Show padlock on private table page, refs #811

2025-12-10 16:51:24 +01:00 · 2020-06-08 11:07:11 -07:00 · 2020-06-08 11:07:11 -07:00 · aa420009c0
commit aa420009c0
parent dfff34e198
3 changed files with 11 additions and 1 deletions
--- a/datasette/templates/table.html
+++ b/datasette/templates/table.html
@ -26,7 +26,7 @@

 {% block content %}

-<h1 style="padding-left: 10px; border-left: 10px solid #{{ database_color(database) }}">{{ metadata.title or table }}{% if is_view %} (view){% endif %}</h1>
+<h1 style="padding-left: 10px; border-left: 10px solid #{{ database_color(database) }}">{{ metadata.title or table }}{% if is_view %} (view){% endif %}{% if private %} 🔒{% endif %}</h1>

 {% block description_source_license %}{% include "_description_source_license.html" %}{% endblock %}

--- a/datasette/views/table.py
+++ b/datasette/views/table.py
@ -271,6 +271,10 @@ class TableView(RowTableShared):
        await self.check_permission(request, "view-database", "database", database)
        await self.check_permission(request, "view-table", "table", (database, table))

+        private = not await self.ds.permission_allowed(
+            None, "view-table", "table", (database, table), default=True
+        )
+
        pks = await db.primary_keys(table)
        table_columns = await db.table_columns(table)

@ -834,6 +838,7 @@ class TableView(RowTableShared):
                "suggested_facets": suggested_facets,
                "next": next_value and str(next_value) or None,
                "next_url": next_url,
+                "private": private,
            },
            extra_template,
            (
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@ -90,11 +90,16 @@ def test_view_table(allow, expected_anon, expected_auth):
    ) as client:
        anon_response = client.get("/fixtures/compound_three_primary_keys")
        assert expected_anon == anon_response.status
+        if allow and anon_response.status == 200:
+            # Should be no padlock
+            assert ">compound_three_primary_keys 🔒</h1>" not in anon_response.text
        auth_response = client.get(
            "/fixtures/compound_three_primary_keys",
            cookies={"ds_actor": client.ds.sign({"id": "root"}, "actor")},
        )
        assert expected_auth == auth_response.status
+        if allow and expected_anon == 403 and expected_auth == 200:
+            assert ">compound_three_primary_keys 🔒</h1>" in auth_response.text


 def test_table_list_respects_view_table():