ed02..2235b87c 100644
--- a/src/main/java/com/iemr/tm/controller/foetalmonitor/FoetalMonitorController.java
+++ b/src/main/java/com/iemr/tm/controller/foetalmonitor/FoetalMonitorController.java
@@ -28,6 +28,7 @@
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
diff --git a/src/main/java/com/iemr/tm/controller/generalOPD/GeneralOPDController.java b/src/main/java/com/iemr/tm/controller/generalOPD/GeneralOPDController.java
index 154e3323..5ecc595c 100644
--- a/src/main/java/com/iemr/tm/controller/generalOPD/GeneralOPDController.java
+++ b/src/main/java/com/iemr/tm/controller/generalOPD/GeneralOPDController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -70,6 +71,7 @@ public class GeneralOPDController {
*/
@Operation(summary = "Save general OPD data collected by nurse")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE')")
public String saveBenGenOPDNurseData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) throws Exception {
OutputResponse response = new OutputResponse();
@@ -106,6 +108,7 @@ public String saveBenGenOPDNurseData(@RequestBody String requestObj,
*/
@Operation(summary = "Save general OPD data collected by doctor")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR')")
public String saveBenGenOPDDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -137,6 +140,7 @@ public String saveBenGenOPDDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get general OPD beneficiary visit details")
@PostMapping(value = { "/getBenVisitDetailsFrmNurseGOPD" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
@Transactional(rollbackFor = Exception.class)
public String getBenVisitDetailsFrmNurseGOPD(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -169,7 +173,7 @@ public String getBenVisitDetailsFrmNurseGOPD(
*/
@Operation(summary = "Get general OPD beneficiary history")
@PostMapping(value = { "/getBenHistoryDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenHistoryDetails(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -200,6 +204,7 @@ public String getBenHistoryDetails(
*/
@Operation(summary = "Get general OPD beneficiary vitals")
@PostMapping(value = { "/getBenVitalDetailsFrmNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVitalDetailsFrmNurse(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -231,7 +236,7 @@ public String getBenVitalDetailsFrmNurse(
*/
@Operation(summary = "Get general OPD beneficiary examination details")
@PostMapping(value = { "/getBenExaminationDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenExaminationDetails(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -263,6 +268,7 @@ public String getBenExaminationDetails(
@Operation(summary = "Get general OPD beneficiary case record and referral")
@PostMapping(value = { "/getBenCaseRecordFromDoctorGeneralOPD" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCaseRecordFromDoctorGeneralOPD(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -289,6 +295,7 @@ public String getBenCaseRecordFromDoctorGeneralOPD(
@Operation(summary = "Update beneficiary's general OPD visit details")
@PostMapping(value = { "/update/visitDetailsScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateVisitNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -323,6 +330,7 @@ public String updateVisitNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update beneficiary history")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -357,6 +365,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update general OPD beneficiary vitals")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -391,6 +400,7 @@ public String updateVitalNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update general OPD beneficiary examination data")
@PostMapping(value = { "/update/examinationScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -424,6 +434,7 @@ public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update general OPD beneficiary case record and referral")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String updateGeneralOPDDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
diff --git a/src/main/java/com/iemr/tm/controller/labtechnician/LabtechnicianController.java b/src/main/java/com/iemr/tm/controller/labtechnician/LabtechnicianController.java
index f3e8fd9a..d1fa06e9 100644
--- a/src/main/java/com/iemr/tm/controller/labtechnician/LabtechnicianController.java
+++ b/src/main/java/com/iemr/tm/controller/labtechnician/LabtechnicianController.java
@@ -24,6 +24,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -46,6 +47,7 @@
@RestController
@RequestMapping(value = "/labTechnician", headers = "Authorization", consumes = "application/json", produces = "application/json")
+@PreAuthorize("hasRole('LAB_TECHNICIAN') || hasRole('LABTECHNICIAN') ")
public class LabtechnicianController {
private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
diff --git a/src/main/java/com/iemr/tm/controller/location/LocationController.java b/src/main/java/com/iemr/tm/controller/location/LocationController.java
index 737ab8a4..f60ffd4e 100644
--- a/src/main/java/com/iemr/tm/controller/location/LocationController.java
+++ b/src/main/java/com/iemr/tm/controller/location/LocationController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
@@ -41,6 +42,7 @@
@RestController
@RequestMapping(value = "/location", headers = "Authorization", produces = { "application/json" })
+@PreAuthorize("hasRole('NURSE') || hasRole('PHARMACIST') || hasRole('LABTECHNICIAN') || hasRole('REGISTRAR') || hasRole('DATASYNC') || hasRole('DATA_SYNC') || hasRole('DOCTOR') || hasRole('LAB_TECHNICIAN') || hasRole('TC_SPECIALIST') || hasRole('TCSPECIALIST') || hasRole('ONCOLOGIST') || hasRole('RADIOLOGIST')")
public class LocationController {
private OutputResponse response;
private Logger logger = LoggerFactory.getLogger(CommonMasterController.class);
diff --git a/src/main/java/com/iemr/tm/controller/login/IemrMmuLoginController.java b/src/main/java/com/iemr/tm/controller/login/IemrMmuLoginController.java
index 6d2c06f7..0f11a27a 100644
--- a/src/main/java/com/iemr/tm/controller/login/IemrMmuLoginController.java
+++ b/src/main/java/com/iemr/tm/controller/login/IemrMmuLoginController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
@@ -35,13 +36,17 @@
import com.iemr.tm.controller.registrar.main.RegistrarController;
import com.iemr.tm.service.login.IemrMmuLoginServiceImpl;
+import com.iemr.tm.utils.CookieUtil;
+import com.iemr.tm.utils.JwtUtil;
import com.iemr.tm.utils.mapper.InputMapper;
import com.iemr.tm.utils.response.OutputResponse;
import io.swagger.v3.oas.annotations.Operation;
+import jakarta.servlet.http.HttpServletRequest;
@RestController
@RequestMapping(value = "/user", headers = "Authorization", consumes = "application/json", produces = "application/json")
+@PreAuthorize("hasRole('NURSE') || hasRole('PHARMACIST') || hasRole('LABTECHNICIAN') || hasRole('REGISTRAR') || hasRole('DATASYNC') || hasRole('DATA_SYNC') || hasRole('DOCTOR') || hasRole('LAB_TECHNICIAN') || hasRole('TC_SPECIALIST') || hasRole('ONCOLOGIST') || hasRole('RADIOLOGIST')")
public class IemrMmuLoginController {
private Logger logger = LoggerFactory.getLogger(RegistrarController.class);
@@ -49,6 +54,10 @@ public class IemrMmuLoginController {
private IemrMmuLoginServiceImpl iemrMmuLoginServiceImpl;
+
+ @Autowired
+ private JwtUtil jwtUtil;
+
@Autowired
public void setIemrMmuLoginServiceImpl(IemrMmuLoginServiceImpl iemrMmuLoginServiceImpl) {
this.iemrMmuLoginServiceImpl = iemrMmuLoginServiceImpl;
@@ -57,13 +66,21 @@ public void setIemrMmuLoginServiceImpl(IemrMmuLoginServiceImpl iemrMmuLoginServi
@Operation(summary = "Get user service point van details")
@PostMapping(value = "/getUserServicePointVanDetails", produces = {
"application/json" })
- public String getUserServicePointVanDetails(@RequestBody String comingRequest) {
+ public String getUserServicePointVanDetails(@RequestBody String comingRequest, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
+
JSONObject obj = new JSONObject(comingRequest);
logger.info("getUserServicePointVanDetails request " + comingRequest);
- String responseData = iemrMmuLoginServiceImpl.getUserServicePointVanDetails(obj.getInt("userID"));
+ if (userId == null || jwtToken ==null) {
+ response.setError(403, "Unauthorized access: Missing or invalid token");
+ return response.toString();
+ }
+ String responseData = iemrMmuLoginServiceImpl.getUserServicePointVanDetails(userID);
response.setResponse(responseData);
} catch (Exception e) {
// e.printStackTrace();
@@ -97,17 +114,23 @@ public String getServicepointVillages(@RequestBody String comingRequest) {
@Operation(summary = "Get user service point van details")
@PostMapping(value = "/getUserVanSpDetails", produces = { "application/json" })
- public String getUserVanSpDetails(@RequestBody String comingRequest) {
+ public String getUserVanSpDetails(@RequestBody String comingRequest, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
JSONObject obj = new JSONObject(comingRequest);
logger.info("getServicepointVillages request " + comingRequest);
- if (obj.has("userID") && obj.has("providerServiceMapID")) {
- String responseData = iemrMmuLoginServiceImpl.getUserVanSpDetails(obj.getInt("userID"),
- obj.getInt("providerServiceMapID"));
- response.setResponse(responseData);
- } else {
+
+ if (userId !=null && obj.has("providerServiceMapID")) {
+ String responseData = iemrMmuLoginServiceImpl.getUserVanSpDetails(userID,
+ obj.getInt("providerServiceMapID"));
+ response.setResponse(responseData);
+ } else if(userId == null || jwtToken ==null) {
+ response.setError(403, "Unauthorized access : Missing or invalid token");
+ } else {
response.setError(5000, "Invalid request");
}
} catch (Exception e) {
diff --git a/src/main/java/com/iemr/tm/controller/ncdCare/NCDCareController.java b/src/main/java/com/iemr/tm/controller/ncdCare/NCDCareController.java
index b3c050bb..59d6a440 100644
--- a/src/main/java/com/iemr/tm/controller/ncdCare/NCDCareController.java
+++ b/src/main/java/com/iemr/tm/controller/ncdCare/NCDCareController.java
@@ -28,6 +28,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -69,6 +70,7 @@ public void setNcdCareServiceImpl(NCDCareServiceImpl ncdCareServiceImpl) {
*/
@Operation(summary = "Save NCD care data collected by nurse")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE') ")
public String saveBenNCDCareNurseData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) throws Exception {
OutputResponse response = new OutputResponse();
@@ -105,6 +107,7 @@ public String saveBenNCDCareNurseData(@RequestBody String requestObj,
*/
@Operation(summary = "Save NCD care beneficiary case record and referral")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String saveBenNCDCareDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -137,6 +140,7 @@ public String saveBenNCDCareDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get NCD care beneficiary visit details")
@PostMapping(value = { "/getBenVisitDetailsFrmNurseNCDCare" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVisitDetailsFrmNurseNCDCare(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -168,7 +172,7 @@ public String getBenVisitDetailsFrmNurseNCDCare(
*/
@Operation(summary = "Get NCD care beneficiary history")
@PostMapping(value = { "/getBenNCDCareHistoryDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenNCDCareHistoryDetails(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -199,6 +203,7 @@ public String getBenNCDCareHistoryDetails(
*/
@Operation(summary = "Get NCD care beneficiary vitals")
@PostMapping(value = { "/getBenVitalDetailsFrmNurseNCDCare" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVitalDetailsFrmNurseNCDCare(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -231,6 +236,7 @@ public String getBenVitalDetailsFrmNurseNCDCare(
@Operation(summary = "Get NCD care beneficiary case record and referral")
@PostMapping(value = { "/getBenCaseRecordFromDoctorNCDCare" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCaseRecordFromDoctorNCDCare(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -257,6 +263,7 @@ public String getBenCaseRecordFromDoctorNCDCare(
@Operation(summary = "Update NCD care beneficiary history")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -294,6 +301,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update NCD care beneficiary vitals")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -328,6 +336,7 @@ public String updateVitalNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update NCD care beneficiary case record and referral")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String updateNCDCareDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
diff --git a/src/main/java/com/iemr/tm/controller/ncdscreening/NCDScreeningController.java b/src/main/java/com/iemr/tm/controller/ncdscreening/NCDScreeningController.java
index 4233327c..46d2a5d3 100644
--- a/src/main/java/com/iemr/tm/controller/ncdscreening/NCDScreeningController.java
+++ b/src/main/java/com/iemr/tm/controller/ncdscreening/NCDScreeningController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.GetMapping;
@@ -75,6 +76,7 @@ public void setNcdScreeningServiceImpl(NCDScreeningServiceImpl ncdScreeningServi
@Operation(summary = "Save NCD screening beneficiary data collected by nurse")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE')")
public String saveBeneficiaryNCDScreeningDetails(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) throws Exception {
@@ -106,6 +108,7 @@ public String saveBeneficiaryNCDScreeningDetails(@RequestBody String requestObj,
@Operation(summary = "Save NCD screening beneficiary data collected by doctor")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String saveBenNCDScreeningDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -137,6 +140,7 @@ public String saveBenNCDScreeningDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get NCD screening beneficiary visit details")
@PostMapping(value = { "/get/nurseData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getNCDScreenigDetails(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -162,6 +166,7 @@ public String getNCDScreenigDetails(
@Operation(summary = "Get NCD screening visit count for beneficiary register id")
@GetMapping(value = { "/getNcdScreeningVisitCount/{beneficiaryRegID}" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getNcdScreeningVisitCount(@PathVariable("beneficiaryRegID") Long beneficiaryRegID) {
OutputResponse response = new OutputResponse();
try {
@@ -190,6 +195,7 @@ public String getNcdScreeningVisitCount(@PathVariable("beneficiaryRegID") Long b
@Operation(summary = "Get NCD screening beneficiary case record and referral")
@PostMapping(value = { "/getBenCaseRecordFromDoctorNCDScreening" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCaseRecordFromDoctorNCDCare(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -217,6 +223,7 @@ public String getBenCaseRecordFromDoctorNCDCare(
@Operation(summary = "Get NCD screening beneficiary visit details")
@PostMapping(value = { "/getBenVisitDetailsFrmNurseNCDScreening" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVisitDetailsFrmNurseGOPD(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -243,7 +250,7 @@ public String getBenVisitDetailsFrmNurseGOPD(
@Operation(summary = "Get NCD screening beneficiary general OPD history")
@PostMapping(value = { "/getBenHistoryDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenHistoryDetails(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -269,6 +276,7 @@ public String getBenHistoryDetails(
@Operation(summary = "Get NCD screening beneficiary vitals from general OPD nurse")
@PostMapping(value = { "/getBenVitalDetailsFrmNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVitalDetailsFrmNurse(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -295,6 +303,7 @@ public String getBenVitalDetailsFrmNurse(
@Operation(summary = "Get NCD screening IDRS details from general OPD nurse")
@PostMapping(value = { "/getBenIdrsDetailsFrmNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenIdrsDetailsFrmNurse(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -322,6 +331,7 @@ public String getBenIdrsDetailsFrmNurse(
@Operation(summary = "Get NCD screening beneficiary case record and referral")
@PostMapping(value = { "/update/nurseData" })
+ @PreAuthorize("hasRole('NURSE') ")
public String updateBeneficiaryNCDScreeningDetails(@RequestBody String requestObj) {
logger.info("Update NCDScreening Details request:" + requestObj);
@@ -356,6 +366,7 @@ public String updateBeneficiaryNCDScreeningDetails(@RequestBody String requestOb
*/
@Operation(summary = "Update NCD screening beneficiary history")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -384,6 +395,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) {
@Operation(summary = "Update NCD screening beneficiary vitals")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -412,6 +424,7 @@ public String updateVitalNurse(@RequestBody String requestObj) {
@Operation(summary = "Update NCD screening beneficiary history")
@PostMapping(value = { "/update/idrsScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateIDRSScreen(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -440,6 +453,7 @@ public String updateIDRSScreen(@RequestBody String requestObj) {
@Operation(summary = "Update NCD screening beneficiary case record and referral")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String updateDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
diff --git a/src/main/java/com/iemr/tm/controller/nurse/vitals/AnthropometryVitalsController.java b/src/main/java/com/iemr/tm/controller/nurse/vitals/AnthropometryVitalsController.java
index 7c47f4bf..4112c355 100644
--- a/src/main/java/com/iemr/tm/controller/nurse/vitals/AnthropometryVitalsController.java
+++ b/src/main/java/com/iemr/tm/controller/nurse/vitals/AnthropometryVitalsController.java
@@ -5,6 +5,7 @@
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.repository.query.Param;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -18,6 +19,7 @@
@RestController
@RequestMapping(value = "/anthropometryVitals", headers = "Authorization", consumes = "application/json", produces = "application/json")
+@PreAuthorize("hasRole('NURSE') ")
public class AnthropometryVitalsController {
private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
diff --git a/src/main/java/com/iemr/tm/controller/patientApp/master/PatientAppCommonMasterController.java b/src/main/java/com/iemr/tm/controller/patientApp/master/PatientAppCommonMasterController.java
index fad5b48a..bce92e5a 100644
--- a/src/main/java/com/iemr/tm/controller/patientApp/master/PatientAppCommonMasterController.java
+++ b/src/main/java/com/iemr/tm/controller/patientApp/master/PatientAppCommonMasterController.java
@@ -26,6 +26,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
@@ -61,6 +62,7 @@ public void setCommonPatientAppMasterService(CommonPatientAppMasterService commo
*/
@Operation(summary = "Chief complaints master data API for patient app")
@PostMapping(value = "/patientApp/chiefComplaintsMaster/{visitCategoryID}/{providerServiceMapID}/{gender}")
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String patientAppChiefComplaintsMasterData(@PathVariable("visitCategoryID") Integer visitCategoryID,
@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("gender") String gender) {
logger.info("Nurse master Data for categoryID:" + visitCategoryID + " and providerServiceMapID:"
@@ -75,6 +77,7 @@ public String patientAppChiefComplaintsMasterData(@PathVariable("visitCategoryID
@Operation(summary = "COVID master data API for patient app")
@PostMapping(value = "/patientApp/covidMaster/{visitCategoryID}/{providerServiceMapID}/{gender}")
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String patientAppCovidMasterData(@PathVariable("visitCategoryID") Integer visitCategoryID,
@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("gender") String gender) {
logger.info("Nurse master Data for categoryID:" + visitCategoryID + " and providerServiceMapID:"
@@ -89,6 +92,7 @@ public String patientAppCovidMasterData(@PathVariable("visitCategoryID") Integer
@Operation(summary = "Save COVID data in patient app")
@PostMapping(value = { "/save/covidScreeningDataPatientApp" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String saveBenCovidDoctorDataPatientApp(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -108,6 +112,7 @@ public String saveBenCovidDoctorDataPatientApp(@RequestBody String requestObj,
@Operation(summary = "Save chief-complaints data in patient app")
@PostMapping(value = { "/save/chiefComplaintsDataPatientApp" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String saveBenChiefComplaintsDataPatientApp(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -127,6 +132,7 @@ public String saveBenChiefComplaintsDataPatientApp(@RequestBody String requestOb
@Operation(summary = "Save tele-consultation slot in data patient app")
@PostMapping(value = { "/save/tcSlotDetailsDataPatientApp" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('TCSPECIALIST') || hasRole('TC_SPECIALIST') ")
public String saveTCSlotDataPatientApp(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -148,6 +154,7 @@ public String saveTCSlotDataPatientApp(@RequestBody String requestObj,
@Operation(summary = "Get patient episode data for specialist in patient app")
@PostMapping(value = { "/get/getPatientEpisodeData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('TCSPECIALIST') || hasRole('TC_SPECIALIST') ")
public String getPatientEpisodeDataMobileApp(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -169,6 +176,7 @@ public String getPatientEpisodeDataMobileApp(@RequestBody String requestObj,
@Operation(summary = "Get patient booked slot data in patient app")
@PostMapping(value = { "/get/getPatientBookedSlotDetails" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('TCSPECIALIST') || hasRole('TC_SPECIALIST') ")
public String getPatientBookedSlotDetails(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -190,6 +198,7 @@ public String getPatientBookedSlotDetails(@RequestBody String requestObj,
@Operation(summary = "Save specialist diagnosis data in patient app")
@PostMapping(value = { "/save/saveSpecialistDiagnosisData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('TCSPECIALIST') || hasRole('TC_SPECIALIST') ")
public String saveSpecialistDiagnosisData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -211,6 +220,7 @@ public String saveSpecialistDiagnosisData(@RequestBody String requestObj,
@Operation(summary = "Get specialist diagnosis data in patient app")
@PostMapping(value = { "/save/getSpecialistDiagnosisData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('TCSPECIALIST') || hasRole('TC_SPECIALIST') ")
public String getSpecialistDiagnosisData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -232,6 +242,7 @@ public String getSpecialistDiagnosisData(@RequestBody String requestObj,
@Operation(summary = "Get last 3 episode data of the patient in patient app")
@PostMapping(value = { "/get/getPatientsEpisodes" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('TCSPECIALIST') || hasRole('TC_SPECIALIST') ")
public String getPatientsLast_3_Episode(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
diff --git a/src/main/java/com/iemr/tm/controller/pnc/PostnatalCareController.java b/src/main/java/com/iemr/tm/controller/pnc/PostnatalCareController.java
index dd93ef2a..709a2eab 100644
--- a/src/main/java/com/iemr/tm/controller/pnc/PostnatalCareController.java
+++ b/src/main/java/com/iemr/tm/controller/pnc/PostnatalCareController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -66,6 +67,7 @@ public void setPncServiceImpl(PNCServiceImpl pncServiceImpl) {
*/
@Operation(summary = "Save PNC nurse data")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE')")
public String saveBenPNCNurseData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) throws Exception {
OutputResponse response = new OutputResponse();
@@ -103,6 +105,7 @@ public String saveBenPNCNurseData(@RequestBody String requestObj,
*/
@Operation(summary = "Save PNC doctor data")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String saveBenPNCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -135,6 +138,7 @@ public String saveBenPNCDoctorData(@RequestBody String requestObj,
@Operation(summary = "Get PNC beneficiary visit details from nurse")
@PostMapping(value = { "/getBenVisitDetailsFrmNursePNC" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
@Transactional(rollbackFor = Exception.class)
public String getBenVisitDetailsFrmNursePNC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
@@ -168,6 +172,7 @@ public String getBenVisitDetailsFrmNursePNC(
@Operation(summary = "Get PNC beneficiary details from nurse")
@PostMapping(value = { "/getBenPNCDetailsFrmNursePNC" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenPNCDetailsFrmNursePNC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -199,7 +204,7 @@ public String getBenPNCDetailsFrmNursePNC(
*/
@Operation(summary = "Get PNC beneficiary history nurse")
@PostMapping(value = { "/getBenHistoryDetails" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenHistoryDetails(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -230,6 +235,7 @@ public String getBenHistoryDetails(
*/
@Operation(summary = "Get PNC beneficiary vital details from nurse")
@PostMapping(value = { "/getBenVitalDetailsFrmNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVitalDetailsFrmNurse(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -261,7 +267,7 @@ public String getBenVitalDetailsFrmNurse(
*/
@Operation(summary = "Get PNC beneficiary examination details from nurse")
@PostMapping(value = { "/getBenExaminationDetailsPNC" })
-
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenExaminationDetailsPNC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -293,6 +299,7 @@ public String getBenExaminationDetailsPNC(
@Operation(summary = "Get PNC beneficiary case record")
@PostMapping(value = { "/getBenCaseRecordFromDoctorPNC" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCaseRecordFromDoctorPNC(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -319,6 +326,7 @@ public String getBenCaseRecordFromDoctorPNC(
@Operation(summary = "Update PNC doctor data")
@PostMapping(value = { "/update/PNCScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updatePNCCareNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -354,6 +362,7 @@ public String updatePNCCareNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update PNC beneficiary history")
@PostMapping(value = { "/update/historyScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateHistoryNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -389,6 +398,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update PNC beneficiary vitals")
@PostMapping(value = { "/update/vitalScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateVitalNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -424,6 +434,7 @@ public String updateVitalNurse(@RequestBody String requestObj) {
*/
@Operation(summary = "Update PNC examination data")
@PostMapping(value = { "/update/examinationScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -452,6 +463,7 @@ public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) {
@Operation(summary = "Update PNC doctor data")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String updatePNCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
diff --git a/src/main/java/com/iemr/tm/controller/quickconsult/QuickConsultController.java b/src/main/java/com/iemr/tm/controller/quickconsult/QuickConsultController.java
index baf4fb4b..dfecab11 100644
--- a/src/main/java/com/iemr/tm/controller/quickconsult/QuickConsultController.java
+++ b/src/main/java/com/iemr/tm/controller/quickconsult/QuickConsultController.java
@@ -25,6 +25,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PostMapping;
@@ -75,6 +76,7 @@ public void setQuickConsultationServiceImpl(QuickConsultationServiceImpl quickCo
*/
@Operation(summary = "Save quick consult nurse data")
@PostMapping(value = { "/save/nurseData" })
+ @PreAuthorize("hasRole('NURSE') ")
public String saveBenQuickConsultDataNurse(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) throws Exception {
OutputResponse response = new OutputResponse();
@@ -111,6 +113,7 @@ public String saveBenQuickConsultDataNurse(@RequestBody String requestObj,
*/
@Operation(summary = "Save quick consult doctor data")
@PostMapping(value = { "/save/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String saveQuickConsultationDetail(
@Param(value = "{\"quickConsultation\":{\"beneficiaryRegID\":\"Long\",\"providerServiceMapID\": \"Integer\", \"benVisitID\":\"Long\", \"benChiefComplaint\":[{\"chiefComplaintID\":\"Integer\", "
+ "\"chiefComplaint\":\"String\", \"duration\":\"Integer\", \"unitOfDuration\":\"String\"}], \"description\":\"String\""
@@ -149,6 +152,7 @@ public String saveQuickConsultationDetail(
@Operation(summary = "Get quick consult beneficiary visit details")
@PostMapping(value = { "/getBenDataFrmNurseToDocVisitDetailsScreen" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -179,6 +183,7 @@ public String getBenDataFrmNurseScrnToDocScrnVisitDetails(
*/
@Operation(summary = "Get quick consult beneficiary vital details")
@PostMapping(value = { "/getBenVitalDetailsFrmNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenVitalDetailsFrmNurse(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -211,6 +216,7 @@ public String getBenVitalDetailsFrmNurse(
@Operation(summary = "Get quick consult beneficiary case record")
@PostMapping(value = { "/getBenCaseRecordFromDoctorQuickConsult" })
@Transactional(rollbackFor = Exception.class)
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public String getBenCaseRecordFromDoctorQuickConsult(
@Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -237,6 +243,7 @@ public String getBenCaseRecordFromDoctorQuickConsult(
@Operation(summary = "Update quick consult doctor data")
@PostMapping(value = { "/update/doctorData" })
+ @PreAuthorize("hasRole('DOCTOR') ")
public String updateGeneralOPDQCDoctorData(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
diff --git a/src/main/java/com/iemr/tm/controller/registrar/main/RegistrarController.java b/src/main/java/com/iemr/tm/controller/registrar/main/RegistrarController.java
index 7564bb51..2382edb9 100644
--- a/src/main/java/com/iemr/tm/controller/registrar/main/RegistrarController.java
+++ b/src/main/java/com/iemr/tm/controller/registrar/main/RegistrarController.java
@@ -29,6 +29,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -83,6 +84,7 @@ public void setNurseServiceImpl(NurseServiceImpl nurseServiceImpl) {
// Registrar Work List API .....
@Operation(summary = "Get registrar worklist data")
@PostMapping(value = { "/registrarWorkListData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
public String getRegistrarWorkList(@Param(value = "{\"spID\": \"Integer\"}") @RequestBody String comingRequest)
throws JSONException {
OutputResponse response = new OutputResponse();
@@ -102,6 +104,7 @@ public String getRegistrarWorkList(@Param(value = "{\"spID\": \"Integer\"}") @Re
// Registrar Quick search .....
@Operation(summary = "Search for the beneficiary based on beneficiary id")
@PostMapping(value = { "/quickSearch" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
public String quickSearchBeneficiary(
@Param(value = "{\"benID\": \"String\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -120,6 +123,7 @@ public String quickSearchBeneficiary(
// Registrar Advance search .....
@Operation(summary = "Search for the beneficiary based on provided data")
@PostMapping(value = { "/advanceSearch" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
public String advanceSearch(
@Param(value = "{\"firstName\": \"String\", \"lastName\": \"String\", \"phoneNo\": \"String\","
+ "\"beneficiaryID\": \"String\", \"stateID\": \"Integer\", \"districtID\": \"Integer\", \"aadharNo\": \"String\"},"
@@ -142,6 +146,7 @@ public String advanceSearch(
// API for left side ben data
@Operation(summary = "Get beneficiary details based on beneficiary register id")
@PostMapping(value = { "/get/benDetailsByRegID" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
public String getBenDetailsByRegID(
@Param(value = "{\"beneficiaryRegID\": \"Long\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
@@ -171,6 +176,7 @@ public String getBenDetailsByRegID(
@Operation(summary = "Get beneficiary details")
@PostMapping(value = { "/get/beneficiaryDetails" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST') || hasRole('REGISTRAR')")
public String getBeneficiaryDetails(
@Param(value = "{\"beneficiaryRegID\": \"Long\"}") @RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -205,6 +211,7 @@ public String getBeneficiaryDetails(
@Operation(summary = "Get beneficiary image")
@PostMapping(value = { "/get/beneficiaryImage" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST') || hasRole('REGISTRAR')")
public String getBeneficiaryImage(
@Param(value = "{\"beneficiaryRegID\": \"Long\"}") @RequestBody String requestObj) {
OutputResponse response = new OutputResponse();
@@ -231,6 +238,7 @@ public String getBeneficiaryImage(
// beneficiary quick search new integrated with common and identity
@Operation(summary = "Search beneficiary based on beneficiary id or beneficiary phone number")
@PostMapping(value = { "/quickSearchNew" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
public String quickSearchNew(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
String searchList = null;
@@ -254,6 +262,7 @@ public String quickSearchNew(@RequestBody String requestObj,
// beneficiary Advance search new integrated with common and identity
@Operation(summary = "Beneficiary advance search integrated with common and identity API")
@PostMapping(value = { "/advanceSearchNew" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
public String advanceSearchNew(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
String searchList = null;
@@ -277,6 +286,7 @@ public String advanceSearchNew(@RequestBody String requestObj,
// Get Beneficiary Details for left side panel of given beneficiaryRegID new
@Operation(summary = "Get beneficiary details for side panel")
@PostMapping(value = { "/get/benDetailsByRegIDForLeftPanelNew" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST')")
public String getBenDetailsForLeftSidePanelByRegID(
@Param(value = "{\"beneficiaryRegID\": \"Long\"}") @RequestBody String comingRequest,
@RequestHeader(value = "Authorization") String Authorization) {
@@ -308,6 +318,7 @@ public String getBenDetailsForLeftSidePanelByRegID(
// new api for ben image
@Operation(summary = "Get beneficiary image")
@PostMapping(value = { "/getBenImage" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST')")
public String getBenImage(@RequestBody String requestObj,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -324,6 +335,7 @@ public String getBenImage(@RequestBody String requestObj,
@Operation(summary = "Register a new beneficiary")
@PostMapping(value = { "/registrarBeneficaryRegistration" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR')")
public String createBeneficiary(
@Param(value = "{\"benD\":{\"firstName\": \"String\", \"lastName\": \"String\", \"gender\": \"Short\","
+ "\"dob\": \"Timestamp\", \"maritalStatus\": \"Short\", \"fatherName\": \"String\", \"motherName\": \"String\","
@@ -387,6 +399,7 @@ public String createBeneficiary(
// beneficiary registration with common and identity new
@Operation(summary = "Register a new beneficiary new API")
@PostMapping(value = { "/registrarBeneficaryRegistrationNew" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR')")
public String registrarBeneficaryRegistrationNew(@RequestBody String comingReq,
@RequestHeader(value = "Authorization") String Authorization) {
String s;
@@ -404,6 +417,7 @@ public String registrarBeneficaryRegistrationNew(@RequestBody String comingReq,
@Operation(summary = "Update registered beneficiary data")
@PostMapping(value = { "/update/BeneficiaryDetails" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR') || hasRole('DOCTOR')")
public String updateBeneficiary(
@Param(value = "{\"benD\": {\"beneficiaryRegID\": \"Long\", \"firstName\": \"String\", \"lastName\": \"String\", \"gender\": \"Short\","
+ "\"dob\": \"Timestamp\", \"maritalStatus\": \"Short\", \"fatherName\": \"String\", \"motherName\": \"String\","
@@ -467,6 +481,7 @@ public String updateBeneficiary(
// revisit to nurse by searching and submitting new
@Operation(summary = "Search and submit beneficiary to nurse for revisit")
@PostMapping(value = { "/create/BenReVisitToNurse" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR')")
public String createReVisitForBenToNurse(@RequestBody String requestOBJ) {
OutputResponse response = new OutputResponse();
try {
@@ -488,6 +503,7 @@ public String createReVisitForBenToNurse(@RequestBody String requestOBJ) {
@Operation(summary = "Update registered beneficiary details")
@PostMapping(value = { "/update/BeneficiaryUpdate" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
public String beneficiaryUpdate(@RequestBody String requestOBJ,
@RequestHeader(value = "Authorization") String Authorization) {
OutputResponse response = new OutputResponse();
@@ -511,6 +527,7 @@ public String beneficiaryUpdate(@RequestBody String requestOBJ,
@Operation(summary = "Get master data for registrar")
@PostMapping(value = { "/registrarMasterData" })
+ @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')")
public String masterDataForRegistration(
@Param(value = "{\"spID\": \"Integer\"}") @RequestBody String comingRequest) {
OutputResponse response = new OutputResponse();
diff --git a/src/main/java/com/iemr/tm/controller/report/CRMReportController.java b/src/main/java/com/iemr/tm/controller/report/CRMReportController.java
index bcb3aba6..a5b659fb 100644
--- a/src/main/java/com/iemr/tm/controller/report/CRMReportController.java
+++ b/src/main/java/com/iemr/tm/controller/report/CRMReportController.java
@@ -27,6 +27,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -45,6 +46,8 @@
@RequestMapping("/TMReport")
@RestController
+@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST') || hasRole('TC_SPECIALIST') || hasRole('TCSPECIALIST') || hasRole('ONCOLOGIST') || hasRole('RADIOLOGIST')")
+
public class CRMReportController {
private final Logger logger = LoggerFactory.getLogger(this.getClass().getName());
diff --git a/src/main/java/com/iemr/tm/controller/snomedct/SnomedController.java b/src/main/java/com/iemr/tm/controller/snomedct/SnomedController.java
index 945064d6..dab6f773 100644
--- a/src/main/java/com/iemr/tm/controller/snomedct/SnomedController.java
+++ b/src/main/java/com/iemr/tm/controller/snomedct/SnomedController.java
@@ -24,6 +24,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@@ -42,6 +43,7 @@
@RequestMapping(value = "/snomed", consumes = "application/json", produces = "application/json")
@RestController
+@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ")
public class SnomedController {
private Logger logger = LoggerFactory.getLogger(SnomedController.class);
diff --git a/src/main/java/com/iemr/tm/controller/teleconsultation/TeleConsultationController.java b/src/main/java/com/iemr/tm/controller/teleconsultation/TeleConsultationController.java
index 92e95b44..91a1114e 100644
--- a/src/main/java/com/iemr/tm/controller/teleconsultation/TeleConsultationController.java
+++ b/src/main/java/com/iemr/tm/controller/teleconsultation/TeleConsultationController.java
@@ -24,12 +24,16 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
+import jakarta.servlet.http.HttpServletRequest;
+import com.iemr.tm.utils.CookieUtil;
+import com.iemr.tm.utils.JwtUtil;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
@@ -41,12 +45,16 @@
@RestController
@RequestMapping(value = "/tc", headers = "Authorization", consumes = "application/json", produces = "application/json")
+@PreAuthorize("hasRole('TCSPECIALIST') || hasRole('TC_SPECIALIST') ")
public class TeleConsultationController {
private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
@Autowired
private TeleConsultationServiceImpl teleConsultationServiceImpl;
+ @Autowired
+ private JwtUtil jwtUtil;
+
@Operation(summary = "Update beneficiary arrival status based on request")
@PostMapping(value = { "/update/benArrivalStatus" })
public String benArrivalStatusUpdater(@RequestBody String requestOBJ) {
@@ -137,24 +145,30 @@ public String createTCRequestForBeneficiary(@RequestBody String requestOBJ, @Req
// TC request List
@Operation(summary = "Get teleconsultation request list for a specialist")
@PostMapping(value = { "/getTCRequestList" })
- public String getTCSpecialistWorkListNew(@RequestBody String requestOBJ) {
+ public String getTCSpecialistWorkListNew(@RequestBody String requestOBJ, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
try {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
+ Integer userID=Integer.parseInt(userId);
+
if (requestOBJ != null) {
JsonObject jsnOBJ = new JsonObject();
JsonParser jsnParser = new JsonParser();
JsonElement jsnElmnt = jsnParser.parse(requestOBJ);
jsnOBJ = jsnElmnt.getAsJsonObject();
-
+ if (userId != null) {
String s = teleConsultationServiceImpl.getTCRequestListBySpecialistIdAndDate(
- jsnOBJ.get("psmID").getAsInt(), jsnOBJ.get("userID").getAsInt(),
+ jsnOBJ.get("psmID").getAsInt(), userID,
jsnOBJ.get("date").getAsString());
if (s != null)
response.setResponse(s);
} else {
- logger.error("Invalid request, either ProviderServiceMapID or userID or reqDate is invalid");
+ response.setError(403, "Unauthorized access!");
+ } } else {
+ logger.error("Invalid request, either ProviderServiceMapID or reqDate is invalid");
response.setError(5000,
- "Invalid request, either ProviderServiceMapID or UserID or RequestDate is invalid");
+ "Invalid request, either ProviderServiceMapID or RequestDate is invalid");
}
} catch (Exception e) {
diff --git a/src/main/java/com/iemr/tm/controller/videoconsultationcontroller/VideoConsultationController.java b/src/main/java/com/iemr/tm/controller/videoconsultationcontroller/VideoConsultationController.java
index aca8405a..90243696 100644
--- a/src/main/java/com/iemr/tm/controller/videoconsultationcontroller/VideoConsultationController.java
+++ b/src/main/java/com/iemr/tm/controller/videoconsultationcontroller/VideoConsultationController.java
@@ -32,6 +32,9 @@
import com.iemr.tm.service.videoconsultation.VideoConsultationService;
import com.iemr.tm.utils.response.OutputResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import com.iemr.tm.utils.CookieUtil;
+import com.iemr.tm.utils.JwtUtil;
import io.swagger.v3.oas.annotations.Operation;
@@ -44,19 +47,26 @@ public class VideoConsultationController {
@Autowired
private VideoConsultationService videoConsultationService;
+ @Autowired
+ private JwtUtil jwtUtil;
+
@Operation(summary = "Login to video consultation service")
@GetMapping(value = "/login/{userID}", headers = "Authorization", produces = {
"application/json" })
- public String login(@PathVariable("userID") Long userID) {
+ public String login(@PathVariable("userID") Long userID, HttpServletRequest request) {
OutputResponse response = new OutputResponse();
-
try {
+ String jwtToken = CookieUtil.getJwtTokenFromCookie(request);
+ String userId = jwtUtil.getUserIdFromToken(jwtToken);
- String createdData = videoConsultationService.login(userID);
-
- response.setResponse(createdData.toString());
+ if(userID.toString().equals(userId)) {
+ String createdData = videoConsultationService.login(userID);
+ response.setResponse(createdData.toString());
+ } else {
+ response.setError(403, "Unauthorized access!");
+ }
} catch (Exception e) {
logger.error(e.getMessage());
response.setError(e);
diff --git a/src/main/java/com/iemr/tm/repo/login/UserLoginRepo.java b/src/main/java/com/iemr/tm/repo/login/UserLoginRepo.java
index 0898602d..f0b2f746 100644
--- a/src/main/java/com/iemr/tm/repo/login/UserLoginRepo.java
+++ b/src/main/java/com/iemr/tm/repo/login/UserLoginRepo.java
@@ -1,5 +1,7 @@
package com.iemr.tm.repo.login;
+import java.util.List;
+
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;
import org.springframework.data.repository.query.Param;
@@ -13,4 +15,7 @@ public interface UserLoginRepo extends CrudRepository {
@Query(" SELECT u FROM Users u WHERE u.userID = :userID AND u.Deleted = false ")
public Users getUserByUserID(@Param("userID") Long userID);
+ @Query(nativeQuery = true,value = "select rolename from m_role where roleid in (select roleid from m_userservicerolemapping where userid=:userID)")
+ List getRoleNamebyUserId(@Param("userID") Long userID);
+
}
diff --git a/src/main/java/com/iemr/tm/utils/JwtAuthenticationUtil.java b/src/main/java/com/iemr/tm/utils/JwtAuthenticationUtil.java
index cd32bea1..d266bf02 100644
--- a/src/main/java/com/iemr/tm/utils/JwtAuthenticationUtil.java
+++ b/src/main/java/com/iemr/tm/utils/JwtAuthenticationUtil.java
@@ -1,5 +1,6 @@
package com.iemr.tm.utils;
+import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
@@ -130,4 +131,18 @@ private Users fetchUserFromDB(String userId) {
return null;
}
+ public List getUserRoles(Long userId) throws IEMRException {
+ if (null == userId || userId <= 0) {
+ throw new IEMRException("Invalid User ID : " + userId);
+ }
+ try {
+ List role = userLoginRepo.getRoleNamebyUserId(userId);
+ if (null == role || role.isEmpty()) {
+ throw new IEMRException("No role found for userId : " + userId);
+ }
+ return role;
+ } catch (Exception e) {
+ throw new IEMRException("Failed to retrieverole for usedId : " + userId + " error : " + e.getMessage());
+ }
+ }
}
diff --git a/src/main/java/com/iemr/tm/utils/JwtUserIdValidationFilter.java b/src/main/java/com/iemr/tm/utils/JwtUserIdValidationFilter.java
index 5d6c05b3..79708478 100644
--- a/src/main/java/com/iemr/tm/utils/JwtUserIdValidationFilter.java
+++ b/src/main/java/com/iemr/tm/utils/JwtUserIdValidationFilter.java
@@ -37,28 +37,46 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
HttpServletResponse response = (HttpServletResponse) servletResponse;
String origin = request.getHeader("Origin");
+ String method = request.getMethod();
+ String uri = request.getRequestURI();
logger.debug("Incoming Origin: {}", origin);
logger.debug("Allowed Origins Configured: {}", allowedOrigins);
+ if ("OPTIONS".equalsIgnoreCase(method)) {
+ if (origin == null) {
+ logger.warn("BLOCKED - OPTIONS request without Origin header | Method: {} | URI: {}", method, uri);
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, "OPTIONS request requires Origin header");
+ return;
+ }
+ if (!isOriginAllowed(origin)) {
+ logger.warn("BLOCKED - Unauthorized Origin | Origin: {} | Method: {} | URI: {}", origin, method, uri);
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, "Origin not allowed");
+ return;
+ }
+ } else {
+ // For non-OPTIONS requests, validate origin if present
+ if (origin != null && !isOriginAllowed(origin)) {
+ logger.warn("BLOCKED - Unauthorized Origin | Origin: {} | Method: {} | URI: {}", origin, method, uri);
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, "Origin not allowed");
+ return;
+ }
+ }
+
+ String path = request.getRequestURI();
+ String contextPath = request.getContextPath();
if (origin != null && isOriginAllowed(origin)) {
- response.setHeader("Access-Control-Allow-Origin", origin);
- response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
- response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Accept, Jwttoken");
- response.setHeader("Vary", "Origin");
+ response.setHeader("Access-Control-Allow-Origin", origin); // Never use wildcard
+ response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS");
+ response.setHeader("Access-Control-Allow-Headers",
+ "Authorization, Content-Type, Accept, Jwttoken, serverAuthorization, ServerAuthorization, serverauthorization, Serverauthorization");
response.setHeader("Access-Control-Allow-Credentials", "true");
+ response.setHeader("Access-Control-Max-Age", "3600");
+ logger.info("Origin Validated | Origin: {} | Method: {} | URI: {}", origin, method, uri);
} else {
logger.warn("Origin [{}] is NOT allowed. CORS headers NOT added.", origin);
}
- if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
- logger.info("OPTIONS request - skipping JWT validation");
- response.setStatus(HttpServletResponse.SC_OK);
- return;
- }
-
- String path = request.getRequestURI();
- String contextPath = request.getContextPath();
logger.info("JwtUserIdValidationFilter invoked for path: " + path);
// Log cookies for debugging
@@ -142,7 +160,7 @@ private boolean isOriginAllowed(String origin) {
String regex = pattern
.replace(".", "\\.")
.replace("*", ".*")
- .replace("http://localhost:.*", "http://localhost:\\d+"); // special case for wildcard port
+ .replace("http://localhost:.*", "http://localhost:\\d+");
boolean matched = origin.matches(regex);
return matched;
diff --git a/src/main/java/com/iemr/tm/utils/JwtUtil.java b/src/main/java/com/iemr/tm/utils/JwtUtil.java
index 2639896e..5d3d7561 100644
--- a/src/main/java/com/iemr/tm/utils/JwtUtil.java
+++ b/src/main/java/com/iemr/tm/utils/JwtUtil.java
@@ -59,11 +59,20 @@ public T extractClaim(String token, Function claimsResolver) {
return claims != null ? claimsResolver.apply(claims) : null;
}
- private Claims extractAllClaims(String token) {
+ public Claims extractAllClaims(String token) {
return Jwts.parser()
.verifyWith(getSigningKey())
.build()
.parseSignedClaims(token)
.getPayload();
}
+
+ public String getUserIdFromToken(String token) {
+ Claims claims = validateToken(token);
+ if (claims == null) {
+ return null;
+ }
+ return claims.get("userId", String.class);
+ }
}
+
diff --git a/src/main/java/com/iemr/tm/utils/exception/CustomAccessDeniedHandler.java b/src/main/java/com/iemr/tm/utils/exception/CustomAccessDeniedHandler.java
new file mode 100644
index 00000000..ff62fc62
--- /dev/null
+++ b/src/main/java/com/iemr/tm/utils/exception/CustomAccessDeniedHandler.java
@@ -0,0 +1,28 @@
+package com.iemr.tm.utils.exception;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import java.io.IOException;
+import java.util.Map;
+
+@Component
+public class CustomAccessDeniedHandler implements AccessDeniedHandler {
+
+ private static final ObjectMapper mapper = new ObjectMapper();
+ @Override
+ public void handle(HttpServletRequest request,
+ HttpServletResponse response,
+ AccessDeniedException accessDeniedException) throws IOException {
+ response.setStatus(HttpServletResponse.SC_FORBIDDEN); // 403
+ response.setContentType("application/json");
+ Map errorResponse = Map.of("error" , "Forbidden",
+ "message","Access denied");
+ response.getWriter().write(mapper.writeValueAsString(errorResponse));
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/com/iemr/tm/utils/exception/CustomAuthenticationEntryPoint.java b/src/main/java/com/iemr/tm/utils/exception/CustomAuthenticationEntryPoint.java
new file mode 100644
index 00000000..df622dfb
--- /dev/null
+++ b/src/main/java/com/iemr/tm/utils/exception/CustomAuthenticationEntryPoint.java
@@ -0,0 +1,23 @@
+package com.iemr.tm.utils.exception;
+
+import java.io.IOException;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Component
+public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+ @Override
+ public void commence(HttpServletRequest request,
+ HttpServletResponse response,
+ AuthenticationException authException) throws IOException {
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // 401
+ response.setContentType("application/json");
+ response.getWriter().write("{\"error\": \"Unauthorized\", \"message\": \"" + authException.getMessage() + "\"}");
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/com/iemr/tm/utils/http/HTTPRequestInterceptor.java b/src/main/java/com/iemr/tm/utils/http/HTTPRequestInterceptor.java
index 2da14401..f8160d83 100644
--- a/src/main/java/com/iemr/tm/utils/http/HTTPRequestInterceptor.java
+++ b/src/main/java/com/iemr/tm/utils/http/HTTPRequestInterceptor.java
@@ -21,11 +21,14 @@
*/
package com.iemr.tm.utils.http;
+import java.util.Arrays;
+
import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.HandlerInterceptor;
@@ -39,6 +42,9 @@
@Component
public class HTTPRequestInterceptor implements HandlerInterceptor {
Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());
+
+ @Value("${cors.allowed-origins}")
+ private String allowedOrigins;
private SessionObject sessionObject;
@@ -95,7 +101,13 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
response.getOutputStream().print(output.toString());
response.setContentType(MediaType.APPLICATION_JSON);
response.setContentLength(output.toString().length());
- response.setHeader("Access-Control-Allow-Origin", "*");
+ String origin = request.getHeader("Origin");
+ if (origin != null && isOriginAllowed(origin)) {
+ response.setHeader("Access-Control-Allow-Origin", origin);
+ response.setHeader("Access-Control-Allow-Credentials", "true");
+ } else if (origin != null) {
+ logger.warn("CORS headers NOT added for error response | Unauthorized origin: {}", origin);
+ }
status = false;
}
}
@@ -126,4 +138,27 @@ public void afterCompletion(HttpServletRequest request, HttpServletResponse resp
throws Exception {
logger.debug("In afterCompletion Request Completed");
}
-}
\ No newline at end of file
+
+ /**
+ * Check if the given origin is allowed based on configured allowedOrigins.
+ * Uses the same logic as JwtUserIdValidationFilter for consistency.
+ *
+ * @param origin The origin to validate
+ * @return true if origin is allowed, false otherwise
+ */
+ private boolean isOriginAllowed(String origin) {
+ if (origin == null || allowedOrigins == null || allowedOrigins.trim().isEmpty()) {
+ return false;
+ }
+
+ return Arrays.stream(allowedOrigins.split(","))
+ .map(String::trim)
+ .anyMatch(pattern -> {
+ String regex = pattern
+ .replace(".", "\\.")
+ .replace("*", ".*")
+ .replace("http://localhost:.*", "http://localhost:\\d+");
+ return origin.matches(regex);
+ });
+ }
+}
diff --git a/src/main/java/com/iemr/tm/utils/mapper/RoleAuthenticationFilter.java b/src/main/java/com/iemr/tm/utils/mapper/RoleAuthenticationFilter.java
new file mode 100644
index 00000000..68effd1d
--- /dev/null
+++ b/src/main/java/com/iemr/tm/utils/mapper/RoleAuthenticationFilter.java
@@ -0,0 +1,96 @@
+package com.iemr.tm.utils.mapper;
+
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import com.iemr.tm.service.common.master.CommonMasterServiceImpl;
+import com.iemr.tm.utils.CookieUtil;
+import com.iemr.tm.utils.JwtAuthenticationUtil;
+import com.iemr.tm.utils.JwtUtil;
+import com.iemr.tm.utils.redis.RedisStorage;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.io.IOException;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Component
+public class RoleAuthenticationFilter extends OncePerRequestFilter {
+
+ @Autowired
+ private JwtUtil jwtUtil;
+
+ @Autowired
+ private RedisStorage redisService;
+
+ @Autowired
+ private JwtAuthenticationUtil userService;
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+ throws ServletException, IOException, java.io.IOException {
+ List authRoles = null;
+ try {
+ String jwtFromCookie = CookieUtil.getJwtTokenFromCookie(request);
+ String jwtFromHeader = request.getHeader("Jwttoken");
+
+ String jwtToken = jwtFromCookie != null ? jwtFromCookie : jwtFromHeader;
+ if(null == jwtToken || jwtToken.trim().isEmpty()) {
+ filterChain.doFilter(request, response);
+ return;
+ }
+ Claims claims = jwtUtil.validateToken(jwtToken);
+ if(null == claims) {
+ filterChain.doFilter(request, response);
+ return;
+ }
+ Object userIdObj = claims.get("userId");
+ String userId = userIdObj != null ? userIdObj.toString() : null;
+ if (null == userId || userId.trim().isEmpty()) {
+ filterChain.doFilter(request, response);
+ return;
+ }
+ Long userIdLong;
+ try {
+ userIdLong=Long.valueOf(userId);
+ }catch (NumberFormatException ex) {
+ filterChain.doFilter(request, response);
+ return;
+ }
+ authRoles = redisService.getUserRoleFromCache(userIdLong);
+ if (authRoles == null || authRoles.isEmpty()) {
+ List roles = userService.getUserRoles(userIdLong); // assuming this returns multiple roles
+ authRoles = roles.stream()
+ .filter(Objects::nonNull)
+ .map(String::trim)
+ .map(role -> "ROLE_" + role.toUpperCase().replace(" ", "_"))
+ .collect(Collectors.toList());
+ redisService.cacheUserRoles(userIdLong, authRoles);
+ }
+
+ List authorities = authRoles.stream()
+ .map(SimpleGrantedAuthority::new)
+ .collect(Collectors.toList());
+
+ UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userId, null, authorities);
+ SecurityContextHolder.getContext().setAuthentication(auth);
+ } catch (Exception e) {
+ SecurityContextHolder.clearContext();
+ } finally {
+ filterChain.doFilter(request, response);
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/com/iemr/tm/utils/mapper/SecurityConfig.java b/src/main/java/com/iemr/tm/utils/mapper/SecurityConfig.java
new file mode 100644
index 00000000..ed74da7b
--- /dev/null
+++ b/src/main/java/com/iemr/tm/utils/mapper/SecurityConfig.java
@@ -0,0 +1,53 @@
+package com.iemr.tm.utils.mapper;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+
+import com.iemr.tm.utils.exception.CustomAccessDeniedHandler;
+import com.iemr.tm.utils.exception.CustomAuthenticationEntryPoint;
+
+
+@Configuration
+@EnableMethodSecurity
+@EnableWebSecurity
+public class SecurityConfig {
+ private final RoleAuthenticationFilter roleAuthenticationFilter;
+ private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
+ private final CustomAccessDeniedHandler customAccessDeniedHandler;
+
+ public SecurityConfig(RoleAuthenticationFilter roleAuthenticationFilter,
+ CustomAuthenticationEntryPoint customAuthenticationEntryPoint,
+ CustomAccessDeniedHandler customAccessDeniedHandler) {
+ this.roleAuthenticationFilter = roleAuthenticationFilter;
+ this.customAuthenticationEntryPoint = customAuthenticationEntryPoint;
+ this.customAccessDeniedHandler = customAccessDeniedHandler;
+ }
+
+@Bean
+public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+ CookieCsrfTokenRepository csrfTokenRepository = new CookieCsrfTokenRepository();
+ csrfTokenRepository.setCookieHttpOnly(true);
+ csrfTokenRepository.setCookiePath("/");
+ http
+ .csrf(csrf -> csrf.disable())
+ .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+ .authorizeHttpRequests(auth -> auth
+ .requestMatchers("/user/*").permitAll()
+ .anyRequest().authenticated()
+ )
+ .exceptionHandling(ex -> ex
+ .authenticationEntryPoint(customAuthenticationEntryPoint)
+ .accessDeniedHandler(customAccessDeniedHandler)
+ )
+ .addFilterBefore(roleAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+ return http.build();
+}
+}
diff --git a/src/main/java/com/iemr/tm/utils/redis/RedisStorage.java b/src/main/java/com/iemr/tm/utils/redis/RedisStorage.java
index 49b2c586..69fa170a 100644
--- a/src/main/java/com/iemr/tm/utils/redis/RedisStorage.java
+++ b/src/main/java/com/iemr/tm/utils/redis/RedisStorage.java
@@ -21,12 +21,15 @@
*/
package com.iemr.tm.utils.redis;
+import java.util.List;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.connection.RedisConnection;
import org.springframework.data.redis.connection.RedisStringCommands.SetOption;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.types.Expiration;
import org.springframework.stereotype.Component;
@@ -92,4 +95,28 @@ public String updateObject(String key, String value, Boolean extendExpirationTim
return key;
}
+
+ @Autowired
+ private RedisTemplate redisTemplate;
+
+ public void cacheUserRoles(Long userId, List roles) {
+ try {
+ String key = "roles:" + userId;
+ redisTemplate.delete(key); // Clear previous cache
+ redisTemplate.opsForList().rightPushAll(key, roles);
+ redisTemplate.expire(key, 30, java.util.concurrent.TimeUnit.MINUTES);
+ } catch (Exception e) {
+ logger.warn("Failed to cache role for user {} : {} ", userId, e.getMessage());
+ }
+
+ }
+
+ public List getUserRoleFromCache(Long userId) {
+ try {
+ return redisTemplate.opsForList().range("roles:" + userId, 0, -1);
+ } catch (Exception e) {
+ logger.warn("Failed to retrieve cached role for user {} : {} ", userId, e.getMessage());
+ return null;
+ }
+ }
}