github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Show padlock on private query page, refs #811

Browse source
This commit is contained in:
Simon Willison 2020-06-08 11:13:32 -07:00
commit 9ac27f67fe
3 changed files with 12 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
datasette/templates/query.html
View file

@ -28,7 +28,7 @@
{% block content %}
<h1 style="padding-left: 10px; border-left: 10px solid #{{ database_color(database) }}">{{ metadata.title or database }}</h1>
<h1 style="padding-left: 10px; border-left: 10px solid #{{ database_color(database) }}">{{ metadata.title or database }}{% if private %} 🔒{% endif %}</h1>
{% block description_source_license %}{% include "_description_source_license.html" %}{% endblock %}

6
datasette/views/database.py
View file

@ -147,10 +147,14 @@ class QueryView(DataView):
# Respect canned query permissions
await self.check_permission(request, "view-instance")
await self.check_permission(request, "view-database", "database", database)
private = False
if canned_query:
await self.check_permission(
request, "view-query", "query", (database, canned_query)
)
private = not await self.ds.permission_allowed(
None, "view-query", "query", (database, canned_query), default=True
)
else:
await self.check_permission(request, "execute-sql", "database", database)
# Extract any :named parameters
@ -214,6 +218,7 @@ class QueryView(DataView):
"truncated": False,
"columns": [],
"query": {"sql": sql, "params": params},
"private": private,
},
extra_template,
templates,
@ -282,6 +287,7 @@ class QueryView(DataView):
"truncated": results.truncated,
"columns": columns,
"query": {"sql": sql, "params": params},
"private": private,
},
extra_template,
templates,