48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
# File 'lib/carin_for_blue_button_test_kit/custom_groups/v2.0.0/c4bb_smart_launch/smart_scopes_test.rb', line 48
def received_scope_test(scopes)
scope_subset = scopes - ['openid', 'fhirUser', 'launch/patient']
assert scope_subset.length == scopes.length - 3,
'openid, fhirUser, & launch/patient scopes must be supported. Received scopes: ' \
"#{scope_subset.join(', ')}."
granted_patient_level_resource_types = []
granted_user_level_resource_types = []
scope_subset.each do |scope|
scope_pieces = scope.split('/')
next unless scope_pieces.length == 2
scope_type, resource_scope = scope_pieces
next unless %w[patient user].include?(scope_type)
resource_scope_parts = resource_scope.split('.')
next unless resource_scope_parts.length == 2
resource_type, access_level = resource_scope_parts
next unless access_level =~ access_level_regex
if scope_type == 'patient'
granted_patient_level_resource_types << resource_type
else
granted_user_level_resource_types << resource_type
end
end
missing_patient_level_resource_types = patient_compartment_resource_types - granted_patient_level_resource_types
missing_patient_level_resource_types = [] if granted_patient_level_resource_types.include?('*')
assert missing_patient_level_resource_types.empty?,
"Requested patient-level scopes #{missing_patient_level_resource_types.join(', ')} " \
'were not granted by authorization server.'
missing_user_level_resource_types = patient_compartment_resource_types - granted_user_level_resource_types
missing_user_level_resource_types = [] if granted_user_level_resource_types.include?('*')
assert missing_user_level_resource_types.empty?,
"Requested user-level scopes #{missing_user_level_resource_types.join(', ')} " \
'were not granted by authorization server.'
end
|