Improvements to allow block logic and debug tool

true and false allow block values are now supported, closes #906

Added a bunch of demo links to the documentation, refs #908

datasette/templates/allow_debug.html

@@ -36,14 +36,14 @@ p.message-warning {
 <p>Use this tool to try out different actor and allow combinations. See <a href="https://datasette.readthedocs.io/en/stable/authentication.html#defining-permissions-with-allow-blocks">Defining permissions with "allow" blocks</a> for documentation.</p>
 
 <form action="/-/allow-debug" method="get">
-    <div class="two-col">
-        <p><label>Actor</label></p>
-        <textarea name="actor">{{ actor_input }}</textarea>
-    </div>
     <div class="two-col">
         <p><label>Allow block</label></p>
         <textarea name="allow">{{ allow_input }}</textarea>
     </div>
+    <div class="two-col">
+        <p><label>Actor</label></p>
+        <textarea name="actor">{{ actor_input }}</textarea>
+    </div>
     <div style="margin-top: 1em;">
         <input type="submit" value="Apply allow block to actor">
     </div>

datasette/utils/__init__.py

@@ -874,6 +874,10 @@ async def async_call_with_supported_arguments(fn, **kwargs):
 
 
 def actor_matches_allow(actor, allow):
+    if allow is True:
+        return True
+    if allow is False:
+        return False
     if actor is None and allow and allow.get("unauthenticated") is True:
         return True
     if allow is None: