NPA-4599: Update python scripts to check path suffix contains rather than equals

ellie-bound1-NHSD · ellie-bound1-NHSD · commit 56b2150f1251 · 2025-04-04T17:00:35.000+01:00
diff --git a/proxies/live/apiproxy/resources/py/check-app-enabled-endpoint.py b/proxies/live/apiproxy/resources/py/check-app-enabled-endpoint.py
@@ -1,12 +1,13 @@
 path_suffix = flow.getVariable("proxy.pathsuffix").lower()
 request_verb = flow.getVariable("request.verb").lower()
 
-requested_endpoint = (path_suffix, request_verb)
-
-
-auth_forbidden = requested_endpoint in [
+blocked_resources = [
     ("/fhir/r4/relatedperson", "get"),
     ("/fhir/r4/questionnaireresponse", "post"),
 ]
 
+for blocked_resources in blocked_resources:
+    if blocked_resources[0] in path_suffix and blocked_resources[1] == request_verb:
+        auth_forbidden = True
+
 flow.setVariable("app_auth_forbidden", auth_forbidden)
diff --git a/proxies/live/apiproxy/resources/py/check-user-enabled-endpoint.py b/proxies/live/apiproxy/resources/py/check-user-enabled-endpoint.py
@@ -2,15 +2,15 @@
 path_suffix = flow.getVariable("proxy.pathsuffix").lower()
 request_verb = flow.getVariable("request.verb").lower()
 
-requested_resource = (path_suffix, request_verb)
-
 if auth_level == "p9":
     blocked_resources = [("/fhir/r4/consent", "post"), ("/fhir/r4/consent", "patch")]
 elif auth_level == "all3":
     blocked_resources = [("/fhir/r4/questionnaireresponse", "post")]
 else:
     blocked_resources = []
 
-auth_forbidden = requested_resource in blocked_resources
+for blocked_resources in blocked_resources:
+    if blocked_resources[0] in path_suffix and blocked_resources[1] == request_verb:
+        auth_forbidden = True
 
 flow.setVariable("user_auth_forbidden", auth_forbidden)
