flexmeasures.auth.policy
Tooling & docs for implementing our auth policy
Functions
- flexmeasures.auth.policy.can_modify_role(user, roles_to_modify, modified_user) bool
For a set of supported roles, check if the current user can modify the roles.
- Parameters:
user – The current attempting to modify a role.
roles_to_modify – A list of roles to modify - can be a Role or a role ID.
modified_user – The user whose roles are being modified.
- Returns:
True if the user can modify the roles, False otherwise.
The roles are: - admin: can only be changed in CLI / directly in the DB, so not here - admin-reader: can be added and removed by admins - account-admin: can be added and removed by admins and consultants (in consultancy account) - consultant: can be added and removed by admins and account-admins (in same account)
- flexmeasures.auth.policy.check_access(context: AuthModelMixin, permission: str)
Check if current user can access this auth context if this permission is required, either with admin rights or principal(s).
Raises 401 or 403 otherwise.
- flexmeasures.auth.policy.user_matches_principals(user, principals: str | Tuple[str] | List[str | Tuple[str] | None] | None) bool
Tests if the user matches all passed principals. Returns False if no principals are passed.
Classes
- class flexmeasures.auth.policy.AuthModelMixin