github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Better example plugin for permission_allowed

Browse source 
Also fixed it so default permission checks run after plugin permission checks, refs #818
This commit is contained in:
Simon Willison 2020-06-08 15:09:57 -07:00
commit e0a4664fba
3 changed files with 41 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/authentication.rst
View file

@ -174,11 +174,11 @@ To limit access to the ``users`` table in your ``bakery.db`` database:
This works for SQL views as well - you can treat them as if they are tables.
.. warning::
Restricting access to tables and views in this way will NOT prevent users from querying them using arbitrary SQL queries.
Restricting access to tables and views in this way will NOT prevent users from querying them using arbitrary SQL queries, `like this <https://latest.datasette.io/fixtures?sql=select+*+from+facetable>`__ for example.
If you are restricting access to specific tables you should also use the ``"allow_sql"`` block to prevent users from accessing
.. _authentication_permissions_table:
.. _authentication_permissions_query:
Controlling access to specific canned queries
---------------------------------------------