Foreign key label expanding respects table permissions, closes #2178

datasette/app.py

@@ -935,7 +935,7 @@ class Datasette:
             log_sql_errors=log_sql_errors,
         )
 
-    async def expand_foreign_keys(self, database, table, column, values):
+    async def expand_foreign_keys(self, actor, database, table, column, values):
         """Returns dict mapping (column, value) -> label"""
         labeled_fks = {}
         db = self.databases[database]
@@ -949,6 +949,13 @@ class Datasette:
             ][0]
         except IndexError:
             return {}
+        # Ensure user has permission to view the referenced table
+        if not await self.permission_allowed(
+            actor=actor,
+            action="view-table",
+            resource=(database, fk["other_table"]),
+        ):
+            return {}
         label_column = await db.label_column_for_table(fk["other_table"])
         if not label_column:
             return {(fk["column"], value): str(value) for value in values}

datasette/facets.py

@@ -253,7 +253,7 @@ class ColumnFacet(Facet):
                     # Attempt to expand foreign keys into labels
                     values = [row["value"] for row in facet_rows]
                     expanded = await self.ds.expand_foreign_keys(
-                        self.database, self.table, column, values
+                        self.request.actor, self.database, self.table, column, values
                     )
                 else:
                     expanded = {}

datasette/views/table.py

@@ -1144,7 +1144,7 @@ async def table_view_data(
             # Expand them
             expanded_labels.update(
                 await datasette.expand_foreign_keys(
-                    database_name, table_name, column, values
+                    request.actor, database_name, table_name, column, values
                 )
             )
         if expanded_labels: