Merge pull request #13360 from SORMAS-Foundation/feature-13297_user_rights_system_for_message_types

#13297 - Redesign User Rights System for Message Types

Author: KarnaiahPesula

sormas-api/src/main/java/de/symeda/sormas/api/user/DefaultUserRole.java

@@ -1427,9 +1427,13 @@ public Set<UserRight> getDefaultUserRights() {
 					CAMPAIGN_FORM_DATA_ARCHIVE,
 					CAMPAIGN_FORM_DATA_VIEW_ARCHIVED,
 					CAMPAIGN_FORM_DATA_EXPORT,
-					EXTERNAL_MESSAGE_VIEW,
-					EXTERNAL_MESSAGE_PROCESS,
-					EXTERNAL_MESSAGE_DELETE,
+					EXTERNAL_MESSAGE_ACCESS,
+					EXTERNAL_MESSAGE_LABORATORY_VIEW,
+					EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW,
+					EXTERNAL_MESSAGE_LABORATORY_PROCESS,
+					EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS,
+					EXTERNAL_MESSAGE_LABORATORY_DELETE,
+					EXTERNAL_MESSAGE_DOCTOR_DECLARATION_DELETE,
 					PERFORM_BULK_OPERATIONS,
 					TRAVEL_ENTRY_MANAGEMENT_ACCESS,
 					TRAVEL_ENTRY_VIEW,
@@ -1855,9 +1859,13 @@ public Set<UserRight> getDefaultUserRights() {
 					CAMPAIGN_FORM_DATA_VIEW,
 					CAMPAIGN_FORM_DATA_EDIT,
 					CAMPAIGN_FORM_DATA_EXPORT,
-					EXTERNAL_MESSAGE_VIEW,
-					EXTERNAL_MESSAGE_PROCESS,
-					EXTERNAL_MESSAGE_DELETE,
+					EXTERNAL_MESSAGE_ACCESS,
+					EXTERNAL_MESSAGE_LABORATORY_VIEW,
+					EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW,
+					EXTERNAL_MESSAGE_LABORATORY_PROCESS,
+					EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS,
+					EXTERNAL_MESSAGE_LABORATORY_DELETE,
+					EXTERNAL_MESSAGE_DOCTOR_DECLARATION_DELETE,
 					TRAVEL_ENTRY_MANAGEMENT_ACCESS,
 					TRAVEL_ENTRY_VIEW,
 					TRAVEL_ENTRY_CREATE,

sormas-api/src/main/java/de/symeda/sormas/api/user/UserRight.java

@@ -285,12 +285,21 @@ public enum UserRight {
 	EXTERNAL_SURVEILLANCE_SHARE(UserRightGroup.EXTERNAL),
 	EXTERNAL_SURVEILLANCE_DELETE(UserRightGroup.EXTERNAL),
 
-	EXTERNAL_MESSAGE_VIEW(UserRightGroup.EXTERNAL),
-	EXTERNAL_MESSAGE_PROCESS(UserRightGroup.EXTERNAL, UserRight._EXTERNAL_MESSAGE_VIEW,
+	EXTERNAL_MESSAGE_PUSH(UserRightGroup.EXTERNAL),
+
+	EXTERNAL_MESSAGE_ACCESS(UserRightGroup.EXTERNAL),
+	EXTERNAL_MESSAGE_LABORATORY_VIEW(UserRightGroup.EXTERNAL, UserRight._EXTERNAL_MESSAGE_ACCESS),
+	EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW(UserRightGroup.EXTERNAL, UserRight._EXTERNAL_MESSAGE_ACCESS),
+
+	EXTERNAL_MESSAGE_LABORATORY_PROCESS(UserRightGroup.EXTERNAL, UserRight._EXTERNAL_MESSAGE_ACCESS, UserRight._EXTERNAL_MESSAGE_LABORATORY_VIEW,
 			UserRight._SAMPLE_CREATE, UserRight._SAMPLE_EDIT, UserRight._PATHOGEN_TEST_CREATE, UserRight._PATHOGEN_TEST_EDIT, UserRight._PATHOGEN_TEST_DELETE,
 			UserRight._IMMUNIZATION_CREATE, UserRight._IMMUNIZATION_EDIT, UserRight._IMMUNIZATION_DELETE),
-	EXTERNAL_MESSAGE_PUSH(UserRightGroup.EXTERNAL),
-	EXTERNAL_MESSAGE_DELETE(UserRightGroup.EXTERNAL, UserRight._EXTERNAL_MESSAGE_VIEW),
+	EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS(UserRightGroup.EXTERNAL, UserRight._EXTERNAL_MESSAGE_ACCESS, UserRight._EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW,
+			UserRight._SAMPLE_CREATE, UserRight._SAMPLE_EDIT, UserRight._PATHOGEN_TEST_CREATE, UserRight._PATHOGEN_TEST_EDIT, UserRight._PATHOGEN_TEST_DELETE,
+			UserRight._IMMUNIZATION_CREATE, UserRight._IMMUNIZATION_EDIT, UserRight._IMMUNIZATION_DELETE),
+
+	EXTERNAL_MESSAGE_LABORATORY_DELETE(UserRightGroup.EXTERNAL, UserRight._EXTERNAL_MESSAGE_ACCESS, UserRight._EXTERNAL_MESSAGE_LABORATORY_VIEW),
+	EXTERNAL_MESSAGE_DOCTOR_DECLARATION_DELETE(UserRightGroup.EXTERNAL, UserRight._EXTERNAL_MESSAGE_ACCESS, UserRight._EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW),
 
 	SURVEY_VIEW(UserRightGroup.SURVEY),
 	SURVEY_CREATE(UserRightGroup.SURVEY, UserRight._SURVEY_VIEW),
@@ -489,10 +498,14 @@ public enum UserRight {
 	public static final String _SORMAS_TO_SORMAS_PROCESS = "SORMAS_TO_SORMAS_PROCESS";
 	public static final String _EXTERNAL_SURVEILLANCE_SHARE = "EXTERNAL_SURVEILLANCE_SHARE";
 	public static final String _EXTERNAL_SURVEILLANCE_DELETE = "EXTERNAL_SURVEILLANCE_DELETE";
-	public static final String _EXTERNAL_MESSAGE_VIEW = "EXTERNAL_MESSAGE_VIEW";
-	public static final String _EXTERNAL_MESSAGE_PROCESS = "EXTERNAL_MESSAGE_PROCESS";
 	public static final String _EXTERNAL_MESSAGE_PUSH = "EXTERNAL_MESSAGE_PUSH";
-	public static final String _EXTERNAL_MESSAGE_DELETE = "EXTERNAL_MESSAGE_DELETE";
+	public static final String _EXTERNAL_MESSAGE_ACCESS = "EXTERNAL_MESSAGE_ACCESS";
+	public static final String _EXTERNAL_MESSAGE_LABORATORY_VIEW = "EXTERNAL_MESSAGE_LABORATORY_VIEW";
+	public static final String _EXTERNAL_MESSAGE_LABORATORY_PROCESS = "EXTERNAL_MESSAGE_LABORATORY_PROCESS";
+	public static final String _EXTERNAL_MESSAGE_LABORATORY_DELETE = "EXTERNAL_MESSAGE_LABORATORY_DELETE";
+	public static final String _EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW = "EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW";
+	public static final String _EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS = "EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS";
+	public static final String _EXTERNAL_MESSAGE_DOCTOR_DECLARATION_DELETE = "EXTERNAL_MESSAGE_DOCTOR_DECLARATION_DELETE";
 	public static final String _TRAVEL_ENTRY_MANAGEMENT_ACCESS = "TRAVEL_ENTRY_MANAGEMENT_ACCESS";
 	public static final String _TRAVEL_ENTRY_VIEW = "TRAVEL_ENTRY_VIEW";
 	public static final String _TRAVEL_ENTRY_VIEW_ARCHIVED = "TRAVEL_ENTRY_VIEW_ARCHIVED";

sormas-api/src/main/resources/enum.properties

@@ -1558,10 +1558,14 @@ UserRight.SORMAS_TO_SORMAS_SHARE = Share data from one SORMAS instance to anothe
 UserRight.SORMAS_TO_SORMAS_PROCESS = Process shares
 UserRight.EXTERNAL_SURVEILLANCE_SHARE = Send data to external surveillance tool
 UserRight.EXTERNAL_SURVEILLANCE_DELETE = Delete data in external surveillance tool
-UserRight.EXTERNAL_MESSAGE_VIEW = View and fetch messages
-UserRight.EXTERNAL_MESSAGE_PROCESS = Work with messages
 UserRight.EXTERNAL_MESSAGE_PUSH = Push external messages to the system
-UserRight.EXTERNAL_MESSAGE_DELETE = Delete messages from the system
+UserRight.EXTERNAL_MESSAGE_ACCESS = Access external messages
+UserRight.EXTERNAL_MESSAGE_LABORATORY_VIEW = View laboratory messages
+UserRight.EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW = View doctor declaration messages
+UserRight.EXTERNAL_MESSAGE_LABORATORY_PROCESS = Work with laboratory messages
+UserRight.EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS = Work with doctor declaration messages
+UserRight.EXTERNAL_MESSAGE_LABORATORY_DELETE = Delete laboratory messages from the system
+UserRight.EXTERNAL_MESSAGE_DOCTOR_DECLARATION_DELETE = Delete doctor declaration messages from the system
 UserRight.CASE_SHARE = Share cases with the whole country
 UserRight.IMMUNIZATION_VIEW = View existing immunizations and vaccinations
 UserRight.IMMUNIZATION_VIEW_ARCHIVED = View archived immunizations and vaccinations
@@ -1793,10 +1797,14 @@ UserRight.Desc.SORMAS_TO_SORMAS_SHARE = Users with this right can initiate a sha
 UserRight.Desc.SORMAS_TO_SORMAS_PROCESS = Only users with this right are allowed to see & use the share directory.
 UserRight.Desc.EXTERNAL_SURVEILLANCE_SHARE = Allows sharing cases or events to external surveillance tools. In order to do so the related edit user right is needed as-well.
 UserRight.Desc.EXTERNAL_SURVEILLANCE_DELETE = Allows deleting cases or events in external surveillance tools. In order to do so the related edit user right is needed as-well.
-UserRight.Desc.EXTERNAL_MESSAGE_VIEW = Able to view and fetch messages
-UserRight.Desc.EXTERNAL_MESSAGE_PROCESS = Able to work with messages
 UserRight.Desc.EXTERNAL_MESSAGE_PUSH = Able to push external messages to the system
-UserRight.Desc.EXTERNAL_MESSAGE_DELETE = Able to delete messages
+UserRight.Desc.EXTERNAL_MESSAGE_ACCESS = Able to access external messages
+UserRight.Desc.EXTERNAL_MESSAGE_LABORATORY_VIEW = Able to view laboratory messages
+UserRight.Desc.EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW = Able to view doctor declaration messages
+UserRight.Desc.EXTERNAL_MESSAGE_LABORATORY_PROCESS = Able to work with laboratory messages
+UserRight.Desc.EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS = Able to process doctor declaration messages
+UserRight.Desc.EXTERNAL_MESSAGE_LABORATORY_DELETE = Able to delete laboratory messages
+UserRight.Desc.EXTERNAL_MESSAGE_DOCTOR_DECLARATION_DELETE = Able to delete doctor declaration messages
 UserRight.Desc.CASE_SHARE = Able to share cases with the whole country
 UserRight.Desc.IMMUNIZATION_VIEW = Able to view existing immunizations and vaccinations
 UserRight.Desc.IMMUNIZATION_VIEW_ARCHIVED = Able to view arhived immunizations and vaccinations

sormas-backend/src/main/java/de/symeda/sormas/backend/externalmessage/ExternalMessageFacadeEjb.java

@@ -104,7 +104,10 @@
 import de.symeda.sormas.backend.util.RightsAllowed;
 
 @Stateless(name = "ExternalMessageFacade")
-@RightsAllowed(UserRight._EXTERNAL_MESSAGE_VIEW)
+@RightsAllowed({
+	UserRight._EXTERNAL_MESSAGE_ACCESS,
+	UserRight._EXTERNAL_MESSAGE_LABORATORY_VIEW,
+	UserRight._EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW })
 public class ExternalMessageFacadeEjb implements ExternalMessageFacade {
 
 	private final Logger logger = LoggerFactory.getLogger(getClass());
@@ -417,13 +420,17 @@ public ExternalMessageDto getByUuid(String uuid) {
 	}
 
 	@Override
-	@RightsAllowed(UserRight._EXTERNAL_MESSAGE_DELETE)
+	@RightsAllowed({
+		UserRight._EXTERNAL_MESSAGE_LABORATORY_DELETE,
+		UserRight._EXTERNAL_MESSAGE_DOCTOR_DECLARATION_DELETE })
 	public void delete(String uuid) {
 		externalMessageService.deletePermanent(externalMessageService.getByUuid(uuid));
 	}
 
 	@Override
-	@RightsAllowed(UserRight._EXTERNAL_MESSAGE_DELETE)
+	@RightsAllowed({
+		UserRight._EXTERNAL_MESSAGE_LABORATORY_DELETE,
+		UserRight._EXTERNAL_MESSAGE_DOCTOR_DECLARATION_DELETE })
 	public List<ProcessedEntity> delete(List<String> uuids) {
 		List<ProcessedEntity> processedExternalMessages = new ArrayList<>();
 		List<ExternalMessage> externalMessagesToBeDeleted = externalMessageService.getByUuids(uuids);
@@ -645,7 +652,9 @@ public Page<ExternalMessageIndexDto> getIndexPage(
 	@Override
 	@RightsAllowed({
 		UserRight._SYSTEM,
-		UserRight._EXTERNAL_MESSAGE_VIEW })
+		UserRight._EXTERNAL_MESSAGE_ACCESS,
+		UserRight._EXTERNAL_MESSAGE_LABORATORY_VIEW,
+		UserRight._EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW })
 	public ExternalMessageFetchResult fetchAndSaveExternalMessages(Date since) {
 
 		SystemEventDto currentSync = syncFacadeEjb.startSyncFor(SystemEventType.FETCH_EXTERNAL_MESSAGES);

sormas-backend/src/main/java/de/symeda/sormas/backend/externalmessage/ExternalMessageIndexDtoResultTransformer.java

@@ -21,7 +21,6 @@
 import org.hibernate.transform.ResultTransformer;
 
 import de.symeda.sormas.api.Disease;
-import de.symeda.sormas.api.disease.DiseaseVariant;
 import de.symeda.sormas.api.externalmessage.ExternalMessageIndexDto;
 import de.symeda.sormas.api.externalmessage.ExternalMessageStatus;
 import de.symeda.sormas.api.externalmessage.ExternalMessageType;

sormas-backend/src/main/java/de/symeda/sormas/backend/externalmessage/ExternalMessageService.java

@@ -1,5 +1,6 @@
 package de.symeda.sormas.backend.externalmessage;
 
+import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Collections;
 import java.util.List;
@@ -23,7 +24,9 @@
 import de.symeda.sormas.api.ReferenceDto;
 import de.symeda.sormas.api.caze.surveillancereport.SurveillanceReportReferenceDto;
 import de.symeda.sormas.api.externalmessage.ExternalMessageCriteria;
+import de.symeda.sormas.api.externalmessage.ExternalMessageType;
 import de.symeda.sormas.api.sample.SampleReferenceDto;
+import de.symeda.sormas.api.user.UserRight;
 import de.symeda.sormas.api.utils.DataHelper;
 import de.symeda.sormas.backend.ExtendedPostgreSQL94Dialect;
 import de.symeda.sormas.backend.caze.Case;
@@ -37,6 +40,7 @@
 import de.symeda.sormas.backend.externalmessage.labmessage.SampleReportService;
 import de.symeda.sormas.backend.sample.Sample;
 import de.symeda.sormas.backend.user.User;
+import de.symeda.sormas.backend.user.UserService;
 
 @Stateless
 @LocalBean
@@ -45,6 +49,9 @@ public class ExternalMessageService extends AdoServiceWithUserFilterAndJurisdict
 	@EJB
 	private SampleReportService sampleReportService;
 
+	@EJB
+	private UserService userService;
+
 	public ExternalMessageService() {
 		super(ExternalMessage.class);
 	}
@@ -67,17 +74,46 @@ public Predicate createUserFilter(CriteriaBuilder cb, CriteriaQuery cq, From<?,
 	}
 
 	/**
-	 * Creates a default filter that should be used as the basis of queries.
-	 * This essentially removes external messages linked to {@link DeletableAdo#isDeleted()} case/contact/event participants from the
-	 * queries.
+	 * Creates a default {@link Predicate} to be used as the basis for queries on {@link ExternalMessage}.
+	 * <p>
+	 * This filter excludes external messages that are linked to deleted cases or samples by checking the {@code deleted} flag
+	 * on associated {@link Case} and {@link Sample} entities. Additionally, it restricts the result to only include messages
+	 * of types that the current user is allowed to view, based on their {@link UserRight}s (e.g., laboratory or doctor declaration).
+	 * <p>
+	 * If the user does not have permission to view any message types, the filter will always evaluate to {@code false}
+	 * (i.e., return no results).
+	 *
+	 * @param cb
+	 *            the {@link CriteriaBuilder} used to construct the predicate
+	 * @param root
+	 *            the root entity in the criteria query
+	 * @return a predicate representing the default filter for external messages
 	 */
 	public Predicate createDefaultFilter(CriteriaBuilder cb, From<?, ExternalMessage> root) {
 		Path<Boolean> sampleDeleted =
 			root.join(ExternalMessage.SAMPLE_REPORTS, JoinType.LEFT).join(SampleReport.SAMPLE, JoinType.LEFT).get(Sample.DELETED);
 		Path<Boolean> caseDeleted =
 			root.join(ExternalMessage.SURVEILLANCE_REPORT, JoinType.LEFT).join(SurveillanceReport.CAZE, JoinType.LEFT).get(Case.DELETED);
 
-		return cb.and(cb.or(cb.isNull(sampleDeleted), cb.isFalse(sampleDeleted)), cb.or(cb.isNull(caseDeleted), cb.isFalse(caseDeleted)));
+		Predicate deletedFilter =
+			cb.and(cb.or(cb.isNull(sampleDeleted), cb.isFalse(sampleDeleted)), cb.or(cb.isNull(caseDeleted), cb.isFalse(caseDeleted)));
+
+		ArrayList<ExternalMessageType> messageTypes = new ArrayList<>();
+
+		if (userService.hasRight(UserRight.EXTERNAL_MESSAGE_LABORATORY_VIEW)) {
+			messageTypes.add(ExternalMessageType.LAB_MESSAGE);
+		}
+
+		if (userService.hasRight(UserRight.EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW)) {
+			messageTypes.add(ExternalMessageType.PHYSICIANS_REPORT);
+		}
+
+		if (messageTypes.isEmpty()) {
+			return cb.disjunction();
+		}
+
+		Predicate typeInFilter = root.get(ExternalMessage.TYPE).in(messageTypes);
+		return cb.and(deletedFilter, typeInFilter);
 	}
 
 	public Predicate buildCriteriaFilter(CriteriaBuilder cb, Root<ExternalMessage> labMessage, ExternalMessageCriteria criteria) {

sormas-backend/src/main/java/de/symeda/sormas/backend/externalmessage/labmessage/SampleReportFacadeEjb.java

@@ -15,6 +15,17 @@
 
 package de.symeda.sormas.backend.externalmessage.labmessage;
 
+import static java.util.stream.Collectors.toList;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.ejb.EJB;
+import javax.ejb.LocalBean;
+import javax.ejb.Stateless;
+import javax.validation.Valid;
+import javax.validation.constraints.NotNull;
+
 import de.symeda.sormas.api.externalmessage.labmessage.SampleReportDto;
 import de.symeda.sormas.api.externalmessage.labmessage.SampleReportFacade;
 import de.symeda.sormas.api.externalmessage.labmessage.SampleReportReferenceDto;
@@ -27,19 +38,10 @@
 import de.symeda.sormas.backend.util.DtoHelper;
 import de.symeda.sormas.backend.util.RightsAllowed;
 
-import javax.ejb.EJB;
-import javax.ejb.LocalBean;
-import javax.ejb.Stateless;
-import javax.validation.Valid;
-import javax.validation.constraints.NotNull;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import static java.util.stream.Collectors.toList;
-
 @Stateless(name = "SampleReportFacade")
-@RightsAllowed(UserRight._EXTERNAL_MESSAGE_PROCESS)
+@RightsAllowed({
+	UserRight._EXTERNAL_MESSAGE_LABORATORY_PROCESS,
+	UserRight._EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS })
 public class SampleReportFacadeEjb implements SampleReportFacade {
 
 	@EJB

sormas-backend/src/main/java/de/symeda/sormas/backend/externalmessage/labmessage/TestReportFacadeEjb.java

@@ -30,7 +30,9 @@
 import de.symeda.sormas.backend.util.RightsAllowed;
 
 @Stateless(name = "TestReportFacade")
-@RightsAllowed(UserRight._EXTERNAL_MESSAGE_PROCESS)
+@RightsAllowed({
+	UserRight._EXTERNAL_MESSAGE_LABORATORY_PROCESS,
+	UserRight._EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS })
 public class TestReportFacadeEjb implements TestReportFacade {
 
 	@EJB

sormas-backend/src/main/java/de/symeda/sormas/backend/sormastosormas/entities/externalmessage/SormasToSormasExternalMessageFacadeEjb.java

@@ -78,7 +78,7 @@ public class SormasToSormasExternalMessageFacadeEjb implements SormasToSormasExt
 	@Override
 	@RightsAllowed(UserRight._SORMAS_TO_SORMAS_SHARE)
 	public void sendExternalMessages(List<String> uuids, @Valid SormasToSormasOptionsDto options) throws SormasToSormasException {
-		if (!userService.hasRight(UserRight.EXTERNAL_MESSAGE_PROCESS)) {
+		if (!(userService.hasRight(UserRight.EXTERNAL_MESSAGE_LABORATORY_PROCESS) || userService.hasRight(UserRight.EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS))) {
 			throw new AccessDeniedException(I18nProperties.getString(Strings.errorForbidden));
 		}
 

sormas-backend/src/main/resources/META-INF/glassfish-ejb-jar.xml

@@ -858,23 +858,43 @@
     </security-role-mapping>
 
     <security-role-mapping>
-        <role-name>EXTERNAL_MESSAGE_VIEW</role-name>
-        <group-name>EXTERNAL_MESSAGE_VIEW</group-name>
+        <role-name>EXTERNAL_MESSAGE_PUSH</role-name>
+        <group-name>EXTERNAL_MESSAGE_PUSH</group-name>
     </security-role-mapping>
 
     <security-role-mapping>
-        <role-name>EXTERNAL_MESSAGE_PROCESS</role-name>
-        <group-name>EXTERNAL_MESSAGE_PROCESS</group-name>
+        <role-name>EXTERNAL_MESSAGE_ACCESS</role-name>
+        <group-name>EXTERNAL_MESSAGE_ACCESS</group-name>
     </security-role-mapping>
 
     <security-role-mapping>
-        <role-name>EXTERNAL_MESSAGE_PUSH</role-name>
-        <group-name>EXTERNAL_MESSAGE_PUSH</group-name>
+        <role-name>EXTERNAL_MESSAGE_LABORATORY_VIEW</role-name>
+        <group-name>EXTERNAL_MESSAGE_LABORATORY_VIEW</group-name>
+    </security-role-mapping>
+
+    <security-role-mapping>
+        <role-name>EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW</role-name>
+        <group-name>EXTERNAL_MESSAGE_DOCTOR_DECLARATION_VIEW</group-name>
+    </security-role-mapping>
+
+    <security-role-mapping>
+        <role-name>EXTERNAL_MESSAGE_LABORATORY_PROCESS</role-name>
+        <group-name>EXTERNAL_MESSAGE_LABORATORY_PROCESS</group-name>
+    </security-role-mapping>
+
+    <security-role-mapping>
+        <role-name>EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS</role-name>
+        <group-name>EXTERNAL_MESSAGE_DOCTOR_DECLARATION_PROCESS</group-name>
+    </security-role-mapping>
+
+    <security-role-mapping>
+        <role-name>EXTERNAL_MESSAGE_LABORATORY_DELETE</role-name>
+        <group-name>EXTERNAL_MESSAGE_LABORATORY_DELETE</group-name>
     </security-role-mapping>
 
     <security-role-mapping>
-        <role-name>EXTERNAL_MESSAGE_DELETE</role-name>
-        <group-name>EXTERNAL_MESSAGE_DELETE</group-name>
+        <role-name>EXTERNAL_MESSAGE_DOCTOR_DECLARATION_DELETE</role-name>
+        <group-name>EXTERNAL_MESSAGE_DOCTOR_DECLARATION_DELETE</group-name>
     </security-role-mapping>
 
     <security-role-mapping>