github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Additional actor restriction should not grant access to additional actions (#2569)

Browse source 
Closes #2568
This commit is contained in:
Simon Willison 2025-11-01 18:38:29 -07:00 committed by GitHub
commit a528555e84
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 116 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/authentication.rst
View file

@ -1033,6 +1033,12 @@ This example outputs the following::
}
}
Restrictions act as an allowlist layered on top of the actor's existing
permissions. They can only remove access the actor would otherwise have—they
cannot grant new access. If the underlying actor is denied by ``allow`` rules in
``datasette.yaml`` or by a plugin, a token that lists that resource in its
``"_r"`` section will still be denied.
.. _permissions_plugins: