From 177c2854f6642b66601de798f1a46c663002a163 Mon Sep 17 00:00:00 2001
From: Jessie Ragot <jessie.ragot@hotmail.com>
Date: Thu, 6 Mar 2025 15:06:21 +0100
Subject: [PATCH] Change of routes for appointment security, change so that
appointments are retrieved according to the authenticated patient or doctor.
Doctors can now only book appointments in their own name
---
....java => DoctorAppointmentController.java} | 45 +++++++++----------
.../PatientAppointmentController.java | 33 ++++++++++++++
.../repositories/AppointmentRepository.java | 2 +
.../services/AppointmentService.java | 5 ++-
.../projetIndu/services/DoctorService.java | 26 +++++------
.../projetIndu/services/PatientService.java | 12 +++++
.../resources/templates/appointments.html | 2 +-
.../templates/create-appointment.html | 16 +++----
.../resources/templates/doctor-dashboard.html | 2 +-
.../templates/patient-dashboard.html | 2 +-
10 files changed, 91 insertions(+), 54 deletions(-)
rename src/main/java/com/projet/projetIndu/controllers/{AppointmentController.java => DoctorAppointmentController.java} (68%)
create mode 100644 src/main/java/com/projet/projetIndu/controllers/PatientAppointmentController.java
diff --git a/src/main/java/com/projet/projetIndu/controllers/AppointmentController.java b/src/main/java/com/projet/projetIndu/controllers/DoctorAppointmentController.java
similarity index 68%
rename from src/main/java/com/projet/projetIndu/controllers/AppointmentController.java
rename to src/main/java/com/projet/projetIndu/controllers/DoctorAppointmentController.java
index a5213cd..2935ac6 100644
--- a/src/main/java/com/projet/projetIndu/controllers/AppointmentController.java
+++ b/src/main/java/com/projet/projetIndu/controllers/DoctorAppointmentController.java
@@ -15,54 +15,52 @@ import java.time.LocalDateTime;
import java.util.List;
@Controller
-@RequestMapping("/appointments") // Toutes les routes commenceront par /appointments
-public class AppointmentController {
+@RequestMapping("/doctors/appointments")
+public class DoctorAppointmentController {
private final AppointmentService appointmentService;
private final DoctorService doctorService;
private final PatientService patientService;
-
- public AppointmentController(AppointmentService appointmentService, DoctorService doctorService, PatientService patientService) {
+ public DoctorAppointmentController(AppointmentService appointmentService, DoctorService doctorService, PatientService patientService) {
this.appointmentService = appointmentService;
this.doctorService = doctorService;
this.patientService = patientService;
}
@GetMapping
- public String showAppointments(Model model) {
- List<Appointment> appointments = appointmentService.getAllAppointments();
- model.addAttribute("appointments", appointments);
- return "appointments";
- }
-
- @GetMapping("/doctor/{doctorId}")
- public String listAppointmentsForDoctor(@PathVariable Long doctorId, Model model) {
+ public String showDoctorAppointments(Model model) {
+ Long doctorId = doctorService.getAuthenticatedDoctorId();
List<Appointment> appointments = appointmentService.getAppointmentsByDoctor(doctorId);
model.addAttribute("appointments", appointments);
return "appointments";
}
-
@GetMapping("/create")
public String showCreateForm(Model model) {
model.addAttribute("appointment", new Appointment());
-
List<Patient> patients = patientService.getAllPatients();
- List<Doctor> doctors = doctorService.getAllDoctors();
-
model.addAttribute("patients", patients);
- model.addAttribute("doctors", doctors);
+ Long doctorId = doctorService.getAuthenticatedDoctorId();
+ Doctor doctor = doctorService.getDoctorById(doctorId)
+ .orElseThrow(() -> new RuntimeException("Médecin introuvable"));
+
+ model.addAttribute("doctor", doctor);
return "create-appointment";
}
@PostMapping("/create")
- public String createAppointment(@RequestParam("doctorId") Long doctorId,
- @RequestParam("patientId") Long patientId,
+ public String createAppointment(@RequestParam("patientId") Long patientId,
@RequestParam("dateTime") String dateTime,
- @RequestParam("reason") String reason) {
+ @RequestParam("reason") String reason,
+ @RequestParam("doctorId") Long doctorId) {
+
+ Long authenticatedDoctorId = doctorService.getAuthenticatedDoctorId();
+ if (!authenticatedDoctorId.equals(doctorId)) {
+ throw new RuntimeException("Le médecin authentifié ne peut pas prendre des rendez-vous pour un autre médecin.");
+ }
Doctor doctor = doctorService.getDoctorById(doctorId)
.orElseThrow(() -> new RuntimeException("Médecin introuvable"));
@@ -80,16 +78,15 @@ public class AppointmentController {
appointmentService.saveAppointment(appointment);
- return "redirect:/appointments";
+ return "redirect:/doctors/appointments";
}
-
-
@PostMapping("/{id}/cancel")
public String cancelAppointment(@PathVariable Long id) {
appointmentService.cancelAppointment(id);
- return "redirect:/appointments";
+ return "redirect:/doctors/appointments";
}
}
+
diff --git a/src/main/java/com/projet/projetIndu/controllers/PatientAppointmentController.java b/src/main/java/com/projet/projetIndu/controllers/PatientAppointmentController.java
new file mode 100644
index 0000000..ed97a4b
--- /dev/null
+++ b/src/main/java/com/projet/projetIndu/controllers/PatientAppointmentController.java
@@ -0,0 +1,33 @@
+package com.projet.projetIndu.controllers;
+
+import com.projet.projetIndu.entities.Appointment;
+import com.projet.projetIndu.services.AppointmentService;
+import com.projet.projetIndu.services.PatientService;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import java.util.List;
+
+@Controller
+@RequestMapping("/patients/appointments") // L'URL commence bien par /patients/
+public class PatientAppointmentController {
+
+ private final AppointmentService appointmentService;
+ private final PatientService patientService;
+
+ public PatientAppointmentController(AppointmentService appointmentService, PatientService patientService) {
+ this.appointmentService = appointmentService;
+ this.patientService = patientService;
+ }
+
+ @GetMapping
+ public String showPatientAppointments(Model model) {
+ Long patientId = patientService.getAuthenticatedPatientId(); // Récupère l'ID du patient connecté
+ List<Appointment> appointments = appointmentService.getAppointmentsByPatient(patientId);
+ model.addAttribute("appointments", appointments);
+ return "appointments";
+ }
+}
+
diff --git a/src/main/java/com/projet/projetIndu/repositories/AppointmentRepository.java b/src/main/java/com/projet/projetIndu/repositories/AppointmentRepository.java
index e302563..9f2b3a4 100644
--- a/src/main/java/com/projet/projetIndu/repositories/AppointmentRepository.java
+++ b/src/main/java/com/projet/projetIndu/repositories/AppointmentRepository.java
@@ -12,4 +12,6 @@ public interface AppointmentRepository extends JpaRepository<Appointment, Long>
Optional<Appointment> findByDateTime(LocalDateTime dateTime);
List<Appointment> findByDoctorId(Long doctorId);
+
+ List<Appointment> findByPatientId(Long patientId);
}
diff --git a/src/main/java/com/projet/projetIndu/services/AppointmentService.java b/src/main/java/com/projet/projetIndu/services/AppointmentService.java
index c3c99b0..b569668 100644
--- a/src/main/java/com/projet/projetIndu/services/AppointmentService.java
+++ b/src/main/java/com/projet/projetIndu/services/AppointmentService.java
@@ -6,7 +6,6 @@ import com.projet.projetIndu.repositories.AppointmentRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import java.time.LocalDate;
import java.time.LocalDateTime;
import java.util.List;
import java.util.Optional;
@@ -53,5 +52,9 @@ public class AppointmentService {
return appointmentRepository.findByDoctorId(doctorId);
}
+ public List<Appointment> getAppointmentsByPatient(Long patientId) {
+ return appointmentRepository.findByPatientId(patientId);
+ }
+
}
diff --git a/src/main/java/com/projet/projetIndu/services/DoctorService.java b/src/main/java/com/projet/projetIndu/services/DoctorService.java
index 0ce1ff0..baf0f70 100644
--- a/src/main/java/com/projet/projetIndu/services/DoctorService.java
+++ b/src/main/java/com/projet/projetIndu/services/DoctorService.java
@@ -3,9 +3,10 @@ package com.projet.projetIndu.services;
import com.projet.projetIndu.entities.Doctor;
import com.projet.projetIndu.repositories.DoctorRepository;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
-import java.util.Arrays;
import java.util.List;
import java.util.Optional;
@@ -43,23 +44,16 @@ public class DoctorService {
public void deleteDoctorById(Long id) {
doctorRepository.deleteById(id);
}
+
+ public Long getAuthenticatedDoctorId() {
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+ String email = authentication.getName();
+ return doctorRepository.findByEmail(email)
+ .map(Doctor::getId)
+ .orElseThrow(() -> new RuntimeException("Médecin non trouvé"));
+ }
}
-// ///Pour le codage en dur (à retirer ensuite avec la BDD)
-// public List<Doctor> getAllDoctors() {
-// return Arrays.asList(
-// new Doctor(1L, "Jean", "Dupont", "Cardiologue", "jean.dupont@example.com"),
-// new Doctor(2L, "Marie", "Curie", "Radiologue", "marie.curie@example.com"),
-// new Doctor(3L, "Paul", "Durand", "Généraliste", "paul.durand@example.com")
-// );
-// }
//
-// // Pour le dur
-// public List<Doctor> getDoctorByName(String firstName, String lastName) {
-// return getAllDoctors().stream()
-// .filter(doctor -> doctor.getFirstName().toLowerCase().contains(firstName.toLowerCase()) ||
-// doctor.getLastName().toLowerCase().contains(lastName.toLowerCase()))
-// .toList();
-// }
diff --git a/src/main/java/com/projet/projetIndu/services/PatientService.java b/src/main/java/com/projet/projetIndu/services/PatientService.java
index 48d0fe6..0edbe55 100644
--- a/src/main/java/com/projet/projetIndu/services/PatientService.java
+++ b/src/main/java/com/projet/projetIndu/services/PatientService.java
@@ -3,6 +3,8 @@ package com.projet.projetIndu.services;
import com.projet.projetIndu.entities.Patient;
import com.projet.projetIndu.repositories.PatientRepository;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import java.util.List;
@@ -37,4 +39,14 @@ public class PatientService {
public void deletePatientById(Long id) {
patientRepository.deleteById(id);
}
+
+
+ public Long getAuthenticatedPatientId() {
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+ String email = authentication.getName();
+
+ return patientRepository.findByEmail(email)
+ .map(Patient::getId)
+ .orElseThrow(() -> new RuntimeException("Patient non trouvé"));
+ }
}
diff --git a/src/main/resources/templates/appointments.html b/src/main/resources/templates/appointments.html
index 427ef00..f529e14 100644
--- a/src/main/resources/templates/appointments.html
+++ b/src/main/resources/templates/appointments.html
@@ -38,7 +38,7 @@
</tbody>
</table>
- <a href="/appointments/create" class="btn btn-primary mt-3">Créer un nouveau rendez-vous</a>
+ <a href="/doctors/appointments/create" class="btn btn-primary mt-3">Créer un nouveau rendez-vous</a>
<a href="/doctors/dashboard" class="btn btn-secondary mt-3">Retour au tableau de bord</a>
</div>
diff --git a/src/main/resources/templates/create-appointment.html b/src/main/resources/templates/create-appointment.html
index 4ab3f6a..b23775e 100644
--- a/src/main/resources/templates/create-appointment.html
+++ b/src/main/resources/templates/create-appointment.html
@@ -11,7 +11,7 @@
<div class="container mt-5">
<h1 class="text-center mb-4">Créer un rendez-vous</h1>
- <form method="post" th:action="@{/appointments/create}">
+ <form method="post" th:action="@{/doctors/appointments/create}">
<!-- Sélecteur du Patient -->
<div class="mb-3">
<label class="form-label">Patient :</label>
@@ -24,16 +24,12 @@
</select>
</div>
- <!-- Sélecteur du Médecin -->
<div class="mb-3">
<label class="form-label">Médecin :</label>
- <select class="form-select" name="doctorId" required>
- <option value="">Sélectionner un médecin</option>
- <option th:each="doctor : ${doctors}"
- th:value="${doctor.id}"
- th:text="${doctor.firstName + ' ' + doctor.lastName}">
- </option>
- </select>
+ <input type="hidden" name="doctorId" th:value="${doctor.id}">
+ <!-- Affichage du nom du médecin authentifié -->
+ <input type="text" class="form-control" th:value="'Dr. ' + ${doctor.firstName} + ' ' + ${doctor.lastName}"
+ readonly>
</div>
<!-- Champ Date et Heure -->
@@ -49,7 +45,7 @@
</div>
<button type="submit" class="btn btn-success">Créer le rendez-vous</button>
- <a href="/appointments" th:href="@{/appointments}" class="btn btn-secondary">Annuler</a>
+ <a href="/doctors/appointments" th:href="@{/doctors/appointments}" class="btn btn-secondary">Annuler</a>
</form>
</div>
diff --git a/src/main/resources/templates/doctor-dashboard.html b/src/main/resources/templates/doctor-dashboard.html
index b6c86c3..6927532 100644
--- a/src/main/resources/templates/doctor-dashboard.html
+++ b/src/main/resources/templates/doctor-dashboard.html
@@ -36,7 +36,7 @@
<p class="mt-2 text-gray-600">Accéder aux dossiers médicaux de vos patients.</p>
</a>
- <a href="/appointments"
+ <a href="/doctors/appointments"
class="p-6 bg-white shadow-md rounded-lg hover:shadow-lg transition md:col-span-2 flex items-center justify-center text-center">
<div class="space-y-2">
<h3 class="text-xl font-semibold text-gray-800">Rendez-vous</h3>
diff --git a/src/main/resources/templates/patient-dashboard.html b/src/main/resources/templates/patient-dashboard.html
index f750bee..ebb9bf3 100644
--- a/src/main/resources/templates/patient-dashboard.html
+++ b/src/main/resources/templates/patient-dashboard.html
@@ -29,7 +29,7 @@
<p class="mt-2 text-gray-600">Consulter vos dossiers médicaux.</p>
</a>
- <a href="/appointments" class="p-6 bg-white shadow-md rounded-lg hover:shadow-lg transition">
+ <a href="/patients/appointments" class="p-6 bg-white shadow-md rounded-lg hover:shadow-lg transition">
<h3 class="text-xl font-semibold text-gray-800">Mes Rendez-vous</h3>
<p class="mt-2 text-gray-600">Voir et gérer vos rendez-vous.</p>
</a>
--
GitLab