You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
🔴 Bug 1 — Flyway version conflict (startup will fail)
V11__add_exam_queue.sql conflicts with V11__update_appointment_date.sql already on main. After merge, two V11 files in db/migration/ → Flyway refuses to start. Rename to V14__add_exam_queue.sql.
🔴 Bug 2 — @Transactional on doProcess() is ignored (self-invocation)
doProcess() is called internally from BaseService.execute() via this.doProcess() — Spring's AOP proxy never intercepts it, so @Transactional has no effect. The countByDateWithLock (FOR UPDATE) and save() run in separate auto-committed transactions, making the pessimistic lock completely useless. Two concurrent requests can both read count = 0 and both assign position = 1.
Fix: override execute() with @Transactional, same pattern as the other services:
privatePatientInfopatient; // JPA entity in request body
The client sends a full PatientInfo JSON object. The service then uses request.getPatient() directly to build QueueInfo — the patient data stored in the queue comes from the HTTP request, not from the database.
Change to private UUID patientId, then resolve the entity in the service:
GET, PATCH, DELETE all have @PreAuthorize("hasAnyRole('RECEPTIONIST', 'ADMIN')"). POST does not — anyone can add patients to the queue unauthenticated.
Design issue — Queue is disconnected from the appointment system
This is the bigger problem. QueueInfo only links to patient — no appointment_id, no doctor, no schedule_id.
What this means in practice:
Hospital has 10 doctors working the same shift → all their patients go into a single global queue
GET /exam-queue returns everyone's patients mixed together — a doctor sees patients that aren't theirs
A patient can be added to the queue without any appointment existing — completely bypasses the appointment system we already built
How it should work:
The queue is the physical check-in layer on top of the appointment system. When a patient arrives, the receptionist finds their appointment for today and adds them to that doctor's queue.
QueueInfo should reference appointment_id (FK → appointment). From the appointment you already have: patient, doctor, date, shift — no need to store date separately. GET /exam-queue for a DOCTOR role filters by doctorId from JWT, not a global date dump.
Correct flow:
Patient arrives → Receptionist finds today's appointment →
Add to queue (linked to appointment_id) → Doctor calls: WAITING → IN_PROGRESS → DONE
State machine is also missing validation — currently UpdateQueueService allows any transition: DONE → WAITING, CANCELLED → IN_PROGRESS, etc. Need to define valid transitions and enforce them.
Please redesign QueueInfo with appointment_id FK before merging. Happy to discuss the schema if needed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.