Introduce waffle switch for coverage-only, coverage-only logic (#1365)

* Introduce waffle switch for coverage-only, coverage-only logic

* Use slug instead of label for internal logic

* Retrigger CI checks

Author: jimmyfagan

apps/capabilities/permissions.py

@@ -1,6 +1,7 @@
 import json
 import re
 
+from apps.dot_ext.scopes import CapabilitiesScopes
 from rest_framework import permissions, status
 from rest_framework.exceptions import APIException, ParseError
 from waffle import switch_is_active
@@ -33,6 +34,11 @@ def has_permission(self, request, view):
 
         if hasattr(token, "scope"):  # OAuth 2
             token_scopes = token.scope.split()
+
+            if switch_is_active("enable_coverage_only"):
+                if "coverage-eligibility" in request.auth.application.get_internal_application_labels():
+                    token_scopes = CapabilitiesScopes().remove_eob_scopes(token_scopes)
+
             scopes = list(ProtectedCapability.objects.filter(
                 slug__in=token_scopes
             ).values_list('protected_resources', flat=True).all())

apps/core/management/commands/create_test_feature_switches.py

@@ -20,6 +20,7 @@
     ("bfd_v3_connectathon", True, "This enables the bfd v3 features for connectathon demo"),
     ("require_state", True, "This enforces the presence of the state parameter when authorizing"),
     ("require_pkce", True, "This enforces the presence of the PKCE parameters code_challenge and code_challenge_method when authorizing"),
+    ("enable_coverage_only", True, "This enables the coverage-only use case."),
 )
 
 WAFFLE_FEATURE_FLAGS = (

apps/dot_ext/models.py

@@ -212,7 +212,7 @@ def scopes(self):
         return " ".join(scope_list).strip()
 
     def get_internal_application_labels(self):
-        return "\n".join([lb.label for lb in self.internal_application_labels.all()])
+        return "\n".join([lb.slug for lb in self.internal_application_labels.all()])
 
     def is_valid(self, scopes=None):
         return self.active and self.allow_scopes(scopes)

apps/dot_ext/scopes.py

@@ -2,6 +2,7 @@
 from django.db.models import Q
 from oauth2_provider.scopes import BaseScopes
 from apps.capabilities.models import ProtectedCapability
+from waffle import switch_is_active
 
 
 class CapabilitiesScopes(BaseScopes):
@@ -29,6 +30,10 @@ def get_available_scopes(self, application=None, request=None, *args, **kwargs):
             ProtectedCapability.objects.filter(Q(default=True) | Q(application=application))
                                        .values_list('slug', flat=True).distinct())
 
+        if switch_is_active("enable_coverage_only"):
+            if "coverage-eligibility" in application.get_internal_application_labels():
+                app_scopes_avail = self.remove_eob_scopes(app_scopes_avail)
+
         # Set scopes based on application choice. Default behavior is True, if it hasn't been set yet.
         if application.require_demographic_scopes in [True, None]:
             # Return all scopes
@@ -49,6 +54,10 @@ def get_default_scopes(self, application=None, request=None, *args, **kwargs):
         app_scopes_default = list(ProtectedCapability.objects.filter(default=True)
                                                              .values_list('slug', flat=True))
 
+        if switch_is_active("enable_coverage_only"):
+            if "coverage-eligibility" in application.get_internal_application_labels():
+                app_scopes_default = self.remove_eob_scopes(app_scopes_default)
+
         # Set scopes based on application choice. Default behavior is True, if it hasn't been set yet.
         if application.require_demographic_scopes in [True, None]:
             # Return all scopes
@@ -89,3 +98,14 @@ def remove_demographic_scopes(self, scopes):
             if s not in settings.BENE_PERSONAL_INFO_SCOPES:
                 out_scopes.append(s)
         return out_scopes
+
+    def remove_eob_scopes(self, scopes):
+        """
+        Returns a list based on the provided list of scopes with eob scopes removed
+        """
+        out_scopes = set(scopes)
+        out_scopes.discard("patient/ExplanationOfBenefit.r")
+        out_scopes.discard("patient/ExplanationOfBenefit.s")
+        out_scopes.discard("patient/ExplanationOfBenefit.rs")
+        out_scopes.discard("patient/ExplanationOfBenefit.read")
+        return out_scopes

apps/dot_ext/tests/test_models.py

@@ -252,10 +252,10 @@ def test_internal_application_labels_getter(self):
         l11 = internal_labels[10]
         test_app.internal_application_labels.add(l1, l3, l5)
         labels = test_app.get_internal_application_labels()
-        self.assertTrue(l1.label in labels)
-        self.assertTrue(l3.label in labels)
-        self.assertTrue(l5.label in labels)
-        self.assertTrue(not (l11.label in labels))
+        self.assertTrue(l1.slug in labels)
+        self.assertTrue(l3.slug in labels)
+        self.assertTrue(l5.slug in labels)
+        self.assertTrue(not (l11.slug in labels))
 
     def test_internal_application_labels_admin(self):
         """
@@ -290,7 +290,7 @@ def test_internal_application_labels_admin(self):
         self.assertIn('internal_application_labels', str(field_sets))
 
         internal_labels = app_admin.get_internal_application_labels(test_app)
-        self.assertTrue(l1.label in internal_labels)
-        self.assertTrue(l3.label in internal_labels)
-        self.assertTrue(l5.label in internal_labels)
-        self.assertTrue(l11.label not in internal_labels)
+        self.assertTrue(l1.slug in internal_labels)
+        self.assertTrue(l3.slug in internal_labels)
+        self.assertTrue(l5.slug in internal_labels)
+        self.assertTrue(l11.slug not in internal_labels)