From 1a3dcf494376e32f7cff110c86a88e5b0a3f3924 Mon Sep 17 00:00:00 2001 From: Simon Willison Date: Tue, 13 Dec 2022 21:19:31 -0800 Subject: [PATCH] Don't include _memory on /-/create-token, refs #1947 --- datasette/views/special.py | 2 +- tests/test_auth.py | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/datasette/views/special.py b/datasette/views/special.py index 1b100a1f..075e8a45 100644 --- a/datasette/views/special.py +++ b/datasette/views/special.py @@ -235,7 +235,7 @@ class CreateTokenView(BaseView): # Build list of databases and tables the user has permission to view database_with_tables = [] for database in self.ds.databases.values(): - if database.name == "_internal": + if database.name in ("_internal", "_memory"): continue if not await self.ds.permission_allowed( request.actor, "view-database", database.name diff --git a/tests/test_auth.py b/tests/test_auth.py index 76b13c1e..dd1b61e3 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -1,3 +1,4 @@ +from bs4 import BeautifulSoup as Soup from .fixtures import app_client from click.testing import CliRunner from datasette.utils import baseconv @@ -160,6 +161,17 @@ def test_auth_create_token( response = app_client.get("/-/create-token", cookies={"ds_actor": ds_actor}) assert response.status == 200 assert ">Create an API token<" in response.text + # Confirm some aspects of expected set of checkboxes + soup = Soup(response.text, "html.parser") + checkbox_names = {el["name"] for el in soup.select('input[type="checkbox"]')} + assert checkbox_names.issuperset( + { + "all:view-instance", + "all:view-query", + "database:fixtures:drop-table", + "resource:fixtures:foreign_key_references:insert-row", + } + ) # Now try actually creating one response2 = app_client.post( "/-/create-token",