1 files changed, 10 insertions, 5 deletions

diff --git a/opendc-web/opendc-web-api/opendc/api/scenarios.py b/opendc-web/opendc-web-api/opendc/api/scenarios.py
index b566950a..eacb0b49 100644
--- a/opendc-web/opendc-web-api/opendc/api/scenarios.py
+++ b/opendc-web/opendc-web-api/opendc/api/scenarios.py
@@ -24,7 +24,7 @@ from marshmallow import Schema, fields
 
 from opendc.models.scenario import Scenario as ScenarioModel, ScenarioSchema
 from opendc.models.portfolio import Portfolio
-from opendc.exts import current_user, requires_auth
+from opendc.exts import current_user, requires_auth, has_scope
 
 
 class Scenario(Resource):
@@ -37,8 +37,12 @@ class Scenario(Resource):
         """Get scenario by identifier."""
         scenario = ScenarioModel.from_id(scenario_id)
         scenario.check_exists()
-        scenario.check_user_access(current_user['sub'], False)
-        data = scenario.obj
+
+        # Users with scope runner can access all scenarios
+        if not has_scope('runner'):
+            scenario.check_user_access(current_user['sub'], False)
+
+        data = ScenarioSchema().dump(scenario.obj)
         return {'data': data}
 
     def put(self, scenario_id):
@@ -54,7 +58,7 @@ class Scenario(Resource):
         scenario.set_property('name', result['scenario']['name'])
 
         scenario.update()
-        data = scenario.obj
+        data = ScenarioSchema().dump(scenario.obj)
         return {'data': data}
 
     def delete(self, scenario_id):
@@ -72,7 +76,8 @@ class Scenario(Resource):
         portfolio.update()
 
         old_object = scenario.delete()
-        return {'data': old_object}
+        data = ScenarioSchema().dump(old_object)
+        return {'data': data}
 
     class PutSchema(Schema):
         """