flexmeasures.auth.policy

Tooling & docs for implementing our auth policy

Functions

flexmeasures.auth.policy.can_modify_role(user, roles_to_modify) → bool

For a set of supported roles, check if the current user can modify the roles.

Parameters:

• user – The current user.

• roles_to_modify – A list of roles to modify.

Returns:

True if the user can modify the roles, False otherwise.

The roles are: - admin: can only be changed in CLI / directly in the DB - admin-reader: can be added and removed by admins - account-admin: can be added and removed by admins and consultants - consultant: can be added and removed by admins and account-admins

flexmeasures.auth.policy.check_access(context: AuthModelMixin, permission: str)

Check if current user can access this auth context if this permission is required, either with admin rights or principal(s).

Raises 401 or 403 otherwise.

flexmeasures.auth.policy.check_account_membership(user, principal: str) → bool

flexmeasures.auth.policy.check_account_role(user, principal: str) → bool

flexmeasures.auth.policy.check_user_identity(user, principal: str) → bool

flexmeasures.auth.policy.check_user_role(user, principal: str) → bool

flexmeasures.auth.policy.user_has_admin_access(user, permission: str) → bool

flexmeasures.auth.policy.user_matches_principals(user, principals: str | Tuple[str] | List[str | Tuple[str]]) → bool

Tests if the user matches all passed principals. Returns False if no principals are passed.

Classes

class flexmeasures.auth.policy.AuthModelMixin