96a6196373
- 新增 consent_check.rs: check_consent_active() 检查患者有效同意记录 - 医护角色 (admin/doctor/nurse/health_manager) 自动跳过检查 - 5 个 handler / 10 处端点添加 consent 门控: - daily_monitoring_handler: list_daily_monitoring - vital_signs_daily_handler: get_daily_aggregations - alert_handler: list_alerts - health_data_handler: 5 个列表/趋势/时间序列端点 - device_reading_handler: list_readings + list_hourly
41 lines
1.3 KiB
Rust
41 lines
1.3 KiB
Rust
use erp_core::error::AppError;
|
||
use erp_core::types::TenantContext;
|
||
use sea_orm::{ColumnTrait, EntityTrait, QueryFilter};
|
||
|
||
use crate::entity::consent::{Column, Entity as ConsentEntity};
|
||
use uuid::Uuid;
|
||
|
||
/// 医护角色跳过 consent 检查
|
||
const BYPASS_ROLES: &[&str] = &["admin", "doctor", "nurse", "health_manager"];
|
||
|
||
/// 检查患者是否有有效的知情同意记录(status = granted)
|
||
/// 在 handler 层调用,对患者数据的读取进行 consent 门控
|
||
pub async fn check_consent_active(
|
||
db: &sea_orm::DatabaseConnection,
|
||
tenant_id: Uuid,
|
||
patient_id: Uuid,
|
||
ctx: &TenantContext,
|
||
) -> Result<(), AppError> {
|
||
// 医护和管理角色不需要 consent 检查
|
||
if ctx.roles.iter().any(|r| BYPASS_ROLES.contains(&r.as_str())) {
|
||
return Ok(());
|
||
}
|
||
|
||
let has_active = ConsentEntity::find()
|
||
.filter(Column::TenantId.eq(tenant_id))
|
||
.filter(Column::PatientId.eq(patient_id))
|
||
.filter(Column::Status.eq("granted"))
|
||
.filter(Column::DeletedAt.is_null())
|
||
.one(db)
|
||
.await
|
||
.map_err(|e| AppError::Internal(e.to_string()))?;
|
||
|
||
if has_active.is_none() {
|
||
return Err(AppError::Forbidden(
|
||
"患者未签署知情同意书,无法访问数据".to_string(),
|
||
));
|
||
}
|
||
|
||
Ok(())
|
||
}
|