onc_certification_g10_test_kit 6.0.3 → 7.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. data/lib/inferno/repositiories/validators.rb +0 -6
  3. data/lib/inferno/repositiories/value_sets.rb +1 -7
  4. data/lib/inferno/terminology/expected_manifest.yml +5 -5
  5. data/lib/inferno/terminology/fhir_package_manager.rb +13 -4
  6. data/lib/inferno/terminology/loader.rb +2 -1
  7. data/lib/inferno/terminology/tasks/download_fhir_terminology.rb +2 -1
  8. data/lib/inferno/terminology/tasks/download_umls.rb +2 -1
  9. data/lib/inferno/terminology/tasks/expand_value_set_to_file.rb +1 -1
  10. data/lib/inferno/terminology/tasks/run_umls_jar.rb +2 -1
  11. data/lib/inferno/terminology/validator.rb +1 -0
  12. data/lib/inferno/terminology/value_set.rb +2 -0
  13. data/lib/onc_certification_g10_test_kit/all_resources.rb +74 -0
  14. data/lib/onc_certification_g10_test_kit/bulk_data_group_export_validation.rb +361 -59
  15. data/lib/onc_certification_g10_test_kit/bulk_export_validation_tester.rb +4 -3
  16. data/lib/onc_certification_g10_test_kit/g10_options.rb +20 -1
  17. data/lib/onc_certification_g10_test_kit/limited_scope_grant_test.rb +4 -0
  18. data/lib/onc_certification_g10_test_kit/multi_patient_api_stu1.rb +2 -1
  19. data/lib/onc_certification_g10_test_kit/multi_patient_api_stu2.rb +2 -1
  20. data/lib/onc_certification_g10_test_kit/patient_scope_test.rb +1 -1
  21. data/lib/onc_certification_g10_test_kit/profile_selector.rb +40 -15
  22. data/lib/onc_certification_g10_test_kit/restricted_resource_type_access_group.rb +89 -2
  23. data/lib/onc_certification_g10_test_kit/short_id_map.yml +1417 -12
  24. data/lib/onc_certification_g10_test_kit/single_patient_us_core_7_api_group.rb +219 -0
  25. data/lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb +41 -1
  26. data/lib/onc_certification_g10_test_kit/smart_asymmetric_launch_group.rb +33 -1
  27. data/lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group_stu2_2.rb +128 -0
  28. data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb +234 -0
  29. data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_group_stu2_2.rb +188 -0
  30. data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_us_core_7_group.rb +188 -0
  31. data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_us_core_7_group_stu2_2.rb +188 -0
  32. data/lib/onc_certification_g10_test_kit/smart_granular_scope_selection_group.rb +67 -1
  33. data/lib/onc_certification_g10_test_kit/smart_limited_app_group.rb +128 -1
  34. data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group_stu2_2.rb +162 -0
  35. data/lib/onc_certification_g10_test_kit/smart_scopes_test.rb +10 -2
  36. data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb +159 -0
  37. data/lib/onc_certification_g10_test_kit/smart_v1_scopes_group.rb +117 -0
  38. data/lib/onc_certification_g10_test_kit/terminology_binding_validator.rb +5 -1
  39. data/lib/onc_certification_g10_test_kit/token_introspection_group_stu2_2.rb +97 -0
  40. data/lib/onc_certification_g10_test_kit/unrestricted_resource_type_access_group.rb +85 -31
  41. data/lib/onc_certification_g10_test_kit/version.rb +1 -1
  42. data/lib/onc_certification_g10_test_kit/visual_inspection_and_attestations_group.rb +171 -0
  43. data/lib/onc_certification_g10_test_kit/well_known_capabilities_test.rb +1 -1
  44. data/lib/onc_certification_g10_test_kit.rb +72 -5
  45. metadata +18 -10
@@ -115,6 +115,28 @@ module ONCCertificationG10TestKit
115
115
  }
116
116
  end
117
117
 
118
+ group from: :smart_discovery_stu2_2 do # rubocop:disable Naming/VariableNumber
119
+ required_suite_options(G10Options::SMART_2_2_REQUIREMENT)
120
+ test from: 'g10_smart_well_known_capabilities',
121
+ config: {
122
+ options: {
123
+ required_capabilities: [
124
+ 'launch-standalone',
125
+ 'client-public',
126
+ 'client-confidential-symmetric',
127
+ 'client-confidential-asymmetric',
128
+ 'sso-openid-connect',
129
+ 'context-standalone-patient',
130
+ 'permission-offline',
131
+ 'permission-patient',
132
+ 'authorize-post',
133
+ 'permission-v2',
134
+ 'permission-v1'
135
+ ]
136
+ }
137
+ }
138
+ end
139
+
118
140
  group from: :smart_standalone_launch do
119
141
  required_suite_options(G10Options::SMART_1_REQUIREMENT)
120
142
 
@@ -323,7 +345,144 @@ module ONCCertificationG10TestKit
323
345
  )
324
346
  end
325
347
 
348
+ group from: :smart_standalone_launch_stu2_2, # rubocop:disable Naming/VariableNumber
349
+ config: {
350
+ inputs: {
351
+ use_pkce: {
352
+ default: 'true',
353
+ locked: true
354
+ },
355
+ pkce_code_challenge_method: {
356
+ locked: true
357
+ },
358
+ authorization_method: {
359
+ name: :standalone_authorization_method,
360
+ default: 'get',
361
+ locked: true
362
+ },
363
+ client_auth_type: {
364
+ locked: true,
365
+ default: 'confidential_symmetric'
366
+ }
367
+ }
368
+ } do
369
+ required_suite_options(G10Options::SMART_2_2_REQUIREMENT)
370
+ title 'Standalone Launch With Patient Scope'
371
+ description %(
372
+ # Background
373
+
374
+ The [Standalone
375
+ Launch Sequence](http://hl7.org/fhir/smart-app-launch/STU2.2/app-launch.html#launch-app-standalone-launch)
376
+ allows an app, like Inferno, to be launched independent of an
377
+ existing EHR session. It is one of the two launch methods described in
378
+ the SMART App Launch Framework alongside EHR Launch. The app will
379
+ request authorization for the provided scope from the authorization
380
+ endpoint, ultimately receiving an authorization token which can be used
381
+ to gain access to resources on the FHIR server.
382
+
383
+ # Test Methodology
384
+
385
+ Inferno will redirect the user to the the authorization endpoint so that
386
+ they may provide any required credentials and authorize the application.
387
+ Upon successful authorization, Inferno will exchange the authorization
388
+ code provided for an access token.
389
+
390
+ For more information on the #{title}:
391
+
392
+ * [Standalone Launch
393
+ Sequence](http://hl7.org/fhir/smart-app-launch/STU2.2/app-launch.html#launch-app-standalone-launch)
394
+ )
395
+
396
+ config(
397
+ inputs: {
398
+ requested_scopes: {
399
+ default: %(
400
+ launch/patient openid fhirUser offline_access
401
+ patient/Medication.rs patient/AllergyIntolerance.rs
402
+ patient/CarePlan.rs patient/CareTeam.rs patient/Condition.rs
403
+ patient/Device.rs patient/DiagnosticReport.rs
404
+ patient/DocumentReference.rs patient/Encounter.rs
405
+ patient/Goal.rs patient/Immunization.rs patient/Location.rs
406
+ patient/MedicationRequest.rs patient/Observation.rs
407
+ patient/Organization.rs patient/Patient.rs
408
+ patient/Practitioner.rs patient/Procedure.rs
409
+ patient/Provenance.rs patient/PractitionerRole.rs
410
+ ).gsub(/\s{2,}/, ' ').strip
411
+ }
412
+ }
413
+ )
414
+
415
+ test from: :g10_smart_scopes do
416
+ config(
417
+ inputs: {
418
+ requested_scopes: { name: :standalone_requested_scopes },
419
+ received_scopes: { name: :standalone_received_scopes }
420
+ },
421
+ options: {
422
+ scope_version: :v22,
423
+ required_scope_type: 'patient',
424
+ required_scopes: ['openid', 'fhirUser', 'launch/patient', 'offline_access']
425
+ }
426
+ )
427
+ end
428
+
429
+ test from: :g10_unauthorized_access,
430
+ config: {
431
+ inputs: {
432
+ patient_id: { name: :standalone_patient_id }
433
+ }
434
+ }
435
+
436
+ test from: :g10_patient_context,
437
+ config: {
438
+ inputs: {
439
+ patient_id: { name: :standalone_patient_id },
440
+ smart_credentials: { name: :standalone_smart_credentials }
441
+ }
442
+ }
443
+
444
+ tests[0].config(
445
+ outputs: {
446
+ incorrectly_permitted_tls_versions_messages: {
447
+ name: :auth_incorrectly_permitted_tls_versions_messages
448
+ }
449
+ }
450
+ )
451
+
452
+ tests[3].config(
453
+ outputs: {
454
+ incorrectly_permitted_tls_versions_messages: {
455
+ name: :token_incorrectly_permitted_tls_versions_messages
456
+ }
457
+ }
458
+ )
459
+ end
460
+
461
+ group from: :smart_openid_connect,
462
+ required_suite_options: G10Options::SMART_1_REQUIREMENT,
463
+ config: {
464
+ inputs: {
465
+ id_token: { name: :standalone_id_token },
466
+ client_id: { name: :standalone_client_id },
467
+ requested_scopes: { name: :standalone_requested_scopes },
468
+ smart_credentials: { name: :standalone_smart_credentials }
469
+ }
470
+ }
471
+
326
472
  group from: :smart_openid_connect,
473
+ required_suite_options: G10Options::SMART_2_REQUIREMENT,
474
+ id: :smart_openid_connect_stu2,
475
+ config: {
476
+ inputs: {
477
+ id_token: { name: :standalone_id_token },
478
+ client_id: { name: :standalone_client_id },
479
+ requested_scopes: { name: :standalone_requested_scopes },
480
+ smart_credentials: { name: :standalone_smart_credentials }
481
+ }
482
+ }
483
+
484
+ group from: :smart_openid_connect_stu2_2, # rubocop:disable Naming/VariableNumber
485
+ required_suite_options: G10Options::SMART_2_2_REQUIREMENT,
327
486
  config: {
328
487
  inputs: {
329
488
  id_token: { name: :standalone_id_token },
@@ -96,6 +96,29 @@ module ONCCertificationG10TestKit
96
96
  :client_auth_encryption_method
97
97
 
98
98
  group from: :smart_discovery_stu2 do
99
+ required_suite_options(G10Options::SMART_2_REQUIREMENT)
100
+ test from: 'g10_smart_well_known_capabilities',
101
+ config: {
102
+ options: {
103
+ required_capabilities: [
104
+ 'launch-standalone',
105
+ 'client-public',
106
+ 'client-confidential-symmetric',
107
+ 'client-confidential-asymmetric',
108
+ 'sso-openid-connect',
109
+ 'context-standalone-patient',
110
+ 'permission-offline',
111
+ 'permission-patient',
112
+ 'authorize-post',
113
+ 'permission-v2',
114
+ 'permission-v1'
115
+ ]
116
+ }
117
+ }
118
+ end
119
+ group from: :smart_discovery_stu2_2 do # rubocop:disable Naming/VariableNumber
120
+ required_suite_options(G10Options::SMART_2_2_REQUIREMENT)
121
+
99
122
  test from: 'g10_smart_well_known_capabilities',
100
123
  config: {
101
124
  options: {
@@ -117,6 +140,7 @@ module ONCCertificationG10TestKit
117
140
  end
118
141
 
119
142
  group from: :smart_standalone_launch_stu2,
143
+ required_suite_options: G10Options::SMART_2_REQUIREMENT,
120
144
  config: {
121
145
  inputs: {
122
146
  use_pkce: {
@@ -208,6 +232,99 @@ module ONCCertificationG10TestKit
208
232
  }
209
233
  )
210
234
  end
235
+ group from: :smart_standalone_launch_stu2_2, # rubocop:disable Naming/VariableNumber
236
+ required_suite_options: G10Options::SMART_2_2_REQUIREMENT,
237
+ config: {
238
+ inputs: {
239
+ use_pkce: {
240
+ default: 'true',
241
+ locked: true
242
+ },
243
+ pkce_code_challenge_method: {
244
+ locked: true
245
+ },
246
+ authorization_method: {
247
+ name: :standalone_authorization_method,
248
+ default: 'get',
249
+ locked: true
250
+ },
251
+ client_auth_type: {
252
+ locked: true,
253
+ default: 'confidential_symmetric'
254
+ }
255
+ },
256
+ outputs: {
257
+ smart_credentials: { name: :v1_smart_credentials }
258
+ }
259
+ } do
260
+ title 'Standalone Launch With Patient Scope'
261
+ description %(
262
+ # Background
263
+
264
+ The [Standalone
265
+ Launch Sequence](http://hl7.org/fhir/smart-app-launch/STU2.2/app-launch.html#launch-app-standalone-launch)
266
+ allows an app, like Inferno, to be launched independent of an
267
+ existing EHR session. It is one of the two launch methods described in
268
+ the SMART App Launch Framework alongside EHR Launch. The app will
269
+ request authorization for the provided scope from the authorization
270
+ endpoint, ultimately receiving an authorization token which can be used
271
+ to gain access to resources on the FHIR server.
272
+
273
+ # Test Methodology
274
+
275
+ Inferno will redirect the user to the the authorization endpoint so that
276
+ they may provide any required credentials and authorize the application.
277
+ Upon successful authorization, Inferno will exchange the authorization
278
+ code provided for an access token.
279
+
280
+ For more information on the #{title}:
281
+
282
+ * [Standalone Launch
283
+ Sequence](http://hl7.org/fhir/smart-app-launch/STU2.2/app-launch.html#launch-app-standalone-launch)
284
+ )
285
+
286
+ test from: :g10_smart_scopes do
287
+ config(
288
+ options: {
289
+ requested_scope_version: :v1,
290
+ received_scope_version: :any,
291
+ required_scope_type: 'patient',
292
+ required_scopes: ['openid', 'fhirUser', 'launch/patient', 'offline_access']
293
+ }
294
+ )
295
+ end
296
+
297
+ test from: :g10_unauthorized_access,
298
+ config: {
299
+ inputs: {
300
+ patient_id: { name: :v1_patient_id }
301
+ }
302
+ }
303
+
304
+ test from: :g10_patient_context,
305
+ config: {
306
+ inputs: {
307
+ patient_id: { name: :v1_patient_id },
308
+ smart_credentials: { name: :v1_smart_credentials }
309
+ }
310
+ }
311
+
312
+ tests[0].config(
313
+ outputs: {
314
+ incorrectly_permitted_tls_versions_messages: {
315
+ name: :auth_incorrectly_permitted_tls_versions_messages
316
+ }
317
+ }
318
+ )
319
+
320
+ tests[3].config(
321
+ outputs: {
322
+ incorrectly_permitted_tls_versions_messages: {
323
+ name: :token_incorrectly_permitted_tls_versions_messages
324
+ }
325
+ }
326
+ )
327
+ end
211
328
 
212
329
  group from: :g10_unrestricted_resource_type_access,
213
330
  config: {
@@ -63,7 +63,11 @@ module ONCCertificationG10TestKit
63
63
  def element_with_invalid_binding
64
64
  @element_with_invalid_binding ||=
65
65
  find_a_value_at(path_source, binding_definition[:path]) do |element|
66
- invalid_binding? element
66
+ if element.is_a? USCoreTestKit::PrimitiveType
67
+ invalid_binding? element.value
68
+ else
69
+ invalid_binding? element
70
+ end
67
71
  end
68
72
  end
69
73
 
@@ -0,0 +1,97 @@
1
+ require 'smart_app_launch/token_introspection_group'
2
+
3
+ require_relative 'g10_options'
4
+
5
+ module ONCCertificationG10TestKit
6
+ class TokenIntrospectionGroupSTU22 < SMARTAppLaunch::SMARTTokenIntrospectionGroupSTU22
7
+ id :g10_token_introspection_stu2_2 # rubocop:disable Naming/VariableNumber
8
+
9
+ description <<~DESCRIPTION
10
+
11
+ This scenario verifies the ability of an authorization server to
12
+ perform token introspection in accordance with the [SMART App Launch STU2
13
+ Implementation Guide Section on Token
14
+ Introspection](https://hl7.org/fhir/smart-app-launch/STU2.2/token-introspection.html).
15
+ Inferno first acts as a registered SMART App Launch client to request and
16
+ receive a valid access token, and then as an authorized resource server that
17
+ queries the authorization server for information about this access token.
18
+
19
+ The system under test must perform the following in order to pass this
20
+ scenario:
21
+ * Issue a new bearer token to Inferno acting as a registered SMART App
22
+ Launch client. The tester has flexibility in deciding what type of SMART
23
+ App Launch client is used (e.g. public or confidential). This is
24
+ redundant to tests earlier in this test suite, but is performed to ensure
25
+ an active token can be introspected.
26
+ * Respond to a token introspection request from Inferno acting as a
27
+ resource server for both valid and invalid tokens. Systems have flexibility
28
+ in how access control for this service is implemented. To account for
29
+ this flexibility, the tester has the ability to add an Authorization
30
+ Header to the request (provided out-of-band of these tests), as well as
31
+ additional Introspect parameters, as allowed by the specification.
32
+
33
+ DESCRIPTION
34
+
35
+ input_instructions <<~INSTRUCTIONS
36
+ If the introspection endpoint is access controlled, testers must enter their own
37
+ HTTP Authorization header for the introspection request. See [RFC 7616 The
38
+ 'Basic' HTTP Authentication
39
+ Scheme](https://datatracker.ietf.org/doc/html/rfc7617) for the most common
40
+ approach that uses client credentials. Testers may also provide any
41
+ additional parameters needed for their authorization server to complete
42
+ the introspection request.
43
+
44
+ **Note:** For both the Authorization header and request parameters, user-input
45
+ values will be sent exactly as entered and therefore the tester must
46
+ URI-encode any appropriate values.
47
+ INSTRUCTIONS
48
+
49
+ run_as_group
50
+
51
+ input :well_known_introspection_url,
52
+ title: 'Token Introspection Endpoint',
53
+ description: <<~DESCRIPTION,
54
+ The complete URL of the token introspection endpoint. This will be
55
+ populated automatically if included in the server's discovery
56
+ endpoint.
57
+ DESCRIPTION
58
+ optional: true
59
+
60
+ input_order :url,
61
+ :well_known_introspection_url,
62
+ :custom_authorization_header,
63
+ :optional_introspection_request_params,
64
+ :standalone_client_id,
65
+ :standalone_client_secret,
66
+ :authorization_method,
67
+ :use_pkce,
68
+ :pkce_code_challenge_method,
69
+ :standalone_requested_scopes,
70
+ :token_introspection_auth_type,
71
+ :client_auth_encryption_method
72
+
73
+ config(
74
+ inputs: {
75
+ client_auth_type: {
76
+ name: :token_introspection_auth_type
77
+ }
78
+ }
79
+ )
80
+
81
+ groups.first.description <<~DESCRIPTION
82
+ These tests are perform discovery and a standalone launch in order to
83
+ receive a new, active access token that will be provided for token
84
+ introspection.
85
+ DESCRIPTION
86
+
87
+ groups[1].description <<~DESCRIPTION
88
+ This group of tests executes the token introspection requests and ensures
89
+ the correct HTTP response is returned but does not validate the contents
90
+ of the token introspection response.
91
+ DESCRIPTION
92
+
93
+ groups.first.groups.each do |group|
94
+ group.required_suite_options(G10Options::SMART_2_2_REQUIREMENT)
95
+ end
96
+ end
97
+ end
@@ -1,5 +1,5 @@
1
- require_relative 'g10_options'
2
1
  require_relative 'resource_access_test'
2
+ require_relative 'all_resources'
3
3
 
4
4
  module ONCCertificationG10TestKit
5
5
  class UnrestrictedResourceTypeAccessGroup < Inferno::TestGroup
@@ -30,7 +30,7 @@ module ONCCertificationG10TestKit
30
30
  If testing against USCDI v2, Encounter and ServiceRequest are also
31
31
  checked.
32
32
 
33
- If testing against USCDI v3, Encounter, ServiceRequest, Coverage,
33
+ If testing against USCDI v3 and v4, Encounter, ServiceRequest, Coverage,
34
34
  and MedicationDispense are also checked.
35
35
 
36
36
  For each of the resource types that can be mapped to USCDI data class or
@@ -64,14 +64,24 @@ module ONCCertificationG10TestKit
64
64
  * Practitioner
65
65
  * RelatedPerson
66
66
 
67
+ For USCDI v4 this includes:
68
+
69
+ * Organization
70
+ * Practitioner
71
+ * RelatedPerson
72
+
67
73
  It also does not test Provenance, as this resource type is accessed by
68
- queries through other resource types, or Specimen in USCDI v3 which only
69
- requires support for read and search by id. These resources types are
70
- accessed in the more comprehensive Single Patient Query tests.
74
+ queries through other resource types, or Specimen in USCDI v3 or Location from
75
+ USCDI v4 which only requires support for read and search by id. These resources
76
+ types are accessed in the more comprehensive Single Patient Query tests.
77
+
78
+ This test is not intended to check every resource type can be granted or not granted,
79
+ nor does it check resources that cannot be directly queried via a patient reference to
80
+ limit the complexity of the tests and effort required to run them.
71
81
 
72
82
  However, the authorization system must indicate that access is granted to
73
83
  the Encounter, Practitioner and Organization (and RelatedPerson and
74
- Specimen for USCDI v3) resource types by providing them in the returned
84
+ Specimen for USCDI v3 and v4) resource types by providing them in the returned
75
85
  scopes because they are required to support the read interaction.
76
86
  )
77
87
  id :g10_unrestricted_resource_type_access
@@ -84,30 +94,11 @@ module ONCCertificationG10TestKit
84
94
  oauth_credentials :smart_credentials
85
95
  end
86
96
 
87
- ALL_RESOURCES =
88
- [
89
- 'AllergyIntolerance',
90
- 'CarePlan',
91
- 'CareTeam',
92
- 'Condition',
93
- 'Device',
94
- 'DiagnosticReport',
95
- 'DocumentReference',
96
- 'Goal',
97
- 'Immunization',
98
- 'MedicationRequest',
99
- 'Observation',
100
- 'Procedure',
101
- 'Patient',
102
- 'Provenance',
103
- 'Encounter',
104
- 'Practitioner',
105
- 'Organization'
106
- ].freeze
97
+ V5_EXCLUDED_RESOURCES = ['RelatedPerson'].freeze
107
98
 
108
- V5_ALL_RESOURCES = (ALL_RESOURCES + ['ServiceRequest']).freeze
99
+ V6_EXCLUDED_RESOURCES = (V5_EXCLUDED_RESOURCES + ['Specimen']).freeze
109
100
 
110
- V6_ALL_RESOURCES = (V5_ALL_RESOURCES + ['Coverage', 'MedicationDispense']).freeze
101
+ V7_EXCLUDED_RESOURCES = V6_EXCLUDED_RESOURCES
111
102
 
112
103
  NON_PATIENT_COMPARTMENT_RESOURCES =
113
104
  [
@@ -126,8 +117,11 @@ module ONCCertificationG10TestKit
126
117
 
127
118
  V6_NON_PATIENT_COMPARTMENT_RESOURCES = V5_NON_PATIENT_COMPARTMENT_RESOURCES
128
119
 
120
+ V7_NON_PATIENT_COMPARTMENT_RESOURCES = V6_NON_PATIENT_COMPARTMENT_RESOURCES
121
+
129
122
  test do
130
123
  include G10Options
124
+ include AllResources
131
125
 
132
126
  title 'Scope granted enables access to all US Core resource types.'
133
127
  description %(
@@ -136,11 +130,13 @@ module ONCCertificationG10TestKit
136
130
  )
137
131
 
138
132
  def all_resources
139
- return V5_ALL_RESOURCES if using_us_core_5?
133
+ return all_required_resources - V5_EXCLUDED_RESOURCES if using_us_core_5?
140
134
 
141
- return V6_ALL_RESOURCES if using_us_core_6?
135
+ return all_required_resources - V6_EXCLUDED_RESOURCES if using_us_core_6?
142
136
 
143
- ALL_RESOURCES
137
+ return all_required_resources - V7_EXCLUDED_RESOURCES if using_us_core_7?
138
+
139
+ all_required_resources
144
140
  end
145
141
 
146
142
  def non_patient_compartment_resources
@@ -148,6 +144,8 @@ module ONCCertificationG10TestKit
148
144
 
149
145
  return V6_NON_PATIENT_COMPARTMENT_RESOURCES if using_us_core_6?
150
146
 
147
+ return V7_NON_PATIENT_COMPARTMENT_RESOURCES if using_us_core_7?
148
+
151
149
  NON_PATIENT_COMPARTMENT_RESOURCES
152
150
  end
153
151
 
@@ -433,5 +431,61 @@ module ONCCertificationG10TestKit
433
431
  USCoreTestKit::USCoreV610::MedicationDispenseGroup
434
432
  end
435
433
  end
434
+
435
+ test from: :g10_resource_access_test do
436
+ title 'Access to Encounter resources granted'
437
+ description %(
438
+ This test ensures that access to the Encounter is granted.
439
+ )
440
+ id :g10_us_core_7_encounter_unrestricted_access
441
+
442
+ required_suite_options G10Options::US_CORE_7_REQUIREMENT
443
+
444
+ def resource_group
445
+ USCoreTestKit::USCoreV700::EncounterGroup
446
+ end
447
+ end
448
+
449
+ test from: :g10_resource_access_test do
450
+ title 'Access to ServiceRequest resources granted'
451
+ description %(
452
+ This test ensures that access to the ServiceRequest is granted.
453
+ )
454
+ id :g10_us_core_7_service_request_unrestricted_access
455
+
456
+ required_suite_options G10Options::US_CORE_7_REQUIREMENT
457
+
458
+ def resource_group
459
+ USCoreTestKit::USCoreV700::ServiceRequestGroup
460
+ end
461
+ end
462
+
463
+ test from: :g10_resource_access_test do
464
+ title 'Access to Coverage resources granted'
465
+ description %(
466
+ This test ensures that access to the Coverage is granted.
467
+ )
468
+ id :g10_us_core_7_coverage_unrestricted_access
469
+
470
+ required_suite_options G10Options::US_CORE_7_REQUIREMENT
471
+
472
+ def resource_group
473
+ USCoreTestKit::USCoreV700::CoverageGroup
474
+ end
475
+ end
476
+
477
+ test from: :g10_resource_access_test do
478
+ title 'Access to MedicationDispense resources granted'
479
+ description %(
480
+ This test ensures that access to the MedicationDispense is granted.
481
+ )
482
+ id :g10_us_core_7_medication_dispense_unrestricted_access
483
+
484
+ required_suite_options G10Options::US_CORE_7_REQUIREMENT
485
+
486
+ def resource_group
487
+ USCoreTestKit::USCoreV700::MedicationDispenseGroup
488
+ end
489
+ end
436
490
  end
437
491
  end
@@ -1,3 +1,3 @@
1
1
  module ONCCertificationG10TestKit
2
- VERSION = '6.0.3'.freeze
2
+ VERSION = '7.0.1'.freeze
3
3
  end