From ab76eddf31bef99630cc78f462a0b67624db60ac Mon Sep 17 00:00:00 2001
From: Simon Willison <swillison@gmail.com>
Date: Tue, 30 Jun 2020 15:49:06 -0700
Subject: [PATCH] Express no opinion if allow block is missing

Default permission policy was returning True by default for permission
checks - which means that if allow was not defined for a level it would
be treated as a passing check.

This is better: we now return None of the allow block is not defined,
which means 'I have no opinion on this' and allows other code to make
its own decisions.

Added while working on #832
---
 datasette/default_permissions.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/datasette/default_permissions.py b/datasette/default_permissions.py
index 0929a17a..ddd45940 100644
--- a/datasette/default_permissions.py
+++ b/datasette/default_permissions.py
@@ -15,14 +15,14 @@ def permission_allowed(datasette, actor, action, resource):
         elif action == "view-database":
             database_allow = datasette.metadata("allow", database=resource)
             if database_allow is None:
-                return True
+                return None
             return actor_matches_allow(actor, database_allow)
         elif action == "view-table":
             database, table = resource
             tables = datasette.metadata("tables", database=database) or {}
             table_allow = (tables.get(table) or {}).get("allow")
             if table_allow is None:
-                return True
+                return None
             return actor_matches_allow(actor, table_allow)
         elif action == "view-query":
             # Check if this query has a "allow" block in metadata
@@ -31,7 +31,7 @@ def permission_allowed(datasette, actor, action, resource):
             assert query is not None
             allow = query.get("allow")
             if allow is None:
-                return True
+                return None
             return actor_matches_allow(actor, allow)
         elif action == "execute-sql":
             # Use allow_sql block from database block, or from top-level
@@ -39,7 +39,7 @@ def permission_allowed(datasette, actor, action, resource):
             if database_allow_sql is None:
                 database_allow_sql = datasette.metadata("allow_sql")
             if database_allow_sql is None:
-                return True
+                return None
             return actor_matches_allow(actor, database_allow_sql)
 
     return inner