From dc241e86919acec8058e272a54caf1c7566cb59c Mon Sep 17 00:00:00 2001 From: Simon Willison Date: Fri, 24 Oct 2025 14:31:42 -0700 Subject: [PATCH] Remove deprecated register_permissions hook MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Removed register_permissions hook definition from hookspecs.py - Removed register_permissions implementation from default_permissions.py - Removed pm.hook.register_permissions() call from app.py invoke_startup() - The register_actions hook now serves as the sole mechanism for registering actions - Removed Permission import from default_permissions.py as it's no longer needed This completes the migration from the old register_permissions hook to the new register_actions hook. All permission definitions should now use Action objects via register_actions, and permission checking should use permission_resources_sql to provide SQL-based permission rules. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- datasette/app.py | 19 ----- datasette/default_permissions.py | 124 +------------------------------ datasette/hookspecs.py | 5 -- 3 files changed, 1 insertion(+), 147 deletions(-) diff --git a/datasette/app.py b/datasette/app.py index 9348a611..fb41c284 100644 --- a/datasette/app.py +++ b/datasette/app.py @@ -602,25 +602,6 @@ class Datasette: event_classes.extend(extra_classes) self.event_classes = tuple(event_classes) - # Register permissions, but watch out for duplicate name/abbr - names = {} - abbrs = {} - for hook in pm.hook.register_permissions(datasette=self): - if hook: - for p in hook: - if p.name in names and p != names[p.name]: - raise StartupError( - "Duplicate permission name: {}".format(p.name) - ) - if p.abbr and p.abbr in abbrs and p != abbrs[p.abbr]: - raise StartupError( - "Duplicate permission abbr: {}".format(p.abbr) - ) - names[p.name] = p - if p.abbr: - abbrs[p.abbr] = p - self.permissions[p.name] = p - # Register actions, but watch out for duplicate name/abbr action_names = {} action_abbrs = {} diff --git a/datasette/default_permissions.py b/datasette/default_permissions.py index 8dc61aba..19d0e4f8 100644 --- a/datasette/default_permissions.py +++ b/datasette/default_permissions.py @@ -1,132 +1,10 @@ -from datasette import hookimpl, Permission +from datasette import hookimpl from datasette.permissions import PermissionSQL from datasette.utils import actor_matches_allow import itsdangerous import time -@hookimpl -def register_permissions(): - return ( - Permission( - name="view-instance", - abbr="vi", - description="View Datasette instance", - takes_database=False, - takes_resource=False, - default=True, - ), - Permission( - name="view-database", - abbr="vd", - description="View database", - takes_database=True, - takes_resource=False, - default=True, - implies_can_view=True, - ), - Permission( - name="view-database-download", - abbr="vdd", - description="Download database file", - takes_database=True, - takes_resource=False, - default=True, - ), - Permission( - name="view-table", - abbr="vt", - description="View table", - takes_database=True, - takes_resource=True, - default=True, - implies_can_view=True, - ), - Permission( - name="view-query", - abbr="vq", - description="View named query results", - takes_database=True, - takes_resource=True, - default=True, - implies_can_view=True, - ), - Permission( - name="execute-sql", - abbr="es", - description="Execute read-only SQL queries", - takes_database=True, - takes_resource=False, - default=True, - implies_can_view=True, - ), - Permission( - name="permissions-debug", - abbr="pd", - description="Access permission debug tool", - takes_database=False, - takes_resource=False, - default=False, - ), - Permission( - name="debug-menu", - abbr="dm", - description="View debug menu items", - takes_database=False, - takes_resource=False, - default=False, - ), - Permission( - name="insert-row", - abbr="ir", - description="Insert rows", - takes_database=True, - takes_resource=True, - default=False, - ), - Permission( - name="delete-row", - abbr="dr", - description="Delete rows", - takes_database=True, - takes_resource=True, - default=False, - ), - Permission( - name="update-row", - abbr="ur", - description="Update rows", - takes_database=True, - takes_resource=True, - default=False, - ), - Permission( - name="create-table", - abbr="ct", - description="Create tables", - takes_database=True, - takes_resource=False, - default=False, - ), - Permission( - name="alter-table", - abbr="at", - description="Alter tables", - takes_database=True, - takes_resource=True, - default=False, - ), - Permission( - name="drop-table", - abbr="dt", - description="Drop tables", - takes_database=True, - takes_resource=True, - default=False, - ), - ) - - @hookimpl(tryfirst=True, specname="permission_allowed") async def permission_allowed_sql_bridge(datasette, actor, action, resource): """ diff --git a/datasette/hookspecs.py b/datasette/hookspecs.py index 5477a407..c2ef9495 100644 --- a/datasette/hookspecs.py +++ b/datasette/hookspecs.py @@ -69,11 +69,6 @@ def register_facet_classes(): """Register Facet subclasses""" -@hookspec -def register_permissions(datasette): - """Register permissions: returns a list of datasette.permission.Permission named tuples""" - - @hookspec def register_actions(datasette): """Register actions: returns a list of datasette.permission.Action objects"""