Merge branch 'master' into bug/NPA-4704/add-provision-actor-to-post-consent-schema

Author: LeoKHoward

proxies/live/apiproxy/resources/py/check-app-enabled-endpoint.py

@@ -1,12 +1,14 @@
 path_suffix = flow.getVariable("proxy.pathsuffix").lower()
 request_verb = flow.getVariable("request.verb").lower()
 
-requested_endpoint = (path_suffix, request_verb)
-
-
-auth_forbidden = requested_endpoint in [
+blocked_resources = [
     ("/fhir/r4/relatedperson", "get"),
     ("/fhir/r4/questionnaireresponse", "post"),
 ]
 
+auth_forbidden = False
+for blocked_resources in blocked_resources:
+    if blocked_resources[0] in path_suffix and blocked_resources[1] == request_verb:
+        auth_forbidden = True
+
 flow.setVariable("app_auth_forbidden", auth_forbidden)

proxies/live/apiproxy/resources/py/check-user-enabled-endpoint.py

@@ -2,15 +2,16 @@
 path_suffix = flow.getVariable("proxy.pathsuffix").lower()
 request_verb = flow.getVariable("request.verb").lower()
 
-requested_resource = (path_suffix, request_verb)
-
 if auth_level == "p9":
     blocked_resources = [("/fhir/r4/consent", "post"), ("/fhir/r4/consent", "patch")]
 elif auth_level == "all3":
     blocked_resources = [("/fhir/r4/questionnaireresponse", "post")]
 else:
     blocked_resources = []
 
-auth_forbidden = requested_resource in blocked_resources
+auth_forbidden = False
+for blocked_resources in blocked_resources:
+    if blocked_resources[0] in path_suffix and blocked_resources[1] == request_verb:
+        auth_forbidden = True
 
 flow.setVariable("user_auth_forbidden", auth_forbidden)