github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

execute-sql now implies can view instance/database, closes #2169

Browse source
This commit is contained in:
Simon Willison 2023-08-31 15:46:18 -07:00
commit 98ffad9aed
2 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
datasette/default_permissions.py
View file

@ -59,6 +59,7 @@ def register_permissions():
takes_database=True,
takes_resource=False,
default=True,
implies_can_view=True,
),
Permission(
name="permissions-debug",

4
tests/test_permissions.py
View file

@ -1183,6 +1183,10 @@ async def test_actor_restrictions(
({"a": ["update-row"]}, "view-instance", None, False),
# view-table on a resource implies view-instance
({"r": {"db1": {"t1": ["view-table"]}}}, "view-instance", None, True),
# execute-sql on a database implies view-instance, view-database
({"d": {"db1": ["es"]}}, "view-instance", None, True),
({"d": {"db1": ["es"]}}, "view-database", "db1", True),
({"d": {"db1": ["es"]}}, "view-database", "db2", False),
# update-row on a resource does not imply view-instance
({"r": {"db1": {"t1": ["update-row"]}}}, "view-instance", None, False),
# view-database on a resource implies view-instance