Implemented view-instance permission, refs #811

2025-12-10 16:51:24 +01:00 · 2020-06-07 14:30:39 -07:00 · 2020-06-07 14:30:39 -07:00 · 8571ce388a
commit 8571ce388a
parent ece0ba6f4b
2 changed files with 24 additions and 0 deletions
--- a/datasette/default_permissions.py
+++ b/datasette/default_permissions.py
@ -7,6 +7,10 @@ def permission_allowed(datasette, actor, action, resource_type, resource_identif
    if action == "permissions-debug":
        if actor and actor.get("id") == "root":
            return True
+    elif action == "view-instance":
+        allow = datasette.metadata("allow")
+        if allow is not None:
+            return actor_matches_allow(actor, allow)
    elif action == "view-query":
        # Check if this query has a "allow" block in metadata
        assert resource_type == "query"