pcvolkmer/onkostar-plugin-dnpm
1
0
Fork 0
mirror of https://github.com/pcvolkmer/onkostar-plugin-dnpm.git synced 2025-07-05 02:22:54 +00:00
Code Issues Activity

Issue #29: Abgesicherter Zugriff auf ECOG Verlauf

Browse Source
This commit is contained in:
Paul-Christian Volkmer
2023-08-28 14:39:43 +02:00
parent 74a6e7e79a
commit 35f1aa0d75
2 changed files with 45 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/main/java/DNPM/DNPMHelper.java
View File

@ -1,6 +1,9 @@
package DNPM;
import DNPM.analyzer.AnalyzerUtils;
import DNPM.security.IllegalSecuredObjectAccessException;
import DNPM.security.PermissionType;
import DNPM.security.PersonPoolBasedPermissionEvaluator;
import DNPM.services.systemtherapie.SystemtherapieService;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
@ -17,6 +20,7 @@ import org.hibernate.transform.Transformers;
import org.hibernate.type.StandardBasicTypes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import java.util.ArrayList;
import java.util.HashMap;
@ -31,9 +35,16 @@ public class DNPMHelper implements IProcedureAnalyzer {
private final SystemtherapieService systemtherapieService;
public DNPMHelper(final IOnkostarApi onkostarApi, final SystemtherapieService systemtherapieService) {
private final PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
public DNPMHelper(
final IOnkostarApi onkostarApi,
final SystemtherapieService systemtherapieService,
final PersonPoolBasedPermissionEvaluator permissionEvaluator
) {
this.onkostarApi = onkostarApi;
this.systemtherapieService = systemtherapieService;
this.personPoolBasedPermissionEvaluator = permissionEvaluator;
}
@Override
@ -264,6 +275,10 @@ public class DNPMHelper implements IProcedureAnalyzer {
return List.of();
}
return systemtherapieService.ecogSatus(patient);
if (personPoolBasedPermissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), patient, PermissionType.READ)) {
return systemtherapieService.ecogSatus(patient);
}
throw new IllegalSecuredObjectAccessException("Kein Zugriff auf diesen Patienten");
}
}