Minor adjustments

CMSgov · Oct 16, 2024 · 30f6c6f · 30f6c6f
1 parent ffe09f4
commit 30f6c6f
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/apps/capabilities/permissions.py b/apps/capabilities/permissions.py
@@ -32,13 +32,14 @@ def has_permission(self, request, view):
             return True
 
         if hasattr(token, "scope"):  # OAuth 2
+            token_scopes = token.scope.split()
             scopes = list(ProtectedCapability.objects.filter(
-                slug__in=token.scope.split()
+                slug__in=token_scopes
             ).values_list('protected_resources', flat=True).all())
 
             # this is a shorterm fix to reject all tokens that do not have either
             # patient/coverage.read or patient/ExplanationOfBenefit.read
-            if ("patient/Coverage.read" in token.scope.split()) or ("patient/ExplanationOfBenefit.read" in token.scope.split()):
+            if ("patient/Coverage.read" in token_scopes) or ("patient/ExplanationOfBenefit.read" in token_scopes):
                 for scope in scopes:
                     for method, path in json.loads(scope):
                         if method != request.method: