stac-utils · jonhealy1 · May 30, 2024 · May 29, 2024 · May 30, 2024 · May 30, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
 
 - API sort extension tests [#264](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/264)
+- Basic auth permission fix for checking route path instead of absolute path [#266](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/266)
 
 ## [v3.0.0a1]
 

diff --git a/stac_fastapi/core/stac_fastapi/core/basic_auth.py b/stac_fastapi/core/stac_fastapi/core/basic_auth.py
@@ -61,7 +61,7 @@ def has_access(
         )
 
     permissions = user.get("permissions", [])
-    path = request.url.path
+    path = request.scope.get("route").path
     method = request.method
 
     if permissions == "*":

diff --git a/stac_fastapi/tests/basic_auth/test_basic_auth.py b/stac_fastapi/tests/basic_auth/test_basic_auth.py
@@ -74,7 +74,7 @@ async def test_delete_resource_insufficient_permissions(app_client_basic_auth, c
 
     assert response.status_code == 403
     assert response.json() == {
-        "detail": "Insufficient permissions for [DELETE /collections/test-collection]"
+        "detail": "Insufficient permissions for [DELETE /collections/{collection_id}]"
     }