Backport PR #497: Fix creation of assets from CLI (#497)

Fix broken auth check for creating assets with CLI. * allow to create assets from CLI (lighten restriction in input validation) Signed-off-by: Nicolas Höning <nicolas@seita.nl> * small refactoring to use auth logic Signed-off-by: Nicolas Höning <nicolas@seita.nl> * Changelog entry Signed-off-by: F.N. Claessen <felix@seita.nl> Signed-off-by: Nicolas Höning <nicolas@seita.nl> Signed-off-by: F.N. Claessen <felix@seita.nl> Co-authored-by: F.N. Claessen <felix@seita.nl> Signed-off-by: F.N. Claessen <felix@seita.nl>
FlexMeasures · Sep 6, 2022 · b2a9ce2 · b2a9ce2
1 parent ab80ae8
commit b2a9ce2
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/documentation/changelog.rst b/documentation/changelog.rst
@@ -2,12 +2,13 @@
 FlexMeasures Changelog
 **********************
 
-v0.11.2 | September XX, 2022
+v0.11.2 | September 6, 2022
 ============================
 
 Bugfixes
 -----------
 * Fix regression for sensors recording non-instantaneous values [see `PR #498 <http://www.github.com/FlexMeasures/flexmeasures/pull/498>`_]
+* Fix broken auth check for creating assets with CLI [see `PR #497 <http://www.github.com/FlexMeasures/flexmeasures/pull/497>`_]
 
 
 v0.11.1 | September 5, 2022

diff --git a/flexmeasures/data/queries/utils.py b/flexmeasures/data/queries/utils.py
@@ -13,9 +13,9 @@
 from flexmeasures.data.models.generic_assets import GenericAsset
 from flexmeasures.data.models.data_sources import DataSource
 from flexmeasures.utils import flexmeasures_inflection
+from flexmeasures.auth.policy import user_has_admin_access
 from flexmeasures.cli import is_running as running_as_cli
 import flexmeasures.data.models.time_series as ts  # noqa: F401
-from flexmeasures.auth.policy import ADMIN_ROLE, ADMIN_READER_ROLE
 
 
 def create_beliefs_query(
@@ -53,10 +53,8 @@ def potentially_limit_assets_query_to_account(
     """
     if not running_as_cli() and not current_user.is_authenticated:
         raise Forbidden("Unauthenticated user cannot list assets.")
-    user_is_admin = (
-        running_as_cli()
-        or current_user.has_role(ADMIN_ROLE)
-        or (query.statement.is_select and current_user.has_role(ADMIN_READER_ROLE))
+    user_is_admin = running_as_cli() or user_has_admin_access(
+        current_user, permission="read" if query.statement.is_select else "update"
     )
     if account_id is None and user_is_admin:
         return query  # allow admins to query assets across all accounts

diff --git a/flexmeasures/data/schemas/generic_assets.py b/flexmeasures/data/schemas/generic_assets.py
@@ -13,6 +13,7 @@
     with_appcontext_if_needed,
 )
 from flexmeasures.auth.policy import user_has_admin_access
+from flexmeasures.cli import is_running as running_as_cli
 
 
 class JSON(fields.Field):
@@ -68,7 +69,7 @@ def validate_account(self, account_id: int):
         account = Account.query.get(account_id)
         if not account:
             raise ValidationError(f"Account with Id {account_id} doesn't exist.")
-        if (
+        if not running_as_cli() and (
             not user_has_admin_access(current_user, "update")
             and account_id != current_user.account_id
         ):