mirror of
https://github.com/simonw/datasette.git
synced 2025-12-10 16:51:24 +01:00
Renamed resource_identifier to resource, refs #817
This commit is contained in:
Simon Willison
parent
c9f1ec616e
commit
799c5d5357
12 changed files with 40 additions and 47 deletions
|
|
@ -464,16 +464,11 @@ class Datasette:
|
|||
else:
|
||||
return []
|
||||
|
||||
async def permission_allowed(
|
||||
self, actor, action, resource_identifier=None, default=False
|
||||
):
|
||||
async def permission_allowed(self, actor, action, resource=None, default=False):
|
||||
"Check permissions using the permissions_allowed plugin hook"
|
||||
result = None
|
||||
for check in pm.hook.permission_allowed(
|
||||
datasette=self,
|
||||
actor=actor,
|
||||
action=action,
|
||||
resource_identifier=resource_identifier,
|
||||
datasette=self, actor=actor, action=action, resource=resource,
|
||||
):
|
||||
if callable(check):
|
||||
check = check()
|
||||
|
|
@ -490,7 +485,7 @@ class Datasette:
|
|||
"when": datetime.datetime.utcnow().isoformat(),
|
||||
"actor": actor,
|
||||
"action": action,
|
||||
"resource_identifier": resource_identifier,
|
||||
"resource": resource,
|
||||
"used_default": used_default,
|
||||
"result": result,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ from datasette.utils import actor_matches_allow
|
|||
|
||||
|
||||
@hookimpl
|
||||
def permission_allowed(datasette, actor, action, resource_identifier):
|
||||
def permission_allowed(datasette, actor, action, resource):
|
||||
if action == "permissions-debug":
|
||||
if actor and actor.get("id") == "root":
|
||||
return True
|
||||
|
|
@ -12,12 +12,12 @@ def permission_allowed(datasette, actor, action, resource_identifier):
|
|||
if allow is not None:
|
||||
return actor_matches_allow(actor, allow)
|
||||
elif action == "view-database":
|
||||
database_allow = datasette.metadata("allow", database=resource_identifier)
|
||||
database_allow = datasette.metadata("allow", database=resource)
|
||||
if database_allow is None:
|
||||
return True
|
||||
return actor_matches_allow(actor, database_allow)
|
||||
elif action == "view-table":
|
||||
database, table = resource_identifier
|
||||
database, table = resource
|
||||
tables = datasette.metadata("tables", database=database) or {}
|
||||
table_allow = (tables.get(table) or {}).get("allow")
|
||||
if table_allow is None:
|
||||
|
|
@ -25,7 +25,7 @@ def permission_allowed(datasette, actor, action, resource_identifier):
|
|||
return actor_matches_allow(actor, table_allow)
|
||||
elif action == "view-query":
|
||||
# Check if this query has a "allow" block in metadata
|
||||
database, query_name = resource_identifier
|
||||
database, query_name = resource
|
||||
queries_metadata = datasette.metadata("queries", database=database)
|
||||
assert query_name in queries_metadata
|
||||
if isinstance(queries_metadata[query_name], str):
|
||||
|
|
|
|||
|
|
@ -66,5 +66,5 @@ def actor_from_request(datasette, request):
|
|||
|
||||
|
||||
@hookspec
|
||||
def permission_allowed(datasette, actor, action, resource_identifier):
|
||||
def permission_allowed(datasette, actor, action, resource):
|
||||
"Check if actor is allowed to perfom this action - return True, False or None"
|
||||
|
|
|
|||
|
|
@ -46,8 +46,8 @@
|
|||
{% endif %}
|
||||
</h2>
|
||||
<p><strong>Actor:</strong> {{ check.actor|tojson }}</p>
|
||||
{% if check.resource_identifier %}
|
||||
<p><strong>Resource:</strong> {{ check.resource_identifier }}</p>
|
||||
{% if check.resource %}
|
||||
<p><strong>Resource:</strong> {{ check.resource }}</p>
|
||||
{% endif %}
|
||||
</div>
|
||||
{% endfor %}
|
||||
|
|
|
|||
|
|
@ -876,14 +876,14 @@ def actor_matches_allow(actor, allow):
|
|||
return False
|
||||
|
||||
|
||||
async def check_visibility(datasette, actor, action, resource_identifier, default=True):
|
||||
async def check_visibility(datasette, actor, action, resource, default=True):
|
||||
"Returns (visible, private) - visible = can you see it, private = can others see it too"
|
||||
visible = await datasette.permission_allowed(
|
||||
actor, action, resource_identifier=resource_identifier, default=default,
|
||||
actor, action, resource=resource, default=default,
|
||||
)
|
||||
if not visible:
|
||||
return (False, False)
|
||||
private = not await datasette.permission_allowed(
|
||||
None, action, resource_identifier=resource_identifier, default=default,
|
||||
None, action, resource=resource, default=default,
|
||||
)
|
||||
return visible, private
|
||||
|
|
|
|||
|
|
@ -64,12 +64,9 @@ class BaseView(AsgiView):
|
|||
response.body = b""
|
||||
return response
|
||||
|
||||
async def check_permission(self, request, action, resource_identifier=None):
|
||||
async def check_permission(self, request, action, resource=None):
|
||||
ok = await self.ds.permission_allowed(
|
||||
request.actor,
|
||||
action,
|
||||
resource_identifier=resource_identifier,
|
||||
default=True,
|
||||
request.actor, action, resource=resource, default=True,
|
||||
)
|
||||
if not ok:
|
||||
raise Forbidden(action)
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ class DatabaseView(DataView):
|
|||
"views": views,
|
||||
"queries": canned_queries,
|
||||
"private": not await self.ds.permission_allowed(
|
||||
None, "view-database", "database", database
|
||||
None, "view-database", database
|
||||
),
|
||||
},
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue