jimfuqian/BB2-fix-the-temp-fix-if-checking-cond (#1256)

* fix the temp fix if checking. * Minor adjustments --------- Co-authored-by: jimmyfagan <jimmyfagan@navapbc.com>
CMSgov · Oct 16, 2024 · cb83285 · cb83285
1 parent 476ef92
commit cb83285
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/apps/capabilities/permissions.py b/apps/capabilities/permissions.py
@@ -32,13 +32,14 @@ def has_permission(self, request, view):
             return True
 
         if hasattr(token, "scope"):  # OAuth 2
+            token_scopes = token.scope.split()
             scopes = list(ProtectedCapability.objects.filter(
-                slug__in=token.scope.split()
+                slug__in=token_scopes
             ).values_list('protected_resources', flat=True).all())
 
             # this is a shorterm fix to reject all tokens that do not have either
             # patient/coverage.read or patient/ExplanationOfBenefit.read
-            if ("patient/Coverage.read" or "patient/ExplanationOfBenefit.read") in token.scope.split():
+            if ("patient/Coverage.read" in token_scopes) or ("patient/ExplanationOfBenefit.read" in token_scopes):
                 for scope in scopes:
                     for method, path in json.loads(scope):
                         if method != request.method: