Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mask locations of inaccessible assets on map #409

Merged
merged 6 commits into from Mar 31, 2022
Merged

Mask locations of inaccessible assets on map #409

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
6412ce8
Mask inaccessible assets (workaround for issue #200)
Flix6x Mar 30, 2022
c325134
fix limiting query to current account
nhoening Mar 30, 2022
19631ce
fix checking for ResponseTuples in API code (type() will say they are…
nhoening Mar 31, 2022
6c0bb2f
fix querying for null values
nhoening Mar 31, 2022
102f415
introduce a way for tests that test backend functionality to pretend …
nhoening Mar 31, 2022
8e3e41a
Changelog entry
Flix6x Mar 31, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
29 changes: 27 additions & 2 deletions flexmeasures/data/services/asset_grouping.py
View file
Open in desktop
Expand Up @@ -4,11 +4,13 @@
"""

from __future__ import annotations
from typing import List, Dict, Optional
from typing import List, Dict, Optional, Union
import inflect

from flask_security.core import current_user
from sqlalchemy.orm import Query

from flexmeasures.auth.policy import ADMIN_ROLE
from flexmeasures.utils.flexmeasures_inflection import parameterize, pluralize
from flexmeasures.data.models.generic_assets import (
GenericAssetType,
Expand All @@ -28,7 +30,7 @@ def get_asset_group_queries(
group_by_location: bool = False,
) -> Dict[str, Query]:
"""
An asset group is defined by Asset queries. Each query has a name, and we prefer pluralised names.
An asset group is defined by Asset queries. Each query has a name, and we prefer pluralised names.
They still need an executive call, like all(), count() or first().

This function limits the assets to be queried to the current user's account,
Expand Down Expand Up @@ -56,6 +58,8 @@ def get_asset_group_queries(
if group_by_location:
asset_queries.update(get_location_queries())

asset_queries = mask_inaccessible_assets(asset_queries)

return asset_queries


Expand Down Expand Up @@ -143,3 +147,24 @@ def parameterized_name(self) -> str:

def __str__(self):
return self.display_name


def mask_inaccessible_assets(
asset_queries: Union[Query, Dict[str, Query]]
) -> Union[Query, Dict[str, Query]]:
"""Filter out any assets that the user should not be able to access.

We do not explicitly check user authentication here, because non-authenticated users are not admins
and have no asset ownership, so applying this filter for non-admins masks all assets.
"""
if not current_user.has_role(ADMIN_ROLE):
if isinstance(asset_queries, dict):
for name, query in asset_queries.items():
asset_queries[name] = query.filter(
GenericAsset.owner == current_user.account
)
else:
asset_queries = asset_queries.filter(
GenericAsset.owner == current_user.account
)
return asset_queries