flexmeasures.auth.policy

Tooling & docs for implementing our auth policy

Functions

flexmeasures.auth.policy.can_modify_role(user, roles_to_modify, modified_user) bool

For a set of supported roles, check if the current user can modify the roles.

Parameters:
  • user – The current attempting to modify a role.

  • roles_to_modify – A list of roles to modify - can be a Role or a role ID.

  • modified_user – The user whose roles are being modified.

Returns:

True if the user can modify each of the roles, False otherwise.

The roles are: - admin: can only be changed in CLI / directly in the DB, so not here - admin-reader: can be added and removed by admins - account-admin: can be added and removed by admins and consultants (in consultancy account) - consultant: can be added and removed by admins and account-admins (in same account)

flexmeasures.auth.policy.check_access(context: AuthModelMixin, permission: str)

Check if current user can access this auth context if this permission is required, either with admin rights or principal(s).

Raises 401 or 403 otherwise.

flexmeasures.auth.policy.check_account_membership(user, principal: str) bool
flexmeasures.auth.policy.check_account_role(user, principal: str) bool
flexmeasures.auth.policy.check_user_identity(user, principal: str) bool
flexmeasures.auth.policy.check_user_role(user, principal: str) bool
flexmeasures.auth.policy.user_can_add_accounts() bool

Check if the current user can create new accounts.

Uses the ACL system to verify the user has permission to create accounts on the FlexMeasures platform.

Returns:

True if user has permission, False otherwise.

flexmeasures.auth.policy.user_has_admin_access(user, permission: str) bool
flexmeasures.auth.policy.user_matches_principals(user, principals: str | tuple[str] | list[str | tuple[str] | None] | None) bool

Tests if the user matches all passed principals. Returns False if no principals are passed.

Classes

class flexmeasures.auth.policy.AuthModelMixin
class flexmeasures.auth.policy.FlexMeasuresPlatform

Virtual platform resource to authorize top-level creations.