Better support for the admin-reader role and various smaller fixes in role-based authorization

[nhoening]

No description provided.

[coveralls]

Pull Request Test Coverage Report for Build 2235467151

• 12 of 15 (80.0%) changed or added relevant lines in 5 files are covered.
• 46 unchanged lines in 3 files lost coverage.
• Overall coverage decreased (-0.02%) to 68.564%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
flexmeasures/ui/crud/users.py	8	9	88.89%
flexmeasures/api/play/routes.py	0	2	0.0%

Files with Coverage Reduction	New Missed Lines	%
flexmeasures/data/schemas/sensors.py	1	79.59%
flexmeasures/cli/data_add.py	21	31.59%
flexmeasures/utils/config_utils.py	24	31.3%

Totals
Change from base Build 2207250748:	-0.02%
Covered Lines:	7061
Relevant Lines:	9770

---

💛 - Coveralls

[Flix6x]

Can you guide me through this PR a bit? I find it hard to derive from reading the commit messages. For example, why did the removed test become redundant?

[nhoening]

Sorry that there are a few things in here.

The big picture is to help admin-reader to actually read users (fixed in CRUD) and sensors (fixed in the sensor API).

On the way I noticed how

• there is a bug in the roles_accepted decorator
• we should always be using our decorators, not flask_security's
• The CRUD endpoint GET /users/ was still using the v2 asset API

The test is removed because that endpoint stops doing an auth check. It now gives you only your account if you're not an admin, and all otherwise (which was the default behavior before).

[Flix6x]

Thanks for clarifying. That helped a lot. I only have an issue with removing that test.

And to me it looks like we should also backport this PR to 0.9.x.

[nhoening]

We should release v0.10 soonish, and the bugs in this don't seem overly impactful, so for me back-porting is not required.

[Flix6x]

Okay.