Basic Auth bug fix & test fixes. (#266)

**Description:**
Basic Auth bug fix & test fix.

`request.url.path` would return the absolute path f.e.:
`/collections/test-collection`
`request.scope.get("route").path` returns `/collections/{collection_id}`
which is correct for matching permissions


**PR Checklist:**

- [x] Code is formatted and linted (run `pre-commit run --all-files`)
- [x] Tests pass (run `make test`)
- [x] Documentation has been updated to reflect changes, if applicable
- [x] Changes are added to the changelog

---------

Co-authored-by: Jonathan Healy <jonathan.d.healy@gmail.com>

Author: pedro-cf

CHANGELOG.md

@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
 
 - API sort extension tests [#264](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/264)
+- Basic auth permission fix for checking route path instead of absolute path [#266](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/266)
 
 ## [v3.0.0a1]
 

stac_fastapi/core/stac_fastapi/core/basic_auth.py

@@ -61,7 +61,7 @@ def has_access(
         )
 
     permissions = user.get("permissions", [])
-    path = request.url.path
+    path = request.scope.get("route").path
     method = request.method
 
     if permissions == "*":

stac_fastapi/tests/basic_auth/test_basic_auth.py

@@ -74,7 +74,7 @@ async def test_delete_resource_insufficient_permissions(app_client_basic_auth, c
 
     assert response.status_code == 403
     assert response.json() == {
-        "detail": "Insufficient permissions for [DELETE /collections/test-collection]"
+        "detail": "Insufficient permissions for [DELETE /collections/{collection_id}]"
     }