github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Renamed resource_identifier to resource, refs #817

Browse source
This commit is contained in:
Simon Willison 2020-06-08 11:59:11 -07:00
commit 799c5d5357
12 changed files with 40 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

12
docs/authentication.rst
View file

@ -159,7 +159,7 @@ This is designed to help administrators and plugin authors understand exactly ho
Permissions
===========
This section lists all of the permission checks that are carried out by Datasette core, along with the ``resource_identifier`` if it was passed.
This section lists all of the permission checks that are carried out by Datasette core, along with the ``resource`` if it was passed.
.. _permissions_view_instance:
@ -176,7 +176,7 @@ view-database
Actor is allowed to view a database page, e.g. https://latest.datasette.io/fixtures
``resource_identifier`` - string
``resource`` - string
The name of the database
.. _permissions_view_database_download:
@ -186,7 +186,7 @@ view-database-download
Actor is allowed to download a database, e.g. https://latest.datasette.io/fixtures.db
``resource_identifier`` - string
``resource`` - string
The name of the database
.. _permissions_view_table:
@ -196,7 +196,7 @@ view-table
Actor is allowed to view a table (or view) page, e.g. https://latest.datasette.io/fixtures/complex_foreign_keys
``resource_identifier`` - tuple: (string, string)
``resource`` - tuple: (string, string)
The name of the database, then the name of the table
.. _permissions_view_query:
@ -206,7 +206,7 @@ view-query
Actor is allowed to view a :ref:`canned query <canned_queries>` page, e.g. https://latest.datasette.io/fixtures/pragma_cache_size
``resource_identifier`` - string
``resource`` - string
The name of the canned query
.. _permissions_execute_sql:
@ -216,7 +216,7 @@ execute-sql
Actor is allowed to run arbitrary SQL queries against a specific database, e.g. https://latest.datasette.io/fixtures?sql=select+100
``resource_identifier`` - string
``resource`` - string
The name of the database
.. _permissions_permissions_debug:

10
docs/internals.rst
View file

@ -121,8 +121,8 @@ Renders a `Jinja template <https://jinja.palletsprojects.com/en/2.11.x/>`__ usin
.. _datasette_permission_allowed:
await .permission_allowed(actor, action, resource_identifier=None, default=False)
---------------------------------------------------------------------------------
await .permission_allowed(actor, action, resource=None, default=False)
----------------------------------------------------------------------
``actor`` - dictionary
The authenticated actor. This is usually ``request.actor``.
@ -130,13 +130,15 @@ await .permission_allowed(actor, action, resource_identifier=None, default=False
``action`` - string
The name of the action that is being permission checked.
``resource_identifier`` - string, optional
The resource identifier, e.g. the name of the table.
``resource`` - string, optional
The resource, e.g. the name of the table. Only some permissions apply to a resource.
Check if the given actor has permission to perform the given action on the given resource. This uses plugins that implement the :ref:`plugin_permission_allowed` plugin hook to decide if the action is allowed or not.
If none of the plugins express an opinion, the return value will be the ``default`` argument. This is deny, but you can pass ``default=True`` to default allow instead.
See :ref:`permissions` for a full list of permissions included in Datasette core.
.. _datasette_get_database:
.get_database(name)

6
docs/plugins.rst
View file

@ -1005,7 +1005,7 @@ Instead of returning a dictionary, this function can return an awaitable functio
.. _plugin_permission_allowed:
permission_allowed(datasette, actor, action, resource_identifier)
permission_allowed(datasette, actor, action, resource)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
``datasette`` - :ref:`internals_datasette`
@ -1017,7 +1017,9 @@ permission_allowed(datasette, actor, action, resource_identifier)
``action`` - string
The action to be performed, e.g. ``"edit-table"``.
``resource_identifier`` - string
``resource`` - string or None
An identifier for the individual resource, e.g. the name of the table.
Called to check that an actor has permission to perform an action on a resource. Can return ``True`` if the action is allowed, ``False`` if the action is not allowed or ``None`` if the plugin does not have an opinion one way or the other.
See :ref:`permissions` for a full list of permissions included in Datasette core.