Merge branch 'main' into 754-depricate-flask-env

Signed-off-by: GustaafL <41048720+GustaafL@users.noreply.github.com>

documentation/api/change_log.rst

@@ -5,6 +5,11 @@ API change log
 
 .. note:: The FlexMeasures API follows its own versioning scheme. This is also reflected in the URL (e.g. `/api/v3_0`), allowing developers to upgrade at their own pace.
 
+v3.0-14 | 2023-12-07
+""""""""""""""""""""
+
+- Fix API version listing (GET /api/v3_0) for hosts running on Python 3.8.
+
 v3.0-13 | 2023-10-31
 """"""""""""""""""""
 

documentation/changelog.rst

@@ -7,19 +7,41 @@ v0.18.0 | December XX, 2023
 ============================
 
 .. warning:: This version replaces FLASK_ENV with FLEXMEASURES_ENV (FLASK_ENV will still be used as a fallback).
+.. warning:: Upgrading to this version requires running ``flexmeasures db upgrade`` (you can create a backup first with ``flexmeasures db-ops dump``).
 
 New features
 -------------
 
+* Better navigation experience through listings (sensors / assets / users / accounts) in the :abbr:`UI (user interface)`, by heading to the selected entity upon a click (or CTRL + click) anywhere within a row [see `PR #923 <https://github.com/FlexMeasures/flexmeasures/pull/923>`_]
+* New flexmeasures configuration setting `FLEXMEASURES_ENFORCE_SECURE_CONTENT_POLICY` for upgrading insecure `http` requests to secured requests `https` [see `PR #920 <https://github.com/FlexMeasures/flexmeasures/pull/920>`_]
+
 Infrastructure / Support
 ----------------------
 
-- Deprecate use of flask's ``FLASK_ENV`` variable and replace it with ``FLEXMEASURES_ENV`` [see `PR #907 <https://github.com/FlexMeasures/flexmeasures/pull/907>`_]
-# New documentation section on constructing a flex model for :abbr:`V2G (vehicle-to-grid)` [see `PR #885 <https://github.com/FlexMeasures/flexmeasures/pull/885>`_]
+* Deprecate use of flask's ``FLASK_ENV`` variable and replace it with ``FLEXMEASURES_ENV`` [see `PR #907 <https://github.com/FlexMeasures/flexmeasures/pull/907>`_]
+* New documentation section on constructing a flex model for :abbr:`V2G (vehicle-to-grid)` [see `PR #885 <https://github.com/FlexMeasures/flexmeasures/pull/885>`_]
+* Remove obsolete database tables `price`, `power`, `market`, `market_type`, `weather`, `asset`, and `weather_sensor` [see `PR #921 <https://github.com/FlexMeasures/flexmeasures/pull/921>`_]
+* New documentation section on constructing a flex model for :abbr:`V2G (vehicle-to-grid)` [see `PR #885 <https://github.com/FlexMeasures/flexmeasures/pull/885>`_]
+* Allow charts in plugins to show currency codes (such as EUR) as currency symbols (€) [see `PR #922 <https://github.com/FlexMeasures/flexmeasures/pull/922>`_]
+
+Bugfixes
+-----------
+
+* Give `admin-reader` role access to the RQ Scheduler dashboard [see `PR #901 <https://github.com/FlexMeasures/flexmeasures/pull/901>`_]
+* Assets without a geographical position (i.e. no lat/lng coordinates) can be edited through the UI [see `PR #924 <https://github.com/FlexMeasures/flexmeasures/pull/924>`_]
+
+
+v0.17.1 | December 7, 2023
+============================
 
 Bugfixes
 -----------
 
+* Show `Assets`, `Users`, `Tasks` and `Accounts` pages in the navigation bar for the `admin-reader` role [see `PR #900 <https://github.com/FlexMeasures/flexmeasures/pull/900>`_]
+* Reduce worker logs when datetime exceeds the end of the schedule [see `PR #918 <https://github.com/FlexMeasures/flexmeasures/pull/918>`_]
+* Fix infeasible problem due to incorrect estimation of the big-M value [see `PR #905 <https://github.com/FlexMeasures/flexmeasures/pull/905>`_]
+* Fix API version listing (GET /api/v3_0) for hosts running on Python 3.8 [see `PR #917 <https://github.com/FlexMeasures/flexmeasures/pull/917>`_]
+
 
 v0.17.0 | November 8, 2023
 ============================

documentation/configuration.rst

@@ -104,7 +104,7 @@ FLEXMEASURES_PROFILE_REQUESTS
 
 If True, the processing time of requests are profiled.
 
-The overall time used by requests are logged to the console. In addiition, if `pyinstrument` is installed, then a profiling report is made (of time being spent in different function calls) for all Flask API endpoints.
+The overall time used by requests are logged to the console. In addition, if `pyinstrument` is installed, then a profiling report is made (of time being spent in different function calls) for all Flask API endpoints.
 
 The profiling results are stored in the ``profile_reports`` folder in the instance directory.
 
@@ -384,7 +384,9 @@ You can use this setting to overwrite that URI and point the tests to an (empty)
 Security
 --------
 
-This is only a selection of the most important settings.
+Settings to ensure secure handling of credentials and data.
+
+For Flask-Security and Flask-Cors (setting names start with "SECURITY" or "CORS"), this is only a selection of the most important settings.
 See `the Flask-Security Docs <https://flask-security-too.readthedocs.io/en/stable/configuration.html>`_ as well as the `Flask-CORS docs <https://flask-cors.readthedocs.io/en/latest/configuration.html>`_ for all possibilities.
 
 SECRET_KEY (**)
@@ -453,6 +455,13 @@ Allows users to make authenticated requests. If true, injects the Access-Control
 Default: ``True``
 
 
+FLEXMEASURES_ENFORCE_SECURE_CONTENT_POLICY
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+When ``FLEXMEASURES_ENFORCE_SECURE_CONTENT_POLICY`` is set to ``True``, the ``<meta>`` tag with the ``Content-Security-Policy`` directive, specifically ``upgrade-insecure-requests``, is included in the HTML head. This directive instructs the browser to upgrade insecure requests from ``http`` to ``https``. One example of a use case for this is if you have a load balancer in front of FlexMeasures, which is secured with a certificate and only accepts https.
+
+Default: ``False``
+
 
 .. _mail-config:
 

flexmeasures/api/v3_0/public.py

@@ -31,7 +31,7 @@ def index(self):
                 methods: str = "/".join(
                     [m for m in rule.methods if m not in ("OPTIONS", "HEAD")]
                 )
-                stripped_url = url.removeprefix(self.route_base)
+                stripped_url = removeprefix(url, self.route_base)
                 full_url = (
                     request.url_root.removesuffix("/") + url
                     if url.startswith("/")
@@ -75,3 +75,15 @@ def quickref_directive(content):
             break
 
     return description
+
+
+def removeprefix(text: str, prefix: str) -> str:
+    """Remove a prefix from a text.
+
+    todo: use text.removeprefix(prefix) instead of this method, after dropping support for Python 3.8
+          See https://docs.python.org/3.9/library/stdtypes.html#str.removeprefix
+    """
+    if text.startswith(prefix):
+        return text[len(prefix) :]
+    else:
+        return text

flexmeasures/conftest.py

@@ -777,10 +777,46 @@ def create_test_battery_assets(
         ),
     )
     db.session.add(test_battery_sensor_no_prices)
+
+    test_small_battery = GenericAsset(
+        name="Test small battery",
+        owner=setup_accounts["Prosumer"],
+        generic_asset_type=battery_type,
+        latitude=10,
+        longitude=100,
+        attributes=dict(
+            capacity_in_mw=0.01,
+            max_soc_in_mwh=0.01,
+            min_soc_in_mwh=0,
+            soc_in_mwh=0.005,
+            soc_datetime="2040-01-01T00:00+01",
+            soc_udi_event_id=203,
+            market_id=setup_markets["epex_da"].id,
+            is_consumer=True,
+            is_producer=True,
+            can_curtail=True,
+            can_shift=True,
+        ),
+    )
+
+    test_battery_sensor_small = Sensor(
+        name="power",
+        generic_asset=test_small_battery,
+        event_resolution=timedelta(minutes=15),
+        unit="MW",
+        attributes=dict(
+            daily_seasonality=True,
+            weekly_seasonality=True,
+            yearly_seasonality=True,
+        ),
+    )
+    db.session.add(test_battery_sensor_small)
+
     db.session.flush()
     return {
         "Test battery": test_battery,
         "Test battery with no known prices": test_battery_no_prices,
+        "Test small battery": test_small_battery,
     }