onc_certification_g10_test_kit 3.5.0 → 3.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 86895a228600bf6b7def9bed5d5ec4a1097ecf51ab0894c270329bfbd59ddc7e
-  data.tar.gz: c8ddb8549f55dbc1919e8e93464b622bdf26cd5b854ff605658ebb4ecd603267
+  metadata.gz: 5cb9581f7ee4744446ca16c9f22e240d122ea66a0664855fb84105e493711b12
+  data.tar.gz: 599e962523e39a5acde1d806dca01bdcc833cfcf8765d3ec4011b30b68461565
 SHA512:
-  metadata.gz: 509654b9a9278a4d6d43665798ede7d41844fbbd35dd4073579f3a7a5b45a1036917f331b3fabb3453e9f7cead391a15cd82d98bc9ef5e618a9ec55b8c2395c1
-  data.tar.gz: aeb3ecce391706bb755b16f8af66a95d5cddd934e85d0dd5035280f9eef34955c77800007175ccbb9c6820aebc104e72b49b3e9eaa636992e757a6a7558c125c
+  metadata.gz: 28a4f109f4790920c4651e4b5dcbe2f54f84729c8253df0ded0edfd0e4ee2be116de27f0b301e8cb91942d467e7ce7cc926124c3d72085279f3a92e56cdd2494
+  data.tar.gz: 539f9c928ba1c7f912cbb5c449835043f1e33bc84d9c365d9d6bba66aad8f2116a354c4ff55a4828d496dd6b26a60dee7d427ec8fec596cf81426f5604b64d32

data/lib/onc_certification_g10_test_kit/bulk_data_group_export_cancel_stu1.rb

@@ -0,0 +1,48 @@
+require_relative 'export_kick_off_performer'
+
+module ONCCertificationG10TestKit
+  class BulkDataGroupExportCancelSTU1 < Inferno::TestGroup
+    id :g10_bulk_data_export_cancel_stu1
+    title 'Group Compartment Export Cancel Tests'
+    description %(
+      Verify that the Bulk Data server supports cancelling requested exports.
+      This group initiates a new export and immediately cancels it to verify
+      correct behavior.
+    )
+
+    input :bearer_token
+    input :bulk_server_url,
+          title: 'Bulk Data FHIR URL',
+          description: 'The URL of the Bulk FHIR server.'
+    input :group_id,
+          title: 'Group ID',
+          description: 'The Group ID associated with the group of patients to be exported.'
+
+    http_client :bulk_server do
+      url :bulk_server_url
+    end
+
+    test do
+      id :g10_bulk_export_cancel
+      title 'Bulk Data Server returns "202 Accepted" for delete request'
+      description <<~DESCRIPTION
+        After a bulk data request has been started, a client MAY send a delete request to the URL provided in the Content-Location header to cancel the request.
+        Bulk Data Server MUST support client's delete request and return HTTP Status Code of "202 Accepted"
+      DESCRIPTION
+      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/export/index.html#bulk-data-delete-request'
+
+      include ExportKickOffPerformer
+
+      output :cancelled_polling_url
+
+      run do
+        perform_export_kick_off_request
+        assert_response_status(202)
+
+        output cancelled_polling_url: request.response_header('content-location')&.value
+
+        delete_export_kick_off_request
+      end
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/bulk_data_group_export_cancel_stu2.rb

@@ -0,0 +1,36 @@
+require_relative 'bulk_data_group_export_cancel_stu1'
+
+module ONCCertificationG10TestKit
+  class BulkDataGroupExportCancelSTU2 < BulkDataGroupExportCancelSTU1
+    id :g10_bulk_data_export_cancel_stu2
+
+    test do
+      title 'Bulk Data Server returns a 404 and OperationOutcome for polling requests to cancelled exports'
+      description <<~DESCRIPTION
+        > Following the delete request, when subsequent requests are made to the
+          polling location, the server SHALL return a 404 Not Found error and an
+          associated FHIR OperationOutcome in JSON format.
+
+        http://hl7.org/fhir/uv/bulkdata/STU2/export.html#bulk-data-delete-request
+      DESCRIPTION
+
+      id :bulk_data_poll_cancelled_export
+
+      input :cancelled_polling_url
+
+      run do
+        skip 'No polling url available' unless cancelled_polling_url.present?
+
+        get(cancelled_polling_url, headers: { authorization: "Bearer #{bearer_token}", accept: 'application/json' })
+
+        assert_response_status(404)
+
+        assert_valid_json(response[:body])
+        response_body = JSON.parse(response[:body])
+
+        assert response_body['resourceType'] == 'OperationOutcome', 'Server did not return an OperationOutcome'
+        assert_valid_resource(resource: FHIR::OperationOutcome.new(response_body))
+      end
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/bulk_data_group_export_parameters.rb

@@ -0,0 +1,96 @@
+require_relative 'export_kick_off_performer'
+
+module ONCCertificationG10TestKit
+  class BulkDataGroupExportParameters < Inferno::TestGroup
+    id :g10_bulk_data_export_parameters
+    title 'Group Compartment Export Parameters Tests'
+    description %(
+      Verify that the Bulk Data server supports required query parameters.
+    )
+
+    input :bearer_token
+    input :bulk_server_url,
+          title: 'Bulk Data FHIR URL',
+          description: 'The URL of the Bulk FHIR server.'
+    input :group_id,
+          title: 'Group ID',
+          description: 'The Group ID associated with the group of patients to be exported.'
+
+    http_client :bulk_server do
+      url :bulk_server_url
+    end
+
+    test do
+      title 'Bulk Data Server supports "_outputFormat" query parameter'
+      description <<~DESCRIPTION
+        [_outputFormat](http://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters):
+        The format for the requested Bulk Data files to be
+        generated as per FHIR Asynchronous Request Pattern. Defaults to
+        application/fhir+ndjson. The server SHALL support Newline Delimited
+        JSON, but MAY choose to support additional output formats. The server
+        SHALL accept the full content type of application/fhir+ndjson as well
+        as the abbreviated representations application/ndjson and ndjson.
+      DESCRIPTION
+
+      id :output_format_in_export_response
+
+      include ExportKickOffPerformer
+
+      run do
+        ['application/fhir+ndjson', 'application/ndjson', 'ndjson'].each do |format|
+          perform_export_kick_off_request(params: { _outputFormat: format })
+          assert_response_status(202)
+
+          delete_export_kick_off_request
+        end
+      end
+    end
+
+    test do
+      title 'Bulk Data Server supports "_since" query parameter'
+      description <<~DESCRIPTION
+        This test verifies that the server accepts an export request with the
+        `[_since](http://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters)`
+        query parameter.  It initiates a new export using a _since parameter of
+        one week ago, and ensures that the export was initiated succesfully.
+
+        The test does not attempt to verify that resources returned were
+        modified after the _since date that was requested, because the Bulk Data
+        specification provides latitude in determining exactly what data is
+        returned by the server.  The purpose of this test is to ensure that
+        export requests with this parameter are accepted and to highlight that
+        support of this parameter is required.
+
+        After the export was successfully initiated, it is then cancelled.
+      DESCRIPTION
+
+      id :g10_since_in_export_response
+
+      include ExportKickOffPerformer
+
+      input :since_timestamp,
+            title: 'Timestamp for _since parameter',
+            description: 'A timestamp formatted as a FHIR instant which will be used to test the ' \
+                         "server's support for the `_since` query parameter",
+            default: 1.week.ago.iso8601
+
+      run do
+        fhir_instant_regex = /
+          ([0-9]([0-9]([0-9][1-9]|[1-9]0)|[1-9]00)|[1-9]000)
+          -(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])
+          T([01][0-9]|2[0-3]):[0-5][0-9]:([0-5][0-9]|60)(\.[0-9]+)
+          ?(Z|(\+|-)((0[0-9]|1[0-3]):[0-5][0-9]|14:00))
+        /x
+
+        assert since_timestamp.match?(fhir_instant_regex),
+               "The provided `_since` timestamp `#{since_timestamp}` is not a valid " \
+               '[FHIR instant](https://www.hl7.org/fhir/datatypes.html#instant).'
+
+        perform_export_kick_off_request(params: { _since: since_timestamp })
+        assert_response_status(202)
+
+        delete_export_kick_off_request
+      end
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/bulk_data_group_export_stu1.rb

@@ -275,27 +275,5 @@ module ONCCertificationG10TestKit
         end
       end
     end
-
-    test do
-      title 'Bulk Data Server returns "202 Accepted" for delete request'
-      description <<~DESCRIPTION
-        After a bulk data request has been started, a client MAY send a delete request to the URL provided in the Content-Location header to cancel the request.
-        Bulk Data Server MUST support client's delete request and return HTTP Status Code of "202 Accepted"
-      DESCRIPTION
-      # link 'http://hl7.org/fhir/uv/bulkdata/STU1.0.1/export/index.html#bulk-data-delete-request'
-
-      include ExportKickOffPerformer
-
-      output :cancelled_polling_url
-
-      run do
-        perform_export_kick_off_request
-        assert_response_status(202)
-
-        output cancelled_polling_url: request.response_header('content-location')&.value
-
-        delete_export_kick_off_request
-      end
-    end
   end
 end

data/lib/onc_certification_g10_test_kit/bulk_data_group_export_stu2.rb

@@ -7,62 +7,5 @@ module ONCCertificationG10TestKit
     id :bulk_data_group_export_stu2
 
     config(options: { require_absolute_urls_in_output: true })
-
-    test do
-      title 'Bulk Data Server supports "_outputFormat" query parameter'
-      description <<~DESCRIPTION
-        [_outputFormat](http://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters):
-        The format for the requested Bulk Data files to be
-        generated as per FHIR Asynchronous Request Pattern. Defaults to
-        application/fhir+ndjson. The server SHALL support Newline Delimited
-        JSON, but MAY choose to support additional output formats. The server
-        SHALL accept the full content type of application/fhir+ndjson as well
-        as the abbreviated representations application/ndjson and ndjson.
-      DESCRIPTION
-
-      id :output_format_in_export_response
-
-      include ExportKickOffPerformer
-
-      input :bearer_token, :group_id, :bulk_server_url
-
-      run do
-        ['application/fhir+ndjson', 'application/ndjson', 'ndjson'].each do |format|
-          perform_export_kick_off_request(params: { _outputFormat: format })
-          assert_response_status(202)
-
-          delete_export_kick_off_request
-        end
-      end
-    end
-
-    test do
-      title 'Bulk Data Server returns a 404 and OperationOutcome for polling requests to cancelled exports'
-      description <<~DESCRIPTION
-        > Following the delete request, when subsequent requests are made to the
-          polling location, the server SHALL return a 404 Not Found error and an
-          associated FHIR OperationOutcome in JSON format.
-
-        http://hl7.org/fhir/uv/bulkdata/STU2/export.html#bulk-data-delete-request
-      DESCRIPTION
-
-      id :bulk_data_poll_cancelled_export
-
-      input :cancelled_polling_url
-
-      run do
-        skip 'No polling url available' unless cancelled_polling_url.present?
-
-        get(cancelled_polling_url, headers: { authorization: "Bearer #{bearer_token}", accept: 'application/json' })
-
-        assert_response_status(404)
-
-        assert_valid_json(response[:body])
-        response_body = JSON.parse(response[:body])
-
-        assert response_body['resourceType'] == 'OperationOutcome', 'Server did not return an OperationOutcome'
-        assert_valid_resource(resource: FHIR::OperationOutcome.new(response_body))
-      end
-    end
   end
 end

data/lib/onc_certification_g10_test_kit/multi_patient_api_stu1.rb

@@ -1,5 +1,6 @@
 require_relative 'bulk_data_authorization'
 require_relative 'bulk_data_group_export_stu1'
+require_relative 'bulk_data_group_export_cancel_stu1'
 require_relative 'bulk_data_group_export_validation'
 require_relative 'incorrectly_permitted_tls_versions_messages_setup_test'
 
@@ -75,5 +76,7 @@ module ONCCertificationG10TestKit
 
     test from: :g10_incorrectly_permitted_tls_versions_messages_setup,
          id: :g10_bulk_group_export_validation_messages_setup
+
+    group from: :g10_bulk_data_export_cancel_stu1
   end
 end

data/lib/onc_certification_g10_test_kit/multi_patient_api_stu2.rb

@@ -1,4 +1,6 @@
 require_relative 'bulk_data_authorization'
+require_relative 'bulk_data_group_export_cancel_stu2'
+require_relative 'bulk_data_group_export_parameters'
 require_relative 'bulk_data_group_export_stu2'
 require_relative 'bulk_data_group_export_validation'
 
@@ -74,5 +76,9 @@ module ONCCertificationG10TestKit
 
     test from: :g10_incorrectly_permitted_tls_versions_messages_setup,
          id: :g10_bulk_group_export_validation_messages_setup
+
+    group from: :g10_bulk_data_export_cancel_stu2
+
+    group from: :g10_bulk_data_export_parameters
   end
 end

data/lib/onc_certification_g10_test_kit/onc_program_procedure.yml

@@ -2160,6 +2160,8 @@ procedure:
         inferno_tests:
           - 7.2.04 - 7.2.05
           - 8.2.04 - 8.2.05
+          - 8.5.01
+          - 8.5.02
       - id: DAT-PAT-11
         SUT: |
           The health IT developer demonstrates the ability of the Health IT
@@ -2184,9 +2186,9 @@ procedure:
           adopted in § 170.215(a)(4).
         inferno_supported: 'yes'
         inferno_tests:
-          - 7.2.07
-          - 8.2.07
-          - 8.2.09
+          - 7.4.01
+          - 8.4.01
+          - 8.4.02
       - id: DAT-PAT-13
         SUT: |
           The health IT developer demonstrates the ability of the Health IT

data/lib/onc_certification_g10_test_kit/short_id_map.yml

@@ -522,7 +522,6 @@ g10_certification-g10_single_patient_us_core_4_api-us_core_v400_device-us_core_v
 g10_certification-g10_single_patient_us_core_4_api-us_core_v400_device-us_core_v400_device_validation_test: 5.7.04
 g10_certification-g10_single_patient_us_core_4_api-us_core_v400_device-us_core_v400_device_must_support_test: 5.7.05
 g10_certification-g10_single_patient_us_core_4_api-us_core_v400_device-us_core_v400_device_reference_resolution_test: 5.7.06
-g10_certification-g10_single_patient_us_core_4_api-us_core_v400_device-us_core_v400_device_udi_pi_test: 5.7.07
 g10_certification-g10_single_patient_us_core_4_api-us_core_v400_diagnostic_report_lab: '5.8'
 ? g10_certification-g10_single_patient_us_core_4_api-us_core_v400_diagnostic_report_lab-us_core_v400_diagnostic_report_lab_patient_category_search_test
 : 5.8.01
@@ -922,7 +921,6 @@ g10_certification-g10_single_patient_us_core_5_api-us_core_v501_device-us_core_v
 g10_certification-g10_single_patient_us_core_5_api-us_core_v501_device-us_core_v501_device_validation_test: 6.8.04
 g10_certification-g10_single_patient_us_core_5_api-us_core_v501_device-us_core_v501_device_must_support_test: 6.8.05
 g10_certification-g10_single_patient_us_core_5_api-us_core_v501_device-us_core_v501_device_reference_resolution_test: 6.8.06
-g10_certification-g10_single_patient_us_core_5_api-us_core_v501_device-us_core_v400_device_udi_pi_test: 6.8.07
 g10_certification-g10_single_patient_us_core_5_api-us_core_v501_diagnostic_report_note: '6.9'
 ? g10_certification-g10_single_patient_us_core_5_api-us_core_v501_diagnostic_report_note-us_core_v501_diagnostic_report_note_patient_category_search_test
 : 6.9.01
@@ -1365,7 +1363,6 @@ g10_certification-multi_patient_api-bulk_data_group_export-Test03: 7.2.03
 g10_certification-multi_patient_api-bulk_data_group_export-Test04: 7.2.04
 g10_certification-multi_patient_api-bulk_data_group_export-Test05: 7.2.05
 g10_certification-multi_patient_api-bulk_data_group_export-Test06: 7.2.06
-g10_certification-multi_patient_api-bulk_data_group_export-Test07: 7.2.07
 g10_certification-multi_patient_api-g10_bulk_group_export_tls_messages_setup: '7.02'
 g10_certification-multi_patient_api-bulk_data_group_export_validation: '7.3'
 g10_certification-multi_patient_api-bulk_data_group_export_validation-g10_bulk_file_server_tls_version: 7.3.01
@@ -1396,6 +1393,8 @@ g10_certification-multi_patient_api-bulk_data_group_export_validation-Test25: 7.
 g10_certification-multi_patient_api-bulk_data_group_export_validation-Test26: 7.3.26
 g10_certification-multi_patient_api-bulk_data_group_export_validation-Test27: 7.3.27
 g10_certification-multi_patient_api-g10_bulk_group_export_validation_messages_setup: '7.03'
+g10_certification-multi_patient_api-g10_bulk_data_export_cancel_stu1: '7.4'
+g10_certification-multi_patient_api-g10_bulk_data_export_cancel_stu1-g10_bulk_export_cancel: 7.4.01
 g10_certification-multi_patient_api_stu2: '8'
 g10_certification-multi_patient_api_stu2-bulk_data_authorization: '8.1'
 g10_certification-multi_patient_api_stu2-bulk_data_authorization-g10_bulk_token_tls_version: 8.1.01
@@ -1412,9 +1411,6 @@ g10_certification-multi_patient_api_stu2-bulk_data_group_export_stu2-Test03: 8.2
 g10_certification-multi_patient_api_stu2-bulk_data_group_export_stu2-Test04: 8.2.04
 g10_certification-multi_patient_api_stu2-bulk_data_group_export_stu2-Test05: 8.2.05
 g10_certification-multi_patient_api_stu2-bulk_data_group_export_stu2-Test06: 8.2.06
-g10_certification-multi_patient_api_stu2-bulk_data_group_export_stu2-Test07: 8.2.07
-g10_certification-multi_patient_api_stu2-bulk_data_group_export_stu2-output_format_in_export_response: 8.2.08
-g10_certification-multi_patient_api_stu2-bulk_data_group_export_stu2-bulk_data_poll_cancelled_export: 8.2.09
 g10_certification-multi_patient_api_stu2-g10_bulk_group_export_tls_messages_setup: '8.02'
 g10_certification-multi_patient_api_stu2-bulk_data_group_export_validation: '8.3'
 g10_certification-multi_patient_api_stu2-bulk_data_group_export_validation-g10_bulk_file_server_tls_version: 8.3.01
@@ -1445,6 +1441,12 @@ g10_certification-multi_patient_api_stu2-bulk_data_group_export_validation-Test2
 g10_certification-multi_patient_api_stu2-bulk_data_group_export_validation-Test26: 8.3.26
 g10_certification-multi_patient_api_stu2-bulk_data_group_export_validation-Test27: 8.3.27
 g10_certification-multi_patient_api_stu2-g10_bulk_group_export_validation_messages_setup: '8.03'
+g10_certification-multi_patient_api_stu2-g10_bulk_data_export_cancel_stu2: '8.4'
+g10_certification-multi_patient_api_stu2-g10_bulk_data_export_cancel_stu2-g10_bulk_export_cancel: 8.4.01
+g10_certification-multi_patient_api_stu2-g10_bulk_data_export_cancel_stu2-bulk_data_poll_cancelled_export: 8.4.02
+g10_certification-multi_patient_api_stu2-g10_bulk_data_export_parameters: '8.5'
+g10_certification-multi_patient_api_stu2-g10_bulk_data_export_parameters-output_format_in_export_response: 8.5.01
+g10_certification-multi_patient_api_stu2-g10_bulk_data_export_parameters-g10_since_in_export_response: 8.5.02
 g10_certification-Group06: '9'
 g10_certification-Group06-g10_public_standalone_launch: '9.1'
 g10_certification-Group06-g10_public_standalone_launch-standalone_auth_tls: 9.1.01
@@ -1538,3 +1540,4 @@ g10_certification-Group06-g10_visual_inspection_and_attestations-Test13: 9.10.13
 g10_certification-Group06-g10_visual_inspection_and_attestations-g10_public_url_attestation: 9.10.14
 g10_certification-Group06-g10_visual_inspection_and_attestations-g10_tls_version_attestation: 9.10.15
 g10_certification-Group06-g10_visual_inspection_and_attestations-g10_refresh_token_refresh_attestation: 9.10.16
+g10_certification-Group06-g10_visual_inspection_and_attestations-g10_bulk_v2_since_attestation: 9.10.17

data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb

@@ -137,17 +137,11 @@ module ONCCertificationG10TestKit
             received_scopes: { name: :ehr_received_scopes }
           },
           options: {
-            scope_version: :v1
+            scope_version: :v1,
+            required_scope_type: 'user',
+            required_scopes: ['openid', 'fhirUser', 'launch', 'offline_access']
           }
         )
-
-        def required_scopes
-          ['openid', 'fhirUser', 'launch', 'offline_access']
-        end
-
-        def required_scope_type
-          'user'
-        end
       end
 
       test from: :g10_unauthorized_access,
@@ -289,17 +283,11 @@ module ONCCertificationG10TestKit
             received_scopes: { name: :ehr_received_scopes }
           },
           options: {
-            scope_version: :v2
+            scope_version: :v2,
+            required_scope_type: 'user',
+            required_scopes: ['openid', 'fhirUser', 'launch', 'offline_access']
           }
         )
-
-        def required_scopes
-          ['openid', 'fhirUser', 'launch', 'offline_access']
-        end
-
-        def required_scope_type
-          'user'
-        end
       end
 
       test from: :g10_unauthorized_access,

data/lib/onc_certification_g10_test_kit/smart_scopes_test.rb

@@ -75,13 +75,25 @@ module ONCCertificationG10TestKit
       V5_VALID_RESOURCE_TYPES
     end
 
+    def required_scope_type
+      config.options[:required_scope_type]
+    end
+
+    def required_scopes
+      config.options[:required_scopes]
+    end
+
+    def scope_version
+      config.options[:scope_version]
+    end
+
     def read_format
       @read_format ||=
         begin
           v1_read_format = 'read'
           v2_read_format = 'c?ru?d?s?'
 
-          case config.options[:scope_version]
+          case scope_version
           when :v1
             "#{v1_read_format} | *"
           when :v2
@@ -94,13 +106,13 @@ module ONCCertificationG10TestKit
 
     def access_level_regex
       @access_level_regex ||=
-        case config.options[:scope_version]
+        case scope_version
         when :v1
-          /\A(\*|read)/
+          /\A(\*|read)\b/
         when :v2
-          /\A(\*|c?ru?d?s?\b)/
+          /\A(\*|c?ru?d?s?)\b/
         else
-          /\A(\*|read|c?ru?d?s?\b)/
+          /\A(\*|read|c?ru?d?s?)\b/
         end
     end
 
@@ -112,41 +124,45 @@ module ONCCertificationG10TestKit
     end
 
     def strip_experimental_scope_syntax(full_scope)
-      if config.options[:scope_version] == :v1
+      if scope_version == :v1
         full_scope
       else
         full_scope.split('?').first
       end
     end
 
-    def requested_scope_test(scopes, patient_compartment_resource_types)
+    def assert_correct_scope_type(scope, scope_type, resource_type)
+      if required_scope_type == 'patient' && patient_compartment_resource_types.exclude?(resource_type)
+        assert ['user', 'patient'].include?(scope_type),
+               "Requested scope '#{scope}' must begin with either 'user/' or 'patient/'"
+      else
+        assert scope_type == required_scope_type, bad_format_message(scope)
+      end
+    end
+
+    def requested_scope_test(scopes)
       correct_scope_type_found = false
 
       scopes.each do |full_scope|
         scope = strip_experimental_scope_syntax(full_scope)
 
         scope_pieces = scope.split('/')
-        assert scope_pieces.count == 2, bad_format_message(scope)
+        assert scope_pieces.length == 2, bad_format_message(scope)
 
         scope_type, resource_scope = scope_pieces
-        resource_scope_parts = resource_scope.split('.')
 
+        resource_scope_parts = resource_scope.split('.')
         assert resource_scope_parts.length == 2, bad_format_message(scope)
 
         resource_type, access_level = resource_scope_parts
-        bad_resource_message = "'#{resource_type}' must be either a valid resource type or '*'"
+        assert access_level =~ access_level_regex, bad_format_message(scope)
 
-        if required_scope_type == 'patient' && patient_compartment_resource_types.exclude?(resource_type)
-          assert ['user', 'patient'].include?(scope_type),
-                 "Requested scope '#{scope}' must begin with either 'user/' or 'patient/'"
-        else
-          assert scope_type == required_scope_type, bad_format_message(scope)
-        end
+        assert_correct_scope_type(scope, scope_type, resource_type)
 
-        assert valid_resource_types.include?(resource_type), bad_resource_message
-        assert access_level =~ access_level_regex, bad_format_message(scope)
+        assert valid_resource_types.include?(resource_type),
+               "'#{resource_type}' must be either a permitted resource type or '*'"
 
-        correct_scope_type_found = true
+        correct_scope_type_found = true if scope_type == required_scope_type
       end
 
       assert correct_scope_type_found,
@@ -154,22 +170,28 @@ module ONCCertificationG10TestKit
              "`#{required_scope_type}/[ <ResourceType> | * ].[ #{read_format} ]` was not requested."
     end
 
-    def received_scope_test(scopes, patient_compartment_resource_types)
+    def received_scope_test(scopes)
       granted_resource_types = []
 
       scopes.each do |full_scope|
         scope = strip_experimental_scope_syntax(full_scope)
 
         scope_pieces = scope.split('/')
-        next unless scope_pieces.count == 2
+        next unless scope_pieces.length == 2
 
-        _scope_type, resource_scope = scope_pieces
+        scope_type, resource_scope = scope_pieces
 
         resource_scope_parts = resource_scope.split('.')
-        next unless resource_scope_parts.count == 2
+        next unless resource_scope_parts.length == 2
 
         resource_type, access_level = resource_scope_parts
-        granted_resource_types << resource_type if access_level =~ access_level_regex
+        next unless access_level =~ access_level_regex
+
+        next unless ['patient', 'user', 'system'].include?(scope_type)
+
+        assert_correct_scope_type(scope, scope_type, resource_type)
+
+        granted_resource_types << resource_type
       end
 
       missing_resource_types =
@@ -209,12 +231,12 @@ module ONCCertificationG10TestKit
         # 'launch/patient' for EHR launch and Standalone launch.
         # 'launch/encounter' is mentioned by SMART App Launch though not in
         # (g)(10) test procedure
-        scopes -= ['online_access', 'launch', 'launch/patient', 'launch/encounter']
+        scopes -= ['online_access', 'offline_access', 'launch', 'launch/patient', 'launch/encounter']
 
         if received_or_requested == 'requested'
-          requested_scope_test(scopes, patient_compartment_resource_types)
+          requested_scope_test(scopes)
         else
-          received_scope_test(scopes, patient_compartment_resource_types)
+          received_scope_test(scopes)
         end
       end
     end

data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb

@@ -151,17 +151,11 @@ module ONCCertificationG10TestKit
             received_scopes: { name: :standalone_received_scopes }
           },
           options: {
-            scope_version: :v1
+            scope_version: :v1,
+            required_scope_type: 'patient',
+            required_scopes: ['openid', 'fhirUser', 'launch/patient', 'offline_access']
           }
         )
-
-        def required_scopes
-          ['openid', 'fhirUser', 'launch/patient', 'offline_access']
-        end
-
-        def required_scope_type
-          'patient'
-        end
       end
 
       test from: :g10_unauthorized_access,
@@ -267,17 +261,11 @@ module ONCCertificationG10TestKit
             received_scopes: { name: :standalone_received_scopes }
           },
           options: {
-            scope_version: :v2
+            scope_version: :v2,
+            required_scope_type: 'patient',
+            required_scopes: ['openid', 'fhirUser', 'launch/patient', 'offline_access']
           }
         )
-
-        def required_scopes
-          ['openid', 'fhirUser', 'launch/patient', 'offline_access']
-        end
-
-        def required_scope_type
-          'patient'
-        end
       end
 
       test from: :g10_unauthorized_access,

data/lib/onc_certification_g10_test_kit/version.rb

@@ -1,3 +1,3 @@
 module ONCCertificationG10TestKit
-  VERSION = '3.5.0'.freeze
+  VERSION = '3.6.0'.freeze
 end

data/lib/onc_certification_g10_test_kit/visual_inspection_and_attestations_group.rb

@@ -637,5 +637,55 @@ module ONCCertificationG10TestKit
         pass refresh_token_refresh_notes if refresh_token_refresh_notes.present?
       end
     end
+
+    test do
+      required_suite_options G10Options::BULK_DATA_2_REQUIREMENT
+      title 'Health IT developer attested that the Health IT Module meets the ' \
+            'requirements for supporting the `_since` parameter for bulk data exports.'
+      description %(
+        Resources will be included in the response if their state has changed
+        after the supplied time (e.g., if `Resource.meta.lastUpdated` is later
+        than the supplied `_since` time). In the case of a Group level export, the
+        server MAY return additional resources modified prior to the supplied
+        time if the resources belong to the patient compartment of a patient
+        added to the Group after the supplied time (this behavior SHOULD be
+        clearly documented by the server). For Patient- and Group-level
+        requests, the server MAY return resources that are referenced by the
+        resources being returned regardless of when the referenced resources
+        were last updated. For resources where the server does not maintain a
+        last updated time, the server MAY include these resources in a response
+        irrespective of the _since value supplied by a client.
+      )
+      id :g10_bulk_v2_since_attestation
+      input :bulk_v2_since_attestation,
+            title: 'Health IT developer attested that the Health IT Module meets the ' \
+                   'requirements for supporting the `_since` parameter for bulk data exports.',
+            type: 'radio',
+            default: 'false',
+            options: {
+              list_options: [
+                {
+                  label: 'Yes',
+                  value: 'true'
+                },
+                {
+                  label: 'No',
+                  value: 'false'
+                }
+              ]
+            }
+      input :bulk_v2_since_attestation_notes,
+            title: 'Notes, if applicable:',
+            type: 'textarea',
+            optional: true
+
+      run do
+        assert bulk_v2_since_attestation == 'true',
+               'Health IT developer did not attest that the Health IT Module meets the ' \
+               'requirements for supporting the `_since` parameter for bulk data exports.'
+
+        pass bulk_v2_since_attestation_notes if bulk_v2_since_attestation_notes.present?
+      end
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: onc_certification_g10_test_kit
 version: !ruby/object:Gem::Version
-  version: 3.5.0
+  version: 3.6.0
 platform: ruby
 authors:
 - Stephen MacVicar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-02-08 00:00:00.000000000 Z
+date: 2023-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bloomer
@@ -142,14 +142,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.4.5
+        version: 0.4.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.4.5
+        version: 0.4.6
 - !ruby/object:Gem::Dependency
   name: database_cleaner-sequel
   requirement: !ruby/object:Gem::Requirement
@@ -250,6 +250,9 @@ files:
 - lib/onc_certification_g10_test_kit/authorization_request_builder.rb
 - lib/onc_certification_g10_test_kit/base_token_refresh_group.rb
 - lib/onc_certification_g10_test_kit/bulk_data_authorization.rb
+- lib/onc_certification_g10_test_kit/bulk_data_group_export_cancel_stu1.rb
+- lib/onc_certification_g10_test_kit/bulk_data_group_export_cancel_stu2.rb
+- lib/onc_certification_g10_test_kit/bulk_data_group_export_parameters.rb
 - lib/onc_certification_g10_test_kit/bulk_data_group_export_stu1.rb
 - lib/onc_certification_g10_test_kit/bulk_data_group_export_stu2.rb
 - lib/onc_certification_g10_test_kit/bulk_data_group_export_validation.rb