BB2-3720: Add v2 scopes (#1305)

* Adds v2 scopes

* Tweaked scopes

* Added capability update

* Fixed titles in scopes.json.

* Fix comment typo

* Corrected default settings and added to personal scopes

* Addressed feedback

* Added A.D.'s clarifications

* Added test case for new scopes. fixed outstanding typos

Author: loganbertram

apps/accounts/fixtures/scopes.json

@@ -63,7 +63,6 @@
             "slug": "token_management",
             "group": 5,
             "description": "Allow an app to manage all of a user's tokens.",
-            "protected_resources": "[]",
             "protected_resources": "[[\"GET\", \"/some-url\"]]",
             "default": "False"
         }
@@ -76,7 +75,6 @@
             "slug": "token_introspect",
             "group": 5,
             "description": "Allow an app to introspect a user's tokens.",
-            "protected_resources": "[]",
             "protected_resources": "[[\"POST\", \"/v[12]/o/introspect\"]]",
             "default": "False"
         }
@@ -85,12 +83,132 @@
         "model": "capabilities.protectedcapability",
         "pk": 7,
         "fields": {
-            "title": "openid",
+            "title": "Openid profile permissions.",
             "slug": "openid",
             "group": 5,
             "description": "Enables user authentication and provides a unique identifier with basic profile info.",
             "protected_resources": "[]",
             "default": "True"
         }
+    },
+    {
+        "model": "capabilities.protectedcapability",
+        "pk": 8,
+        "fields": {
+            "title": "Read my general patient and demographic information.",
+            "slug": "patient/Patient.r",
+            "group": 5,
+            "description": "Patient FHIR Resource",
+            "protected_resources": "[\n \n [\n    \"GET\",\n   \"/v[12]/fhir/Patient[/?].*$\"\n  ]\n]",
+            "default": "False"
+        }
+    },
+    {
+        "model": "capabilities.protectedcapability",
+        "pk": 9,
+        "fields": {
+            "title": "Search my general patient and demographic information.",
+            "slug": "patient/Patient.s",
+            "group": 5,
+            "description": "Patient FHIR Resource",
+            "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/Patient[/]?$\"\n  ]\n]",
+            "default": "False"
+        }
+    },
+    {
+        "model": "capabilities.protectedcapability",
+        "pk": 10,
+        "fields": {
+            "title": "Read and search my general patient and demographic information.",
+            "slug": "patient/Patient.rs",
+            "group": 5,
+            "description": "Patient FHIR Resource",
+            "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/Patient[/]?$\"\n  ],\n [\n    \"GET\",\n   \"/v[12]/fhir/Patient[/?].*$\"\n  ]\n]",
+            "default": "False"
+        }
+    },
+    {
+        "model": "capabilities.protectedcapability",
+        "pk": 11,
+        "fields": {
+            "title": "Read my Medicare claim information.",
+            "slug": "patient/ExplanationOfBenefit.r",
+            "group": 5,
+            "description": "ExplanationOfBenefit FHIR Resource",
+            "protected_resources": "[\n \n [\n    \"GET\",\n   \"/v[12]/fhir/ExplanationOfBenefit[/?].*$\"\n  ]\n]",
+            "default": "False"
+        }
+    },
+    {
+        "model": "capabilities.protectedcapability",
+        "pk": 12,
+        "fields": {
+            "title": "Search my Medicare claim information.",
+            "slug": "patient/ExplanationOfBenefit.s",
+            "group": 5,
+            "description": "ExplanationOfBenefit FHIR Resource",
+            "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/ExplanationOfBenefit[/]?$\"\n  ]\n]",
+            "default": "False"
+        }
+    },
+    {
+        "model": "capabilities.protectedcapability",
+        "pk": 13,
+        "fields": {
+            "title": "Read and search my Medicare claim information.",
+            "slug": "patient/ExplanationOfBenefit.rs",
+            "group": 5,
+            "description": "ExplanationOfBenefit FHIR Resource",
+            "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/ExplanationOfBenefit[/]?$\"\n  ],\n  [\n    \"GET\",\n   \"/v[12]/fhir/ExplanationOfBenefit[/?].*$\"\n  ]\n]",
+            "default": "False"
+        }
+    },
+    {
+        "model": "capabilities.protectedcapability",
+        "pk": 14,
+        "fields": {
+            "title": "Read my Medicare and supplemental coverage information.",
+            "slug": "patient/Coverage.r",
+            "group": 5,
+            "description": "Coverage FHIR Resource",
+            "protected_resources": "[\n \n [\n    \"GET\",\n   \"/v[12]/fhir/Coverage[/?].*$\"\n  ]\n]",
+            "default": "False"
+        }
+    },
+    {
+        "model": "capabilities.protectedcapability",
+        "pk": 15,
+        "fields": {
+            "title": "Search my Medicare and supplemental coverage information.",
+            "slug": "patient/Coverage.s",
+            "group": 5,
+            "description": "Coverage FHIR Resource",
+            "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/Coverage[/]?$\"\n  ]\n]",
+            "default": "False"
+        }
+    },
+        {
+        "model": "capabilities.protectedcapability",
+        "pk": 16,
+        "fields": {
+            "title": "Read and search my Medicare and supplemental coverage information.",
+            "slug": "patient/Coverage.rs",
+            "group": 5,
+            "description": "Coverage FHIR Resource",
+            "protected_resources": "[\n  [\n    \"GET\",\n   \"/v[12]/fhir/Coverage[/]?$\"\n  ],\n  [\n    \"GET\",\n   \"/v[12]/fhir/Coverage[/?].*$\"\n  ]\n]",
+            "default": "False"
+        }
+    },
+    {
+        "model": "capabilities.protectedcapability",
+        "pk": 17,
+        "fields": {
+            "title": "Patient launch context.",
+            "slug": "launch/patient",
+            "group": 5,
+            "description": "Launch with FHIR Patient context.",
+            "protected_resources": "[]",
+            "default": "False"
+        }
     }
 ]

apps/authorization/tests/test_data_access_grant_permissions.py

@@ -154,6 +154,13 @@ def _assert_call_all_fhir_endpoints(
         The asserts will check for the expected_response_code
         and expected_response_detail_mesg to match.
         """
+        try:
+            ac = AccessToken.objects.get(token=access_token)
+            ac.scope = 'patient/Coverage.read patient/Patient.read patient/ExplanationOfBenefit.read'
+            ac.save()
+        except Exception:
+            pass
+
         # Test profile/userinfo v1
         response = self.client.get(
             "/v1/connect/userinfo", headers={"authorization": "Bearer " + access_token}