Merge pull request #229 from Mac-5/feature/medical-records-management

llins · web-flow · commit 6437bdb688d3 · 2026-03-26T09:29:49.000+01:00
Feature/medical records management
diff --git a/backend/src/auth/constants/permissions.enum.ts b/backend/src/auth/constants/permissions.enum.ts
@@ -5,9 +5,14 @@ export enum Permission {
   CREATE_PETS = 'CREATE_PETS',
   SHARE_RECORDS = 'SHARE_RECORDS',
 
+  // Medical Records
+  READ_MEDICAL_RECORDS = 'READ_MEDICAL_RECORDS',
+  CREATE_MEDICAL_RECORDS = 'CREATE_MEDICAL_RECORDS',
+  UPDATE_MEDICAL_RECORDS = 'UPDATE_MEDICAL_RECORDS',
+  DELETE_MEDICAL_RECORDS = 'DELETE_MEDICAL_RECORDS',
+
   // Veterinarian
   READ_ALL_PETS = 'READ_ALL_PETS',
-  UPDATE_MEDICAL_RECORDS = 'UPDATE_MEDICAL_RECORDS',
   CREATE_TREATMENTS = 'CREATE_TREATMENTS',
   PRESCRIBE = 'PRESCRIBE',
 
diff --git a/backend/src/modules/medical-records/dto/append-record.dto.ts b/backend/src/modules/medical-records/dto/append-record.dto.ts
@@ -0,0 +1,7 @@
+import { IsString, IsNotEmpty } from 'class-validator';
+
+/** Appends an immutable observation to an existing record's notes */
+export class AppendRecordDto {
+  @IsString() @IsNotEmpty()
+  observation: string;
+}
diff --git a/backend/src/modules/medical-records/dto/search-medical-records.dto.ts b/backend/src/modules/medical-records/dto/search-medical-records.dto.ts
@@ -0,0 +1,31 @@
+import { IsOptional, IsEnum, IsString, IsDateString, IsUUID, IsBoolean } from 'class-validator';
+import { Transform } from 'class-transformer';
+import { RecordType, AccessLevel } from '../entities/medical-record.entity';
+
+export class SearchMedicalRecordsDto {
+  @IsOptional() @IsUUID()
+  petId?: string;
+
+  @IsOptional() @IsEnum(RecordType)
+  recordType?: RecordType;
+
+  @IsOptional() @IsEnum(AccessLevel)
+  accessLevel?: AccessLevel;
+
+  @IsOptional() @IsDateString()
+  startDate?: string;
+
+  @IsOptional() @IsDateString()
+  endDate?: string;
+
+  /** Full-text search across diagnosis, treatment, notes */
+  @IsOptional() @IsString()
+  q?: string;
+
+  @IsOptional() @IsUUID()
+  vetId?: string;
+
+  @IsOptional() @Transform(({ value }) => value === 'true')
+  @IsBoolean()
+  verified?: boolean;
+}
diff --git a/backend/src/modules/medical-records/medical-records.controller.ts b/backend/src/modules/medical-records/medical-records.controller.ts
@@ -10,13 +10,16 @@ import {
   UseInterceptors,
   UploadedFiles,
   BadRequestException,
+  UseGuards,
 } from '@nestjs/common';
 import { StreamableFile } from '@nestjs/common/file-stream';
 import { FilesInterceptor } from '@nestjs/platform-express';
 import { MedicalRecordsService } from './medical-records.service';
 import { MedicalRecordsExportService } from './medical-records-export.service';
 import { CreateMedicalRecordDto } from './dto/create-medical-record.dto';
 import { UpdateMedicalRecordDto } from './dto/update-medical-record.dto';
+import { AppendRecordDto } from './dto/append-record.dto';
+import { SearchMedicalRecordsDto } from './dto/search-medical-records.dto';
 import { VerifyRecordDto, RevokeVerificationDto } from './dto/verify-record.dto';
 import {
   ExportMedicalRecordsDto,
@@ -25,72 +28,75 @@ import {
 } from './dto/export-medical-records.dto';
 import { RecordType } from './entities/medical-record.entity';
 import { PetSpecies } from '../pets/entities/pet.entity';
-
+import { JwtAuthGuard } from '../../auth/guards/jwt-auth.guard';
+import { RolesGuard } from '../../auth/guards/roles.guard';
+import { Roles } from '../../auth/decorators/roles.decorator';
+import { Permissions } from '../../auth/decorators/permissions.decorator';
+import { CurrentUser } from '../../auth/decorators/current-user.decorator';
+import { RoleName } from '../../auth/constants/roles.enum';
+import { Permission } from '../../auth/constants/permissions.enum';
+
+@UseGuards(JwtAuthGuard, RolesGuard)
 @Controller('medical-records')
 export class MedicalRecordsController {
   constructor(
     private readonly medicalRecordsService: MedicalRecordsService,
     private readonly exportService: MedicalRecordsExportService,
-  ) { }
+  ) {}
 
   @Post()
+  @Permissions(Permission.CREATE_MEDICAL_RECORDS)
   @UseInterceptors(FilesInterceptor('files', 10))
   async create(
     @Body() createMedicalRecordDto: CreateMedicalRecordDto,
+    @CurrentUser('id') userId: string,
     @UploadedFiles() files?: Express.Multer.File[],
   ) {
-    // Handle file uploads
-    if (files && files.length > 0) {
-      const attachments = await Promise.all(
-        files.map((file) => this.medicalRecordsService.saveAttachment(file)),
+    if (files?.length) {
+      createMedicalRecordDto.attachments = await Promise.all(
+        files.map((f) => this.medicalRecordsService.saveAttachment(f)),
       );
-      createMedicalRecordDto.attachments = attachments;
     }
+    return this.medicalRecordsService.create(createMedicalRecordDto, userId);
+  }
 
-    return this.medicalRecordsService.create(createMedicalRecordDto);
+  /** Rich search: ?q=text&petId=&recordType=&accessLevel=&vetId=&verified=&startDate=&endDate= */
+  @Get('search')
+  @Permissions(Permission.READ_MEDICAL_RECORDS)
+  search(@Query() dto: SearchMedicalRecordsDto) {
+    return this.medicalRecordsService.search(dto);
   }
 
   @Get()
+  @Permissions(Permission.READ_MEDICAL_RECORDS)
   findAll(
     @Query('petId') petId?: string,
     @Query('recordType') recordType?: RecordType,
     @Query('startDate') startDate?: string,
     @Query('endDate') endDate?: string,
   ) {
-    return this.medicalRecordsService.findAll(
-      petId,
-      recordType,
-      startDate,
-      endDate,
-    );
+    return this.medicalRecordsService.findAll(petId, recordType, startDate, endDate);
   }
 
   @Get('templates/:petType')
+  @Permissions(Permission.READ_MEDICAL_RECORDS)
   getTemplates(@Param('petType') petType: PetSpecies) {
     return this.medicalRecordsService.getTemplatesByPetType(petType);
   }
 
   @Post('templates')
+  @Roles(RoleName.Veterinarian, RoleName.Admin)
   createTemplate(
     @Body('petType') petType: PetSpecies,
     @Body('recordType') recordType: RecordType,
     @Body('templateFields') templateFields: Record<string, any>,
     @Body('description') description?: string,
   ) {
-    return this.medicalRecordsService.createTemplate(
-      petType,
-      recordType,
-      templateFields,
-      description,
-    );
-  }
-
-  /**
-   * Export medical records as PDF, CSV, or FHIR.
-   * GET: use query params (format, petId, recordType, startDate, endDate).
-   * POST: use body for full options including recordIds for batch export.
-   */
+    return this.medicalRecordsService.createTemplate(petType, recordType, templateFields, description);
+  }
+
   @Get('export')
+  @Permissions(Permission.READ_MEDICAL_RECORDS)
   async exportGet(
     @Query('format') format: ExportFormat,
     @Query('recordIds') recordIdsStr?: string,
@@ -100,21 +106,10 @@ export class MedicalRecordsController {
     @Query('endDate') endDate?: string,
     @Query('includeAttachments') includeAttachments?: string,
   ) {
-    const recordIds = recordIdsStr
-      ? recordIdsStr
-        .split(',')
-        .map((s) => s.trim())
-        .filter(Boolean)
-      : undefined;
+    const recordIds = recordIdsStr?.split(',').map((s) => s.trim()).filter(Boolean);
     const dto: ExportMedicalRecordsDto = {
-      format,
-      recordIds,
-      petId,
-      recordType,
-      startDate,
-      endDate,
-      includeAttachments:
-        includeAttachments === 'true' || includeAttachments === undefined,
+      format, recordIds, petId, recordType, startDate, endDate,
+      includeAttachments: includeAttachments !== 'false',
     };
     const result = await this.exportService.export(dto);
     return new StreamableFile(result.buffer, {
@@ -124,6 +119,7 @@ export class MedicalRecordsController {
   }
 
   @Post('export')
+  @Permissions(Permission.READ_MEDICAL_RECORDS)
   async exportPost(@Body() dto: ExportMedicalRecordsDto) {
     const result = await this.exportService.export(dto);
     return new StreamableFile(result.buffer, {
@@ -132,79 +128,98 @@ export class MedicalRecordsController {
     });
   }
 
-  /**
-   * Generate export and send it by email.
-   * Requires MAIL_HOST, MAIL_PORT, MAIL_USER, MAIL_PASS to be set.
-   */
   @Post('export/email')
+  @Permissions(Permission.READ_MEDICAL_RECORDS)
   async exportEmail(
     @Body() dto: EmailExportMedicalRecordsDto,
     @Query('userEmail') userEmail?: string,
   ) {
     const recipient = dto.to || userEmail;
-    if (!recipient) {
-      throw new BadRequestException(
-        'Provide "to" in body or userEmail query param.',
-      );
-    }
+    if (!recipient) throw new BadRequestException('Provide "to" in body or userEmail query param.');
     return this.exportService.sendExportByEmail(dto, recipient);
   }
 
-  // --- Vet Verification / Signature ---
+  // --- Vet Verification ---
 
   @Post(':id/verify')
+  @Roles(RoleName.Veterinarian, RoleName.Admin)
   verifyRecord(
     @Param('id') id: string,
-    @Body() verifyRecordDto: VerifyRecordDto,
+    @Body() dto: VerifyRecordDto,
+    @CurrentUser('id') userId: string,
   ) {
-    return this.medicalRecordsService.verifyRecord(id, verifyRecordDto);
+    return this.medicalRecordsService.verifyRecord(id, dto, userId);
   }
 
   @Post(':id/revoke-verification')
+  @Roles(RoleName.Veterinarian, RoleName.Admin)
   revokeVerification(
     @Param('id') id: string,
-    @Body() revokeDto: RevokeVerificationDto,
+    @Body() dto: RevokeVerificationDto,
+    @CurrentUser('id') userId: string,
+  ) {
+    return this.medicalRecordsService.revokeVerification(id, dto, userId);
+  }
+
+  // --- Append-only observation ---
+
+  @Post(':id/append')
+  @Permissions(Permission.CREATE_MEDICAL_RECORDS)
+  appendObservation(
+    @Param('id') id: string,
+    @Body() dto: AppendRecordDto,
+    @CurrentUser('id') userId: string,
   ) {
-    return this.medicalRecordsService.revokeVerification(id, revokeDto);
+    return this.medicalRecordsService.append(id, dto, userId);
   }
 
-  // --- Record Versioning ---
+  // --- Versioning / history ---
+
+  @Get(':id/history')
+  @Permissions(Permission.READ_MEDICAL_RECORDS)
+  getHistory(@Param('id') id: string) {
+    return this.medicalRecordsService.getRecordVersions(id);
+  }
 
   @Get(':id/versions')
+  @Permissions(Permission.READ_MEDICAL_RECORDS)
   getVersions(@Param('id') id: string) {
     return this.medicalRecordsService.getRecordVersions(id);
   }
 
   @Get(':id/versions/:versionId')
-  getVersion(
-    @Param('id') id: string,
-    @Param('versionId') versionId: string,
-  ) {
+  @Permissions(Permission.READ_MEDICAL_RECORDS)
+  getVersion(@Param('id') id: string, @Param('versionId') versionId: string) {
     return this.medicalRecordsService.getRecordVersion(id, versionId);
   }
 
-  // --- Core record endpoints ---
+  // --- Core CRUD ---
 
   @Get(':id')
+  @Permissions(Permission.READ_MEDICAL_RECORDS)
   findOne(@Param('id') id: string) {
     return this.medicalRecordsService.findOne(id);
   }
 
   @Get(':id/qr')
+  @Permissions(Permission.READ_MEDICAL_RECORDS)
   getQRCode(@Param('id') id: string) {
     return this.medicalRecordsService.getQRCode(id);
   }
 
   @Patch(':id')
+  @Permissions(Permission.UPDATE_MEDICAL_RECORDS)
   update(
     @Param('id') id: string,
-    @Body() updateMedicalRecordDto: UpdateMedicalRecordDto,
+    @Body() dto: UpdateMedicalRecordDto,
+    @CurrentUser('id') userId: string,
   ) {
-    return this.medicalRecordsService.update(id, updateMedicalRecordDto);
+    return this.medicalRecordsService.update(id, dto, userId);
   }
 
   @Delete(':id')
-  remove(@Param('id') id: string) {
-    return this.medicalRecordsService.remove(id);
+  @Permissions(Permission.DELETE_MEDICAL_RECORDS)
+  remove(@Param('id') id: string, @CurrentUser('id') userId: string) {
+    return this.medicalRecordsService.remove(id, userId);
   }
 }
diff --git a/backend/src/modules/medical-records/medical-records.module.ts b/backend/src/modules/medical-records/medical-records.module.ts
@@ -1,7 +1,6 @@
 import { Module, OnModuleInit } from '@nestjs/common';
 import { TypeOrmModule } from '@nestjs/typeorm';
 import { ConfigModule } from '@nestjs/config';
-import { JwtModule } from '@nestjs/jwt';
 import { MedicalRecordsService } from './medical-records.service';
 import { MedicalRecordsController } from './medical-records.controller';
 import { MedicalRecordsExportService } from './medical-records-export.service';
@@ -12,6 +11,7 @@ import { RecordTemplate } from './entities/record-template.entity';
 import { RecordVersion } from './entities/record-version.entity';
 import { AuditModule } from '../audit/audit.module';
 import { SecurityModule } from '../../security/security.module';
+import { AuthModule } from '../../auth/auth.module';
 import { EncryptionService } from '../../security/services/encryption.service';
 import { KeyRotationService } from '../../security/services/key-rotation.service';
 import { setEncryptionService } from '../../common/transformers/encrypted.transformer';
@@ -23,6 +23,7 @@ import { BlockchainSyncModule } from '../blockchain/blockchain-sync.module';
     ConfigModule,
     AuditModule,
     SecurityModule,
+    AuthModule,
     BlockchainSyncModule,
   ],
   controllers: [MedicalRecordsController, RecordShareController],
diff --git a/backend/src/modules/medical-records/medical-records.service.ts b/backend/src/modules/medical-records/medical-records.service.ts
