Skip to content

refactor the auth for user role editing#2228

Merged
Flix6x merged 11 commits into
mainfrom
fix/role-edit-auth
Jul 1, 2026
Merged

refactor the auth for user role editing#2228
Flix6x merged 11 commits into
mainfrom
fix/role-edit-auth

Conversation

@nhoening

@nhoening nhoening commented Jun 7, 2026

Copy link
Copy Markdown
Member

Description

Clearer and explicitly about the roles we protect

  • refactor auth_policy.can_edit_role()
  • do not show the admin role in the edit user form, as no one can edit it from there
  • Added changelog item in documentation/changelog.rst

How to test

Log in as the toy user and see which user roles you can edit. Make him a consultant and the toy account the consultancy of another account, then edit a user there.

… the roles we protect

Signed-off-by: Nicolas Höning <nicolas@seita.nl>
@nhoening nhoening added this to the 0.33.1 milestone Jun 7, 2026
@nhoening nhoening requested a review from Flix6x June 7, 2026 12:47
@nhoening nhoening self-assigned this Jun 7, 2026

@Flix6x Flix6x left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a changelog entry.

Comment thread flexmeasures/auth/policy.py
nhoening added 2 commits June 9, 2026 10:25
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
Comment thread flexmeasures/auth/policy.py Outdated
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
Comment thread flexmeasures/auth/policy.py Outdated
Comment thread flexmeasures/api/v3_0/users.py Outdated
Comment thread flexmeasures/api/v3_0/users.py
Comment thread flexmeasures/auth/tests/test_principal_matching.py
Comment thread flexmeasures/auth/tests/test_principal_matching.py Outdated
Comment thread flexmeasures/auth/policy.py Outdated
Comment thread flexmeasures/auth/policy.py Outdated
Comment thread flexmeasures/auth/policy.py Outdated
Comment thread flexmeasures/auth/policy.py Outdated
Comment thread flexmeasures/auth/policy.py Outdated
nhoening added 3 commits June 30, 2026 16:59
… if we encounter a disallowed entry

Signed-off-by: Nicolas Höning <nicolas@seita.nl>
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
…the last new role is allowed

Signed-off-by: Nicolas Höning <nicolas@seita.nl>
@nhoening nhoening requested a review from Flix6x June 30, 2026 15:22
Flix6x added 4 commits July 1, 2026 11:48
Signed-off-by: F.N. Claessen <claessen@seita.nl>
Signed-off-by: F.N. Claessen <claessen@seita.nl>
Signed-off-by: F.N. Claessen <claessen@seita.nl>
@Flix6x Flix6x merged commit d54024d into main Jul 1, 2026
12 checks passed
@Flix6x Flix6x deleted the fix/role-edit-auth branch July 1, 2026 10:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants