default_allow_sql setting, closes #1409

Refs #1410
2025-12-10 16:51:24 +01:00 · 2023-01-04 16:51:11 -08:00 · 2023-01-04 16:51:11 -08:00 · c41278b46f
commit c41278b46f
parent adfcec51d6
8 changed files with 61 additions and 4 deletions
--- a/datasette/default_permissions.py
+++ b/datasette/default_permissions.py
@ -69,9 +69,15 @@ def permission_allowed_default(datasette, actor, action, resource):
                return result

        # Check custom permissions: blocks
-        return await _resolve_metadata_permissions_blocks(
+        result = await _resolve_metadata_permissions_blocks(
            datasette, actor, action, resource
        )
+        if result is not None:
+            return result
+
+        # --setting default_allow_sql
+        if action == "execute-sql" and not datasette.setting("default_allow_sql"):
+            return False

    return inner