github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Upgrade to Black 20.8b1, closes #958

Browse source
This commit is contained in:
Simon Willison 2020-09-02 15:24:55 -07:00
commit a648bb82ba
22 changed files with 203 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

34
datasette/app.py
View file

@ -396,7 +396,9 @@ class Datasette:
async def get_canned_queries(self, database_name, actor):
queries = self.metadata("queries", database=database_name, fallback=False) or {}
for more_queries in pm.hook.canned_queries(
datasette=self, database=database_name, actor=actor,
datasette=self,
database=database_name,
actor=actor,
):
more_queries = await await_me_maybe(more_queries)
queries.update(more_queries or {})
@ -468,7 +470,10 @@ class Datasette:
"Check permissions using the permissions_allowed plugin hook"
result = None
for check in pm.hook.permission_allowed(
datasette=self, actor=actor, action=action, resource=resource,
datasette=self,
actor=actor,
action=action,
resource=resource,
):
check = await await_me_maybe(check)
if check is not None:
@ -861,22 +866,28 @@ class Datasette:
r"/-/actor(?P<as_format>(\.json)?)$",
)
add_route(
AuthTokenView.as_view(self), r"/-/auth-token$",
AuthTokenView.as_view(self),
r"/-/auth-token$",
)
add_route(
LogoutView.as_view(self), r"/-/logout$",
LogoutView.as_view(self),
r"/-/logout$",
)
add_route(
PermissionsDebugView.as_view(self), r"/-/permissions$",
PermissionsDebugView.as_view(self),
r"/-/permissions$",
)
add_route(
MessagesDebugView.as_view(self), r"/-/messages$",
MessagesDebugView.as_view(self),
r"/-/messages$",
)
add_route(
AllowDebugView.as_view(self), r"/-/allow-debug$",
AllowDebugView.as_view(self),
r"/-/allow-debug$",
)
add_route(
PatternPortfolioView.as_view(self), r"/-/patterns$",
PatternPortfolioView.as_view(self),
r"/-/patterns$",
)
add_route(
DatabaseDownload.as_view(self), r"/(?P<db_name>[^/]+?)(?P<as_db>\.db)$"
@ -1079,7 +1090,12 @@ class DatasetteRouter:
if status != 500:
templates = ["{}.html".format(status)] + templates
info.update(
{"ok": False, "error": message, "status": status, "title": title,}
{
"ok": False,
"error": message,
"status": status,
"title": title,
}
)
headers = {}
if self.ds.cors:

8
datasette/cli.py
View file

@ -174,7 +174,10 @@ def plugins(all, plugins_dir):
default=lambda: os.urandom(32).hex(),
)
@click.option(
"-p", "--port", default=8001, help="Port to run the server on, defaults to 8001",
"-p",
"--port",
default=8001,
help="Port to run the server on, defaults to 8001",
)
@click.option("--title", help="Title for metadata")
@click.option("--license", help="License label for metadata")
@ -344,7 +347,8 @@ def uninstall(packages, yes):
is_flag=True,
)
@click.option(
"--get", help="Run an HTTP GET request against this path, print results and exit",
"--get",
help="Run an HTTP GET request against this path, print results and exit",
)
@click.option("--version-note", help="Additional note to show on /-/versions")
@click.option("--help-config", is_flag=True, help="Show available config options")

18
datasette/utils/__init__.py
View file

@ -66,8 +66,8 @@ def urlsafe_components(token):
def path_from_row_pks(row, pks, use_rowid, quote=True):
""" Generate an optionally URL-quoted unique identifier
for a row from its primary keys."""
"""Generate an optionally URL-quoted unique identifier
for a row from its primary keys."""
if use_rowid:
bits = [row["rowid"]]
else:
@ -839,7 +839,9 @@ def check_connection(conn):
]
for table in tables:
try:
conn.execute("PRAGMA table_info({});".format(escape_sqlite(table)),)
conn.execute(
"PRAGMA table_info({});".format(escape_sqlite(table)),
)
except sqlite3.OperationalError as e:
if e.args[0] == "no such module: VirtualSpatialIndex":
raise SpatialiteConnectionProblem(e)
@ -915,12 +917,18 @@ def actor_matches_allow(actor, allow):
async def check_visibility(datasette, actor, action, resource, default=True):
"Returns (visible, private) - visible = can you see it, private = can others see it too"
visible = await datasette.permission_allowed(
actor, action, resource=resource, default=default,
actor,
action,
resource=resource,
default=default,
)
if not visible:
return (False, False)
private = not await datasette.permission_allowed(
None, action, resource=resource, default=default,
None,
action,
resource=resource,
default=default,
)
return visible, private

16
datasette/views/base.py
View file

@ -65,7 +65,10 @@ class BaseView:
async def check_permission(self, request, action, resource=None):
ok = await self.ds.permission_allowed(
request.actor, action, resource=resource, default=True,
request.actor,
action,
resource=resource,
default=True,
)
if not ok:
raise Forbidden(action)
@ -85,7 +88,10 @@ class BaseView:
repr(permission)
)
ok = await self.ds.permission_allowed(
request.actor, action, resource=resource, default=None,
request.actor,
action,
resource=resource,
default=None,
)
if ok is not None:
if ok:
@ -343,10 +349,10 @@ class DataView(BaseView):
return AsgiStream(stream_fn, headers=headers, content_type=content_type)
async def get_format(self, request, database, args):
""" Determine the format of the response from the request, from URL
parameters or from a file extension.
"""Determine the format of the response from the request, from URL
parameters or from a file extension.
`args` is a dict of the path components parsed from the URL by the router.
`args` is a dict of the path components parsed from the URL by the router.
"""
# If ?_format= is provided, use that as the format
_format = request.args.get("_format", None)

26
datasette/views/database.py
View file

@ -21,7 +21,11 @@ class DatabaseView(DataView):
async def data(self, request, database, hash, default_labels=False, _size=None):
await self.check_permissions(
request, [("view-database", database), "view-instance",],
request,
[
("view-database", database),
"view-instance",
],
)
metadata = (self.ds.metadata("databases") or {}).get(database, {})
self.ds.update_with_inherited_metadata(metadata)
@ -42,17 +46,26 @@ class DatabaseView(DataView):
views = []
for view_name in await db.view_names():
visible, private = await check_visibility(
self.ds, request.actor, "view-table", (database, view_name),
self.ds,
request.actor,
"view-table",
(database, view_name),
)
if visible:
views.append(
{"name": view_name, "private": private,}
{
"name": view_name,
"private": private,
}
)
tables = []
for table in table_counts:
visible, private = await check_visibility(
self.ds, request.actor, "view-table", (database, table),
self.ds,
request.actor,
"view-table",
(database, table),
)
if not visible:
continue
@ -76,7 +89,10 @@ class DatabaseView(DataView):
await self.ds.get_canned_queries(database, request.actor)
).values():
visible, private = await check_visibility(
self.ds, request.actor, "view-query", (database, query["name"]),
self.ds,
request.actor,
"view-query",
(database, query["name"]),
)
if visible:
canned_queries.append(dict(query, private=private))

15
datasette/views/index.py
View file

@ -26,7 +26,10 @@ class IndexView(BaseView):
databases = []
for name, db in self.ds.databases.items():
visible, database_private = await check_visibility(
self.ds, request.actor, "view-database", name,
self.ds,
request.actor,
"view-database",
name,
)
if not visible:
continue
@ -36,7 +39,10 @@ class IndexView(BaseView):
views = []
for view_name in await db.view_names():
visible, private = await check_visibility(
self.ds, request.actor, "view-table", (name, view_name),
self.ds,
request.actor,
"view-table",
(name, view_name),
)
if visible:
views.append({"name": view_name, "private": private})
@ -52,7 +58,10 @@ class IndexView(BaseView):
tables = {}
for table in table_names:
visible, private = await check_visibility(
self.ds, request.actor, "view-table", (name, table),
self.ds,
request.actor,
"view-table",
(name, table),
)
if not visible:
continue

6
datasette/views/special.py
View file

@ -82,7 +82,11 @@ class LogoutView(BaseView):
async def get(self, request):
if not request.actor:
return Response.redirect("/")
return await self.render(["logout.html"], request, {"actor": request.actor},)
return await self.render(
["logout.html"],
request,
{"actor": request.actor},
)
async def post(self, request):
response = Response.redirect("/")

5
datasette/views/table.py
View file

@ -350,7 +350,10 @@ class TableView(RowTableShared):
# Add _where= from querystring
if "_where" in request.args:
if not await self.ds.permission_allowed(
request.actor, "execute-sql", resource=database, default=True,
request.actor,
"execute-sql",
resource=database,
default=True,
):
raise DatasetteError("_where= is not allowed", status=403)
else: