github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Removed check_permission() from BaseView, closes #1677

Browse source 
Refs #1660
This commit is contained in:
Simon Willison 2022-03-21 11:41:56 -07:00
commit 194e4f6c3f
6 changed files with 16 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

1
datasette/app.py
View file

@ -639,6 +639,7 @@ class Datasette:
Raises datasette.Forbidden() if any of the checks fail Raises datasette.Forbidden() if any of the checks fail
""" """
assert actor is None or isinstance(actor, dict)
for permission in permissions: for permission in permissions:
if isinstance(permission, str): if isinstance(permission, str):
action = permission action = permission

10
datasette/views/base.py
View file

@ -66,16 +66,6 @@ class BaseView:
response.body = b"" response.body = b""
return response return response
async def check_permission(self, request, action, resource=None):
ok = await self.ds.permission_allowed(
request.actor,
action,
resource=resource,
default=True,
)
if not ok:
raise Forbidden(action)
def database_color(self, database): def database_color(self, database):
return "ff0000" return "ff0000"

2
datasette/views/database.py
View file

@ -229,7 +229,7 @@ class QueryView(DataView):
None, "view-query", (database, canned_query), default=True None, "view-query", (database, canned_query), default=True
) )
else: else:
await self.check_permission(request, "execute-sql", database) await self.ds.ensure_permissions(request.actor, [("execute-sql", database)])
# Extract any :named parameters # Extract any :named parameters
named_parameters = named_parameters or await derive_named_parameters( named_parameters = named_parameters or await derive_named_parameters(

2
datasette/views/index.py
View file

@ -20,7 +20,7 @@ class IndexView(BaseView):
async def get(self, request): async def get(self, request):
as_format = request.url_vars["format"] as_format = request.url_vars["format"]
await self.check_permission(request, "view-instance") await self.ds.ensure_permissions(request.actor, ["view-instance"])
databases = [] databases = []
for name, db in self.ds.databases.items(): for name, db in self.ds.databases.items():
visible, database_private = await check_visibility( visible, database_private = await check_visibility(

10
datasette/views/special.py
View file

@ -16,7 +16,7 @@ class JsonDataView(BaseView):
async def get(self, request): async def get(self, request):
as_format = request.url_vars["format"] as_format = request.url_vars["format"]
await self.check_permission(request, "view-instance") await self.ds.ensure_permissions(request.actor, ["view-instance"])
if self.needs_request: if self.needs_request:
data = self.data_callback(request) data = self.data_callback(request)
else: else:
@ -47,7 +47,7 @@ class PatternPortfolioView(BaseView):
has_json_alternate = False has_json_alternate = False
async def get(self, request): async def get(self, request):
await self.check_permission(request, "view-instance") await self.ds.ensure_permissions(request.actor, ["view-instance"])
return await self.render(["patterns.html"], request=request) return await self.render(["patterns.html"], request=request)
@ -95,7 +95,7 @@ class PermissionsDebugView(BaseView):
has_json_alternate = False has_json_alternate = False
async def get(self, request): async def get(self, request):
await self.check_permission(request, "view-instance") await self.ds.ensure_permissions(request.actor, ["view-instance"])
if not await self.ds.permission_allowed(request.actor, "permissions-debug"): if not await self.ds.permission_allowed(request.actor, "permissions-debug"):
raise Forbidden("Permission denied") raise Forbidden("Permission denied")
return await self.render( return await self.render(
@ -146,11 +146,11 @@ class MessagesDebugView(BaseView):
has_json_alternate = False has_json_alternate = False
async def get(self, request): async def get(self, request):
await self.check_permission(request, "view-instance") await self.ds.ensure_permissions(request.actor, ["view-instance"])
return await self.render(["messages_debug.html"], request) return await self.render(["messages_debug.html"], request)
async def post(self, request): async def post(self, request):
await self.check_permission(request, "view-instance") await self.ds.ensure_permissions(request.actor, ["view-instance"])
post = await request.post_vars() post = await request.post_vars()
message = post.get("message", "") message = post.get("message", "")
message_type = post.get("message_type") or "INFO" message_type = post.get("message_type") or "INFO"

13
tests/test_permissions.py
View file

@ -321,17 +321,20 @@ def test_permissions_debug(app_client):
checks = [ checks = [
{ {
"action": div.select_one(".check-action").text, "action": div.select_one(".check-action").text,
"result": bool(div.select(".check-result-true")), # True = green tick, False = red cross, None = gray None
"result": None
if div.select(".check-result-no-opinion")
else bool(div.select(".check-result-true")),
"used_default": bool(div.select(".check-used-default")), "used_default": bool(div.select(".check-used-default")),
} }
for div in check_divs for div in check_divs
] ]
assert [ assert checks == [
{"action": "permissions-debug", "result": True, "used_default": False}, {"action": "permissions-debug", "result": True, "used_default": False},
{"action": "view-instance", "result": True, "used_default": True}, {"action": "view-instance", "result": None, "used_default": True},
{"action": "permissions-debug", "result": False, "used_default": True}, {"action": "permissions-debug", "result": False, "used_default": True},
{"action": "view-instance", "result": True, "used_default": True}, {"action": "view-instance", "result": None, "used_default": True},
] == checks ]
@pytest.mark.parametrize( @pytest.mark.parametrize(