register_permissions() plugin hook (#1940)

* Docs for permissions: in metadata, refs #1636 * Refactor default_permissions.py to help with implementation of #1636 * register_permissions() plugin hook, closes #1939 - also refs #1938 * Tests for register_permissions() hook, refs #1939 * Documentation for datasette.permissions, refs #1939 * permission_allowed() falls back on Permission.default, refs #1939 * Raise StartupError on duplicate permissions * Allow dupe permisisons if exact matches
2025-12-10 16:51:24 +01:00 · 2022-12-12 18:05:54 -08:00 · 2022-12-12 18:05:54 -08:00 · 8bf06a76b5
commit 8bf06a76b5
parent e539c1c024
20 changed files with 513 additions and 88 deletions
--- a/tests/plugins/my_plugin.py
+++ b/tests/plugins/my_plugin.py
@ -1,5 +1,5 @@
 import asyncio
-from datasette import hookimpl
+from datasette import hookimpl, Permission
 from datasette.facets import Facet
 from datasette import tracer
 from datasette.utils import path_with_added_args
@ -406,3 +406,31 @@ def database_actions(datasette, database, actor, request):
@hookimpl
 def skip_csrf(scope):
    return scope["path"] == "/skip-csrf"
+
+
+@hookimpl
+def register_permissions(datasette):
+    extras = datasette.plugin_config("datasette-register-permissions") or {}
+    permissions = [
+        Permission(
+            name="new-permission",
+            abbr="np",
+            description="New permission",
+            takes_database=True,
+            takes_resource=False,
+            default=False,
+        )
+    ]
+    if extras:
+        permissions.extend(
+            Permission(
+                name=p["name"],
+                abbr=p["abbr"],
+                description=p["description"],
+                takes_database=p["takes_database"],
+                takes_resource=p["takes_resource"],
+                default=p["default"],
+            )
+            for p in extras["permissions"]
+        )
+    return permissions