Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* make flexmeasures.auth its own top-level package * fix issue in naturaltime test due to humanize lib adding a year if date is older than 5 months * central auth policy with decorators and error handling. Added account roles decorators. User role decorators respect admin access. Added unified error handler for all API calls (invalid_sender). * apply new decorators to endoints, switch some user-role-dependent code to account-role checking * properly comment out a Jinja comment which should not be rendered * make tests work in changed auth world. * changelog entry * documentation add documentation about account authorization * add missing dev/auth chapter * rename services chapter in docs to inbuilt-smart-functionality * remove unused code * use the ADMIN_ROLE name throughout * implement smaller review comments * give test users better names and email adresses * More straightforward use of test users: add a true admin user in main conftest and use it where necessary; use dummy user instead of moving a user between accounts * create new admin user last, so somw tests which assume users ids 1 or 2 will use the correct test user * move changelog entry to v0.8.0 * remove unused imports * implement review comments about documentation and docstrings * one more typo
- Loading branch information
Showing
75 changed files
with
865 additions
and
619 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
.. _auth-dev: | ||
|
||
Custom authorization | ||
====================== | ||
|
||
Our :ref:`auth` section describes general authentication and authorization handling in FlexMeasures. However, custom energy flexibility services developed on top of FlexMeasures probably also need their custom authorization. | ||
|
||
One means for this is to define custom account roles. E.g. if several services run on one FlexMeasures server, each service could define a "MyService-subscriber" account role. To make sure that only users of such accounts can use the endpoints: | ||
|
||
.. code-block:: python | ||
@flexmeasures_ui.route("/bananas") | ||
@account_roles_required("MyService-subscriber") | ||
def bananas_view: | ||
pass | ||
.. note:: This endpoint decorator lists required roles, so the authenticated user's account needs to have each role. You can also use the ``account_roles_accepted`` decorator. Then the user's account only needs to have at least one of the roles. | ||
|
||
There are also decorators to check user roles: | ||
|
||
.. code-block:: python | ||
@flexmeasures_ui.route("/bananas") | ||
@roles_required("account-admin") | ||
def bananas_view: | ||
pass | ||
.. note:: You can also use the ``roles_accepted`` decorator. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.