Fix test_auth_create_token - template variables and action abbreviation

Fixed two bugs preventing the create token UI and tests from working: 1. **Template variable mismatch**: create_token.html was using undefined variables - Changed `all_permissions` → `all_actions` - Changed `database_permissions` → `database_actions` - Changed `resource_permissions` → `child_actions` These match what CreateTokenView.shared() actually provides to the template. 2. **Action abbreviation bug**: app.py:685 was checking the wrong dictionary - Changed `self.permissions.get(action)` → `self.actions.get(action)` The abbreviate_action() function needs to look up Action objects (which have the `abbr` attribute), not Permission objects. This bug prevented action names like "view-instance" from being abbreviated to "vi" in token restrictions. Refs #2534 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-10 16:51:24 +01:00 · 2025-10-25 14:23:40 -07:00 · 2025-10-25 14:23:40 -07:00 · ca435d16f6
commit ca435d16f6
parent 11fb528958
3 changed files with 6 additions and 7 deletions
--- a/datasette/app.py
+++ b/datasette/app.py
@ -682,10 +682,10 @@ class Datasette:

        def abbreviate_action(action):
            # rename to abbr if possible
-            permission = self.permissions.get(action)
-            if not permission:
+            action_obj = self.actions.get(action)
+            if not action_obj:
                return action
-            return permission.abbr or action
+            return action_obj.abbr or action

        if expires_after:
            token["d"] = expires_after
--- a/datasette/templates/create_token.html
+++ b/datasette/templates/create_token.html
@ -57,7 +57,7 @@
    <summary style="cursor: pointer;">Restrict actions that can be performed using this token</summary>
    <h2>All databases and tables</h2>
    <ul>
-      {% for permission in all_permissions %}
+      {% for permission in all_actions %}
        <li><label><input type="checkbox" name="all:{{ permission }}"> {{ permission }}</label></li>
      {% endfor %}
    </ul>
@ -65,7 +65,7 @@
    {% for database in database_with_tables %}
      <h2>All tables in "{{ database.name }}"</h2>
      <ul>
-        {% for permission in database_permissions %}
+        {% for permission in database_actions %}
          <li><label><input type="checkbox" name="database:{{ database.encoded }}:{{ permission }}"> {{ permission }}</label></li>
        {% endfor %}
      </ul>
@ -75,7 +75,7 @@
      {% for table in database.tables %}
        <h3>{{ database.name }}: {{ table.name }}</h3>
        <ul>
-          {% for permission in resource_permissions %}
+          {% for permission in child_actions %}
            <li><label><input type="checkbox" name="resource:{{ database.encoded }}:{{ table.encoded }}:{{ permission }}"> {{ permission }}</label></li>
          {% endfor %}
        </ul>
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@ -137,7 +137,6 @@ async def test_no_logout_button_in_navigation_if_no_ds_actor_cookie(ds_client, p
    )


-@pytest.mark.xfail(reason="Actor restrictions need additional work, refs #2534")
@pytest.mark.parametrize(
    "post_data,errors,expected_duration,expected_r",
    (