modifying protected capability statements and permission checking

Author: clewellyn-nava

apps/authorization/permissions.py

@@ -9,7 +9,7 @@ class DataAccessGrantPermission(permissions.BasePermission):
     """
     Permission check for a Grant related to the token used.
     """
-    def has_permission(self, request, view):
+    def has_permission(self, request, view) -> bool:  # type: ignore
         dag = None
         try:
             dag = DataAccessGrant.objects.get(

apps/capabilities/management/commands/create_blue_button_scopes.py

@@ -260,6 +260,20 @@ def create_coverage_read_search_capability(group,
                                                protected_resources=json.dumps(pr, indent=4))
     return c
 
+def create_insurance_card_capability(group, fhir_prefix, title="Digital Insurance Card access."):
+    c = None
+    description = "Digital Insurance Card"
+    # TODO - this is not a real FHIR resource or scope, decision on how we want ot handle this
+    smart_scope_string = "patient/DigitalInsuranceCard.read"
+    pr = []
+    pr.append(["GET", "%sDigitalInsuranceCard[/]?$" % fhir_prefix])
+    if not ProtectedCapability.objects.filter(slug=smart_scope_string).exists():
+        c = ProtectedCapability.objects.create(group=group,
+                                               title=title,
+                                               description=description,
+                                               slug=smart_scope_string,
+                                               protected_resources=json.dumps(pr, indent=4))
+    return c
 
 def create_launch_capability(group, fhir_prefix, title="Patient launch context."):
 
@@ -296,5 +310,6 @@ def handle(self, *args, **options):
         create_coverage_read_capability(g, fhir_prefix)
         create_coverage_search_capability(g, fhir_prefix)
         create_coverage_read_search_capability(g, fhir_prefix)
+        create_insurance_card_capability(g, fhir_prefix)
         create_launch_capability(g, fhir_prefix)
         create_openid_capability(g)

apps/capabilities/permissions.py

@@ -16,7 +16,7 @@ class BBCapabilitiesPermissionTokenScopeMissingException(APIException):
 
 class TokenHasProtectedCapability(permissions.BasePermission):
 
-    def has_permission(self, request, view):
+    def has_permission(self, request, view) -> bool:  # type: ignore
         token = request.auth
         access_token_query_param = request.GET.get("access_token", None)
 

apps/fhir/bluebutton/constants.py

@@ -1,3 +1,3 @@
-ALLOWED_RESOURCE_TYPES = ['Patient', 'Coverage', 'ExplanationOfBenefit']
+ALLOWED_RESOURCE_TYPES = ['Patient', 'Coverage', 'ExplanationOfBenefit', 'Bundle']
 DEFAULT_PAGE_SIZE = 10
 MAX_PAGE_SIZE = 50

apps/fhir/bluebutton/permissions.py

@@ -72,7 +72,7 @@ def has_object_permission(self, request, view, obj):
 
 
 class SearchCrosswalkPermission(HasCrosswalk):
-    def has_object_permission(self, request, view, obj):  # type: ignore
+    def has_object_permission(self, request, view, obj) -> bool:  # type: ignore
         if view.version in Versions.supported_versions():
             patient_id = request.crosswalk.fhir_id(view.version)
         else:

apps/fhir/bluebutton/utils.py

@@ -323,7 +323,8 @@ def notNone(value=None, default=None):
 
 def FhirServerAuth() -> dict:
     """Helper class to modify cert paths if client_auth is true
-    TODO - this can probably be refactored or removed, rolled into the FHIRServerSettings class
+    TODO - this can probably be refactored or removed, rolled into the FHIRServerSettings class, all it does is a conditional
+           settings check
 
     Returns:
         dict: A dictionary with the following:

apps/fhir/bluebutton/v3/urls.py

@@ -54,6 +54,7 @@
     ),
     # C4DIC
     # Digital Insurance Card ViewSet
+    # TODO - Change the URI for this endpoint when we finalize
     re_path(
         r'DigitalInsuranceCard[/]?',
         waffle_switch('v3_endpoints')(DigitalInsuranceCardViewSet.as_view({'get': 'list'}, version=3)),

apps/fhir/bluebutton/views/insurancecard.py

@@ -48,13 +48,13 @@ def build_parameters(self, request):
             '_format': 'application/json+fhir'
         }
 
-    def build_url(self, fhir_settings, resource_type, resource_id, **kwargs):  # type: ignore
+    def build_url(self, fhir_settings, resource_type, resource_id=None, *args, **kwargs):
         if fhir_settings.fhir_url.endswith('v1/fhir/'):
             # only if called by tests
-            return '{}{}/{}/'.format(fhir_settings.fhir_url, resource_type, resource_id)
+            return f"{fhir_settings.fhir_url}{resource_type}/"
         else:
-            if self.version == 3 and fhir_settings.fhir_url_v3:
+            if self.version == 3 and getattr(fhir_settings, 'fhir_url_v3', None):
                 fhir_url = fhir_settings.fhir_url_v3
             else:
                 fhir_url = fhir_settings.fhir_url
-            return f'{fhir_url}/v{self.version}/fhir/{resource_type}/{resource_id}/'
+            return f"{fhir_url}/v{self.version}/fhir/Patient/{resource_id}/$generate-insurance-card"

apps/fhir/bluebutton/views/insurancecard_viewset.py

@@ -67,5 +67,4 @@ def build_url(self, fhir_settings, resource_type, resource_id=None, *args, **kwa
                 fhir_url = fhir_settings.fhir_url_v3
             else:
                 fhir_url = fhir_settings.fhir_url
-
-            return f"{fhir_url}/v{self.version}/fhir/{resource_type}/"
+            return f"{fhir_url}/v{self.version}/fhir/Patient/{resource_id}/$generate-insurance-card"

apps/fhir/bluebutton/views/patient_viewset.py

@@ -59,7 +59,7 @@ def get_permissions(self):
         return [p() for p in perm_classes]
 
     def list(self, request, *args, **kwargs):
-        '''Equivalent to get() in FhirDataView'''
+        '''Equivalent to get()/search in FhirDataView'''
         out = self.fetch_data(request, self.resource_type, *args, **kwargs)
         return Response(out)