mirror of
https://github.com/simonw/datasette.git
synced 2025-12-10 16:51:24 +01:00
register_permissions() plugin hook (#1940)
* Docs for permissions: in metadata, refs #1636 * Refactor default_permissions.py to help with implementation of #1636 * register_permissions() plugin hook, closes #1939 - also refs #1938 * Tests for register_permissions() hook, refs #1939 * Documentation for datasette.permissions, refs #1939 * permission_allowed() falls back on Permission.default, refs #1939 * Raise StartupError on duplicate permissions * Allow dupe permisisons if exact matches
This commit is contained in:
Simon Willison
GitHub
parent
e539c1c024
commit
8bf06a76b5
20 changed files with 513 additions and 88 deletions
|
|
@ -760,6 +760,53 @@ The plugin hook can then be used to register the new facet class like this:
|
|||
def register_facet_classes():
|
||||
return [SpecialFacet]
|
||||
|
||||
.. _plugin_register_permissions:
|
||||
|
||||
register_permissions(datasette)
|
||||
--------------------------------
|
||||
|
||||
If your plugin needs to register additional permissions unique to that plugin - ``upload-csvs`` for example - you can return a list of those permissions from this hook.
|
||||
|
||||
.. code-block:: python
|
||||
|
||||
from datasette import hookimpl, Permission
|
||||
|
||||
|
||||
@hookimpl
|
||||
def register_permissions(datasette):
|
||||
return [
|
||||
Permission(
|
||||
name="upload-csvs",
|
||||
abbr=None,
|
||||
description="Upload CSV files",
|
||||
takes_database=True,
|
||||
takes_resource=False,
|
||||
default=False,
|
||||
)
|
||||
]
|
||||
|
||||
The fields of the ``Permission`` named tuple are as follows:
|
||||
|
||||
``name``
|
||||
The name of the permission, e.g. ``upload-csvs``. This should be unique across all plugins that the user might have installed, so choose carefully.
|
||||
|
||||
``abbr``
|
||||
An abbreviation of the permission, e.g. ``uc``. This is optional - you can set it to ``None`` if you do not want to pick an abbreviation. Since this needs to be unique across all installed plugins it's best not to specify an abbreviation at all. If an abbreviation is provided it will be used when creating restricted signed API tokens.
|
||||
|
||||
``description``
|
||||
A human-readable description of what the permission lets you do. Should make sense as the second part of a sentence that starts "A user with this permission can ...".
|
||||
|
||||
``takes_database``
|
||||
``True`` if this permission can be granted on a per-database basis, ``False`` if it is only valid at the overall Datasette instance level.
|
||||
|
||||
``takes_resource``
|
||||
``True`` if this permission can be granted on a per-resource basis. A resource is a database table, SQL view or :ref:`canned query <canned_queries>`.
|
||||
|
||||
``default``
|
||||
The default value for this permission if it is not explicitly granted to a user. ``True`` means the permission is granted by default, ``False`` means it is not.
|
||||
|
||||
This should only be ``True`` if you want anonymous users to be able to take this action.
|
||||
|
||||
.. _plugin_asgi_wrapper:
|
||||
|
||||
asgi_wrapper(datasette)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue