BB2-3889: Consolidate scopes during auth flow, set v2 scopes to default. (#1327)

jimmyfagan · web-flow · commit 4aa9dd795aed · 2025-05-06T15:15:34.000-04:00
* Consolidate scopes during auth flow, set v2 scopes to default.

* Fix failing test
diff --git a/apps/accounts/fixtures/scopes.json b/apps/accounts/fixtures/scopes.json
@@ -100,7 +100,7 @@
             "group": 5,
             "description": "Patient FHIR Resource",
             "protected_resources": "[\n \n [\n    \"GET\",\n   \"/v[12]/fhir/Patient[/?].*$\"\n  ]\n]",
-            "default": "False"
+            "default": "True"
         }
     },
     {
@@ -112,7 +112,7 @@
             "group": 5,
             "description": "Patient FHIR Resource",
             "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/Patient[/]?$\"\n  ]\n]",
-            "default": "False"
+            "default": "True"
         }
     },
     {
@@ -124,7 +124,7 @@
             "group": 5,
             "description": "Patient FHIR Resource",
             "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/Patient[/]?$\"\n  ],\n [\n    \"GET\",\n   \"/v[12]/fhir/Patient[/?].*$\"\n  ]\n]",
-            "default": "False"
+            "default": "True"
         }
     },
     {
@@ -136,7 +136,7 @@
             "group": 5,
             "description": "ExplanationOfBenefit FHIR Resource",
             "protected_resources": "[\n \n [\n    \"GET\",\n   \"/v[12]/fhir/ExplanationOfBenefit[/?].*$\"\n  ]\n]",
-            "default": "False"
+            "default": "True"
         }
     },
     {
@@ -148,7 +148,7 @@
             "group": 5,
             "description": "ExplanationOfBenefit FHIR Resource",
             "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/ExplanationOfBenefit[/]?$\"\n  ]\n]",
-            "default": "False"
+            "default": "True"
         }
     },
     {
@@ -160,7 +160,7 @@
             "group": 5,
             "description": "ExplanationOfBenefit FHIR Resource",
             "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/ExplanationOfBenefit[/]?$\"\n  ],\n  [\n    \"GET\",\n   \"/v[12]/fhir/ExplanationOfBenefit[/?].*$\"\n  ]\n]",
-            "default": "False"
+            "default": "True"
         }
     },
     {
@@ -172,7 +172,7 @@
             "group": 5,
             "description": "Coverage FHIR Resource",
             "protected_resources": "[\n \n [\n    \"GET\",\n   \"/v[12]/fhir/Coverage[/?].*$\"\n  ]\n]",
-            "default": "False"
+            "default": "True"
         }
     },
     {
@@ -184,7 +184,7 @@
             "group": 5,
             "description": "Coverage FHIR Resource",
             "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/Coverage[/]?$\"\n  ]\n]",
-            "default": "False"
+            "default": "True"
         }
     },
         {
@@ -196,7 +196,7 @@
             "group": 5,
             "description": "Coverage FHIR Resource",
             "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/Coverage[/]?$\"\n  ],\n  [\n    \"GET\",\n   \"/v[12]/fhir/Coverage[/?].*$\"\n  ]\n]",
-            "default": "False"
+            "default": "True"
         }
     },
     {
diff --git a/apps/capabilities/admin.py b/apps/capabilities/admin.py
@@ -5,5 +5,5 @@
 
 @admin.register(ProtectedCapability)
 class ProtectedCapabilityAdmin(admin.ModelAdmin):
-    list_display = ("title", "slug", "group")
+    list_display = ("title", "slug", "group", "default")
     search_fields = ("title", "slug", "group")
diff --git a/apps/capabilities/management/commands/create_blue_button_scopes.py b/apps/capabilities/management/commands/create_blue_button_scopes.py
@@ -89,7 +89,6 @@ def create_patient_read_capability(group, fhir_prefix, title="Read my general pa
                                                title=title,
                                                description=description,
                                                slug=smart_scope_string,
-                                               default=False,
                                                protected_resources=json.dumps(pr, indent=4))
     return c
 
@@ -108,7 +107,6 @@ def create_patient_search_capability(group,
                                                title=title,
                                                description=description,
                                                slug=smart_scope_string,
-                                               default=False,
                                                protected_resources=json.dumps(pr, indent=4))
     return c
 
@@ -129,7 +127,6 @@ def create_patient_read_search_capability(group,
                                                title=title,
                                                description=description,
                                                slug=smart_scope_string,
-                                               default=False,
                                                protected_resources=json.dumps(pr, indent=4))
     return c
 
@@ -161,7 +158,6 @@ def create_eob_read_capability(group, fhir_prefix, title="Read my Medicare claim
                                                title=title,
                                                description=description,
                                                slug=smart_scope_string,
-                                               default=False,
                                                protected_resources=json.dumps(pr, indent=4))
     return c
 
@@ -176,7 +172,6 @@ def create_eob_search_capability(group, fhir_prefix, title="Search my Medicare c
                                                title=title,
                                                description=description,
                                                slug=smart_scope_string,
-                                               default=False,
                                                protected_resources=json.dumps(pr, indent=4))
     return c
 
@@ -194,7 +189,6 @@ def create_eob_read_search_capability(group, fhir_prefix, title="Read and search
                                                title=title,
                                                description=description,
                                                slug=smart_scope_string,
-                                               default=False,
                                                protected_resources=json.dumps(pr, indent=4))
     return c
 
@@ -228,7 +222,6 @@ def create_coverage_read_capability(group,
                                                title=title,
                                                description=description,
                                                slug=smart_scope_string,
-                                               default=False,
                                                protected_resources=json.dumps(pr, indent=4))
     return c
 
@@ -246,7 +239,6 @@ def create_coverage_search_capability(group,
                                                title=title,
                                                description=description,
                                                slug=smart_scope_string,
-                                               default=False,
                                                protected_resources=json.dumps(pr, indent=4))
     return c
 
@@ -265,7 +257,6 @@ def create_coverage_read_search_capability(group,
                                                title=title,
                                                description=description,
                                                slug=smart_scope_string,
-                                               default=False,
                                                protected_resources=json.dumps(pr, indent=4))
     return c
 
diff --git a/apps/dot_ext/forms.py b/apps/dot_ext/forms.py
@@ -9,6 +9,7 @@
 from oauth2_provider.models import get_application_model
 from apps.accounts.models import UserProfile
 from apps.capabilities.models import ProtectedCapability
+from apps.dot_ext.scopes import CapabilitiesScopes
 from apps.dot_ext.models import Application, InternalApplicationLabels
 from apps.dot_ext.validators import validate_logo_image, validate_notags
 from django.contrib.auth.models import Group, User
@@ -339,15 +340,11 @@ def clean(self):
         if scope is None:
             cleaned_data["scope"] = ""
             scope = ""
-
-        # Remove demographic information scopes, if beneficiary is not sharing
-        if cleaned_data.get("share_demographic_scopes") != "True":
-            cleaned_data["scope"] = " ".join(
-                [
-                    s
-                    for s in scope.split(" ")
-                    if s not in settings.BENE_PERSONAL_INFO_SCOPES
-                ]
-            )
+        else:
+            cleaned_scope_list = CapabilitiesScopes().condense_scopes(scope.split(" "))
+            # Remove demographic information scopes, if beneficiary is not sharing
+            if cleaned_data.get("share_demographic_scopes") != "True":
+                cleaned_scope_list = CapabilitiesScopes().remove_demographic_scopes(cleaned_scope_list)
+            cleaned_data["scope"] = " ".join(cleaned_scope_list)
 
         return cleaned_data
diff --git a/apps/dot_ext/scopes.py b/apps/dot_ext/scopes.py
@@ -34,12 +34,7 @@ def get_available_scopes(self, application=None, request=None, *args, **kwargs):
             # Return all scopes
             return app_scopes_avail
         else:
-            # Remove personal information scopes
-            app_scopes = []
-            for s in app_scopes_avail:
-                if s not in settings.BENE_PERSONAL_INFO_SCOPES:
-                    app_scopes.append(s)
-            return app_scopes
+            return self.remove_demographic_scopes(app_scopes_avail)
 
     def get_default_scopes(self, application=None, request=None, *args, **kwargs):
         """
@@ -59,9 +54,38 @@ def get_default_scopes(self, application=None, request=None, *args, **kwargs):
             # Return all scopes
             return app_scopes_default
         else:
-            # Remove personal information scopes
-            app_scopes = []
-            for s in app_scopes_default:
-                if s not in settings.BENE_PERSONAL_INFO_SCOPES:
-                    app_scopes.append(s)
-            return app_scopes
+            return self.remove_demographic_scopes(app_scopes_default)
+
+    def condense_scopes(self, scopes):
+        """
+        Returns a list based on the provided list of scopes with redundant scopes consolidated
+        """
+        out_scopes = set(scopes)
+
+        # Consolidate v2 resource scopes
+        if "patient/Patient.rs" in scopes or ("patient/Patient.r" in scopes and "patient/Patient.s" in scopes):
+            out_scopes.add("patient/Patient.rs")
+            out_scopes.discard("patient/Patient.r")
+            out_scopes.discard("patient/Patient.s")
+        if "patient/Coverage.rs" in scopes or ("patient/Coverage.r" in scopes and "patient/Coverage.s" in scopes):
+            out_scopes.add("patient/Coverage.rs")
+            out_scopes.discard("patient/Coverage.r")
+            out_scopes.discard("patient/Coverage.s")
+        if "patient/ExplanationOfBenefit.rs" in scopes or \
+                ("patient/ExplanationOfBenefit.r" in scopes and "patient/ExplanationOfBenefit.s" in scopes):
+            out_scopes.add("patient/ExplanationOfBenefit.rs")
+            out_scopes.discard("patient/ExplanationOfBenefit.r")
+            out_scopes.discard("patient/ExplanationOfBenefit.s")
+
+        return list(out_scopes)
+
+    def remove_demographic_scopes(self, scopes):
+        """
+        Returns a list of all of the provided list except with personal info scopes removed
+        """
+        # Remove personal information scopes
+        out_scopes = []
+        for s in scopes:
+            if s not in settings.BENE_PERSONAL_INFO_SCOPES:
+                out_scopes.append(s)
+        return out_scopes
diff --git a/apps/dot_ext/tests/demographic_scopes_test_cases.py b/apps/dot_ext/tests/demographic_scopes_test_cases.py
@@ -32,6 +32,13 @@
     'patient/launch',
     'openid'
 ]
+V2_SCOPES_ALL_CONDENSED = [
+    'patient/Patient.rs',
+    'patient/ExplanationOfBenefit.rs',
+    'patient/Coverage.rs',
+    'patient/launch',
+    'openid'
+]
 V2_SCOPES_NON_DEMOGRAPHIC = [
     'patient/ExplanationOfBenefit.r',
     'patient/ExplanationOfBenefit.s',
@@ -42,6 +49,12 @@
     'patient/launch',
     'openid'
 ]
+V2_SCOPES_NON_DEMOGRAPHIC_CONDENSED = [
+    'patient/ExplanationOfBenefit.rs',
+    'patient/Coverage.rs',
+    'patient/launch',
+    'openid'
+]
 
 # Scope to base URL PATH mapping.
 SCOPES_TO_URL_BASE_PATH = {
@@ -171,15 +184,15 @@
         "request_scopes": V2_SCOPES_ALL,
         # Result:
         "result_form_is_valid": True,
-        "result_token_scopes_granted": V2_SCOPES_ALL,
+        "result_token_scopes_granted": V2_SCOPES_ALL_CONDENSED,
     },
     "test 11: share = False v2 Scopes": {
         # Request:
         "request_bene_share_demographic_scopes": False,
         "request_scopes": V2_SCOPES_ALL,
         # Result:
         "result_form_is_valid": True,
-        "result_token_scopes_granted": V2_SCOPES_NON_DEMOGRAPHIC,
+        "result_token_scopes_granted": V2_SCOPES_NON_DEMOGRAPHIC_CONDENSED,
     },
 }
 
diff --git a/apps/dot_ext/tests/test_scopes.py b/apps/dot_ext/tests/test_scopes.py
@@ -78,3 +78,35 @@ def test_backend_works_with_no_capabilities(self):
         # retrieve the list of the scopes available for the application
         default_scopes = CapabilitiesScopes().get_default_scopes(application=application)
         assert default_scopes == []
+
+    def test_condense_scopes(self):
+        """
+        Test that v2 scopes get properly condensed
+        """
+        scopes = [
+            'patient/Patient.r',
+            'patient/Patient.s',
+            'patient/Patient.rs',
+            'patient/Coverage.s',
+            'patient/Coverage.rs',
+            'patient/ExplanationOfBenefit.r',
+            'patient/ExplanationOfBenefit.s'
+        ]
+        condensed_scopes = CapabilitiesScopes().condense_scopes(scopes)
+        assert len(condensed_scopes) == 3
+        assert 'patient/Patient.rs' in condensed_scopes
+        assert 'patient/Coverage.rs' in condensed_scopes
+        assert 'patient/ExplanationOfBenefit.rs' in condensed_scopes
+        scopes = [
+            'patient/Patient.r',
+            'patient/Coverage.s',
+            'patient/Coverage.rs',
+            'patient/ExplanationOfBenefit.s',
+            'profile'
+        ]
+        condensed_scopes = CapabilitiesScopes().condense_scopes(scopes)
+        assert len(condensed_scopes) == 4
+        assert 'patient/Patient.r' in condensed_scopes
+        assert 'patient/Coverage.rs' in condensed_scopes
+        assert 'patient/ExplanationOfBenefit.s' in condensed_scopes
+        assert 'profile' in condensed_scopes

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@`
`100`	`100`	`"group": 5,`
`101`	`101`	`"description": "Patient FHIR Resource",`
`102`	`102`	`"protected_resources": "[\n \n [\n \"GET\",\n \"/v[12]/fhir/Patient[/?].*$\"\n ]\n]",`
`103`		`- "default": "False"`
	`103`	`+ "default": "True"`
`104`	`104`	`}`
`105`	`105`	`},`
`106`	`106`	`{`
`@@ -112,7 +112,7 @@`
`112`	`112`	`"group": 5,`
`113`	`113`	`"description": "Patient FHIR Resource",`
`114`	`114`	`"protected_resources": "[\n [\n \"GET\",\n \"/v[12]/fhir/Patient[/]?$\"\n ]\n]",`
`115`		`- "default": "False"`
	`115`	`+ "default": "True"`
`116`	`116`	`}`
`117`	`117`	`},`
`118`	`118`	`{`
`@@ -124,7 +124,7 @@`
`124`	`124`	`"group": 5,`
`125`	`125`	`"description": "Patient FHIR Resource",`
`126`	`126`	`"protected_resources": "[\n [\n \"GET\",\n \"/v[12]/fhir/Patient[/]?$\"\n ],\n [\n \"GET\",\n \"/v[12]/fhir/Patient[/?].*$\"\n ]\n]",`
`127`		`- "default": "False"`
	`127`	`+ "default": "True"`
`128`	`128`	`}`
`129`	`129`	`},`
`130`	`130`	`{`
`@@ -136,7 +136,7 @@`
`136`	`136`	`"group": 5,`
`137`	`137`	`"description": "ExplanationOfBenefit FHIR Resource",`
`138`	`138`	`"protected_resources": "[\n \n [\n \"GET\",\n \"/v[12]/fhir/ExplanationOfBenefit[/?].*$\"\n ]\n]",`
`139`		`- "default": "False"`
	`139`	`+ "default": "True"`
`140`	`140`	`}`
`141`	`141`	`},`
`142`	`142`	`{`
`@@ -148,7 +148,7 @@`
`148`	`148`	`"group": 5,`
`149`	`149`	`"description": "ExplanationOfBenefit FHIR Resource",`
`150`	`150`	`"protected_resources": "[\n [\n \"GET\",\n \"/v[12]/fhir/ExplanationOfBenefit[/]?$\"\n ]\n]",`
`151`		`- "default": "False"`
	`151`	`+ "default": "True"`
`152`	`152`	`}`
`153`	`153`	`},`
`154`	`154`	`{`
`@@ -160,7 +160,7 @@`
`160`	`160`	`"group": 5,`
`161`	`161`	`"description": "ExplanationOfBenefit FHIR Resource",`
`162`	`162`	`"protected_resources": "[\n [\n \"GET\",\n \"/v[12]/fhir/ExplanationOfBenefit[/]?$\"\n ],\n [\n \"GET\",\n \"/v[12]/fhir/ExplanationOfBenefit[/?].*$\"\n ]\n]",`
`163`		`- "default": "False"`
	`163`	`+ "default": "True"`
`164`	`164`	`}`
`165`	`165`	`},`
`166`	`166`	`{`
`@@ -172,7 +172,7 @@`
`172`	`172`	`"group": 5,`
`173`	`173`	`"description": "Coverage FHIR Resource",`
`174`	`174`	`"protected_resources": "[\n \n [\n \"GET\",\n \"/v[12]/fhir/Coverage[/?].*$\"\n ]\n]",`
`175`		`- "default": "False"`
	`175`	`+ "default": "True"`
`176`	`176`	`}`
`177`	`177`	`},`
`178`	`178`	`{`
`@@ -184,7 +184,7 @@`
`184`	`184`	`"group": 5,`
`185`	`185`	`"description": "Coverage FHIR Resource",`
`186`	`186`	`"protected_resources": "[\n [\n \"GET\",\n \"/v[12]/fhir/Coverage[/]?$\"\n ]\n]",`
`187`		`- "default": "False"`
	`187`	`+ "default": "True"`
`188`	`188`	`}`
`189`	`189`	`},`
`190`	`190`	`{`
`@@ -196,7 +196,7 @@`
`196`	`196`	`"group": 5,`
`197`	`197`	`"description": "Coverage FHIR Resource",`
`198`	`198`	`"protected_resources": "[\n [\n \"GET\",\n \"/v[12]/fhir/Coverage[/]?$\"\n ],\n [\n \"GET\",\n \"/v[12]/fhir/Coverage[/?].*$\"\n ]\n]",`
`199`		`- "default": "False"`
	`199`	`+ "default": "True"`
`200`	`200`	`}`
`201`	`201`	`},`
`202`	`202`	`{`