FlexMeasures · Flix6x · Sep 6, 2022 · Sep 6, 2022 · Sep 6, 2022 · Sep 6, 2022
diff --git a/documentation/changelog.rst b/documentation/changelog.rst
@@ -19,12 +19,13 @@ Infrastructure / Support
 * Remove bokeh dependency and obsolete UI views [see `PR #476 <http://www.github.com/FlexMeasures/flexmeasures/pull/476>`_]
 
 
-v0.11.2 | September XX, 2022
+v0.11.2 | September 6, 2022
 ============================
 
 Bugfixes
 -----------
 * Fix regression for sensors recording non-instantaneous values [see `PR #498 <http://www.github.com/FlexMeasures/flexmeasures/pull/498>`_]
+* Fix broken auth check for creating assets with CLI [see `PR #497 <http://www.github.com/FlexMeasures/flexmeasures/pull/497>`_]
 
 
 v0.11.1 | September 5, 2022

diff --git a/flexmeasures/data/queries/utils.py b/flexmeasures/data/queries/utils.py
@@ -13,9 +13,9 @@
 from flexmeasures.data.models.generic_assets import GenericAsset
 from flexmeasures.data.models.data_sources import DataSource
 from flexmeasures.utils import flexmeasures_inflection
+from flexmeasures.auth.policy import user_has_admin_access
 from flexmeasures.cli import is_running as running_as_cli
 import flexmeasures.data.models.time_series as ts  # noqa: F401
-from flexmeasures.auth.policy import ADMIN_ROLE, ADMIN_READER_ROLE
 
 
 def create_beliefs_query(
@@ -53,10 +53,8 @@ def potentially_limit_assets_query_to_account(
     """
     if not running_as_cli() and not current_user.is_authenticated:
         raise Forbidden("Unauthenticated user cannot list assets.")
-    user_is_admin = (
-        running_as_cli()
-        or current_user.has_role(ADMIN_ROLE)
-        or (query.statement.is_select and current_user.has_role(ADMIN_READER_ROLE))
+    user_is_admin = running_as_cli() or user_has_admin_access(
+        current_user, permission="read" if query.statement.is_select else "update"
     )
     if account_id is None and user_is_admin:
         return query  # allow admins to query assets across all accounts

diff --git a/flexmeasures/data/schemas/generic_assets.py b/flexmeasures/data/schemas/generic_assets.py
@@ -13,6 +13,7 @@
     with_appcontext_if_needed,
 )
 from flexmeasures.auth.policy import user_has_admin_access
+from flexmeasures.cli import is_running as running_as_cli
 
 
 class JSON(fields.Field):
@@ -68,7 +69,7 @@ def validate_account(self, account_id: int):
         account = Account.query.get(account_id)
         if not account:
             raise ValidationError(f"Account with Id {account_id} doesn't exist.")
-        if (
+        if not running_as_cli() and (
             not user_has_admin_access(current_user, "update")
             and account_id != current_user.account_id
         ):