fix: standardize SecurityException messages to canonical format in encounter and casemgmt actions#3119
fix: standardize SecurityException messages to canonical format in encounter and casemgmt actions#3119bellaayang wants to merge 1 commit into
Conversation
…counter and casemgmt actions Signed-off-by: bellaayang <jingjingyjh@126.com>
Reviewer's GuideStandardizes all SecurityException messages in relevant encounter and case management actions to the canonical format mandated by CLAUDE.md, without changing any security logic or privilege checks. File-Level Changes
Assessment against linked issues
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
📝 WalkthroughSummary by CodeRabbit
WalkthroughThis PR standardizes SecurityException messages thrown across 24 action classes in casemgmt, consultation request, and measurement modules. Messages previously using "Access Denied!", "security object" wording, or colon separators are unified to the canonical format "missing required sec object (_objectname)". ChangesSecurityException Message Standardization
Estimated code review effort: 2 (Simple) | ~10 minutes Possibly related PRs
Suggested labels: Suggested reviewers: Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- In
EctAddMeasurementType2Action, the newSecurityExceptionline is missing a terminating semicolon, which will prevent the class from compiling; please add the semicolon. - For actions that check multiple security objects (e.g.,
_adminand_admin.measurementsin the measurement stylesheet actions), ensure the updated exception messages consistently and accurately reflect all objects being checked, similar to the wording used inEctSetupAddMeasurementStyleSheet2Action.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- In `EctAddMeasurementType2Action`, the new `SecurityException` line is missing a terminating semicolon, which will prevent the class from compiling; please add the semicolon.
- For actions that check multiple security objects (e.g., `_admin` and `_admin.measurements` in the measurement stylesheet actions), ensure the updated exception messages consistently and accurately reflect all objects being checked, similar to the wording used in `EctSetupAddMeasurementStyleSheet2Action`.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
There was a problem hiding this comment.
Code Review
This pull request standardizes security exception messages across multiple CARLOS EMR Struts2 actions to consistently use the format "missing required sec object (...)". However, several critical compilation errors were introduced during these changes: a missing semicolon in EctAddMeasurementType2Action.java, and missing closing braces for else blocks in both EctDefineNewMeasurementGroup2Action.java and EctSetupStyleSheetList2Action.java.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
|
||
| } else { | ||
| throw new SecurityException("Access Denied!"); //missing required sec object (_admin) | ||
| throw new SecurityException("missing required sec object (_admin)") |
| } else { | ||
| throw new SecurityException("Access Denied!"); //missing required sec object (_admin) | ||
| } | ||
| throw new SecurityException("missing required sec object (_admin)"); | ||
| } |
There was a problem hiding this comment.
The closing brace } for the else block was accidentally removed, which will cause a syntax/compilation error.
| } else { | |
| throw new SecurityException("Access Denied!"); //missing required sec object (_admin) | |
| } | |
| throw new SecurityException("missing required sec object (_admin)"); | |
| } | |
| } else { | |
| throw new SecurityException("missing required sec object (_admin)"); | |
| } | |
| } |
| } else { | ||
| throw new SecurityException("Access Denied!"); //missing required sec object (_admin) or (_admin.measurements) | ||
| } | ||
| throw new SecurityException("missing required sec object (_admin)"); | ||
| } |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@src/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctAddMeasurementType2Action.java`:
- Line 104: The throw statement in EctAddMeasurementType2Action has a syntax
error because the SecurityException line is missing its terminating semicolon.
Update the exception throw in the affected handler so the statement is valid
Java and the class compiles cleanly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: b3e36e93-65d3-40e1-80ed-372db40ea289
📒 Files selected for processing (23)
src/main/java/io/github/carlos_emr/carlos/casemgmt/web/CaseManagementEntry2Action.javasrc/main/java/io/github/carlos_emr/carlos/casemgmt/web/ClientImage2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarConsultationRequest/config/pageUtil/ConsultationLookup2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarConsultationRequest/config/pageUtil/CpsoSearch2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarConsultationRequest/pageUtil/ConsultationClinicalData2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctAddMeasurementGroup2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctAddMeasurementMap2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctAddMeasurementType2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctAddMeasuringInstruction2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctDefineNewMeasurementGroup2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctDeleteMeasurementStyleSheet2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctDeleteMeasurementTypes2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctEditMeasurementGroup2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctEditMeasurementStyle2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctRemoveMeasurementMap2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctSetupAddMeasurementGroup2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctSetupAddMeasurementStyleSheet2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctSetupDisplayMeasurementStyleSheet2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctSetupDisplayMeasurementTypes2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctSetupEditMeasurementGroup2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctSetupGroupList2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctSetupStyleSheetList2Action.javasrc/main/java/io/github/carlos_emr/carlos/encounter/pageUtil/EctInsertTemplate2Action.java
|
|
||
| } else { | ||
| throw new SecurityException("Access Denied!"); //missing required sec object (_admin) | ||
| throw new SecurityException("missing required sec object (_admin)") |
There was a problem hiding this comment.
🎯 Functional Correctness | 🔴 Critical | ⚡ Quick win
Add the missing semicolon.
This throw statement will not compile as written.
Fix
- throw new SecurityException("missing required sec object (_admin)")
+ throw new SecurityException("missing required sec object (_admin)");📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| throw new SecurityException("missing required sec object (_admin)") | |
| throw new SecurityException("missing required sec object (_admin)"); |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@src/main/java/io/github/carlos_emr/carlos/encounter/oscarMeasurements/pageUtil/EctAddMeasurementType2Action.java`
at line 104, The throw statement in EctAddMeasurementType2Action has a syntax
error because the SecurityException line is missing its terminating semicolon.
Update the exception throw in the affected handler so the statement is valid
Java and the class compiles cleanly.
Description
Standardizes non-canonical
SecurityExceptionmessages across encounter and case management action classes to match the format mandated by CLAUDE.md:missing required sec object (_objectname)Changes made:
"missing required security object"(spelled out) with the abbreviated"sec object"formEctInsertTemplate2Action"Access Denied!"placeholder messages in 15 measurement admin actions with the correct canonical format, using the object name from the nearbyhasPrivilege()check as the source of truthRelated Issues
Fixes #2598
How Was This Tested?
Verified with
grep -rn "missing required security object"that all in-scope files no longer contain non-canonical messages. No functional logic was changed.Checklist
git commit -s)Summary by Sourcery
Enhancements:
Summary by cubic
Standardized
SecurityExceptionmessages to the canonical format "missing required sec object (...)" across encounter and case management actions for consistent error handling. No behavior changes._demographic,_con,_admin,_admin.consult,_newCasemgmt.templates).Written for commit 04d767f. Summary will update on new commits.