diff --git a/datasette/templates/database.html b/datasette/templates/database.html
index 1187267d..089142e2 100644
--- a/datasette/templates/database.html
+++ b/datasette/templates/database.html
@@ -18,7 +18,7 @@
{% block content %}
-{{ metadata.title or database }}
+{{ metadata.title or database }}{% if private %} 🔒{% endif %}
{% block description_source_license %}{% include "_description_source_license.html" %}{% endblock %}
diff --git a/datasette/views/database.py b/datasette/views/database.py
index afbb6b05..2d7e6b31 100644
--- a/datasette/views/database.py
+++ b/datasette/views/database.py
@@ -86,6 +86,9 @@ class DatabaseView(DataView):
"hidden_count": len([t for t in tables if t["hidden"]]),
"views": views,
"queries": canned_queries,
+ "private": not await self.ds.permission_allowed(
+ None, "view-database", "database", database
+ ),
},
{
"show_hidden": request.args.get("_show_hidden"),
diff --git a/tests/test_permissions.py b/tests/test_permissions.py
index 5dcf46ad..d76d1e15 100644
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@@ -43,10 +43,20 @@ def test_view_database(allow, expected_anon, expected_auth):
):
anon_response = client.get(path)
assert expected_anon == anon_response.status
+ if allow and path == "/fixtures" and anon_response.status == 200:
+ # Should be no padlock
+ assert ">fixtures 🔒" not in anon_response.text
auth_response = client.get(
path, cookies={"ds_actor": client.ds.sign({"id": "root"}, "actor")},
)
assert expected_auth == auth_response.status
+ if (
+ allow
+ and path == "/fixtures"
+ and expected_anon == 403
+ and expected_auth == 200
+ ):
+ assert ">fixtures 🔒" in auth_response.text
def test_database_list_respects_view_database():