github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity
1,269 commits 143 branches 163 tags 44 MiB
Commit graph

163 commits

Author SHA1 Message Date
Simon Willison
7f10f0f766 Fix for security issue #918 2020-08-09 09:03:35 -07:00
Simon Willison
092874202c Improvements to allow block logic and debug tool 
true and false allow block values are now supported, closes #906

Added a bunch of demo links to the documentation, refs #908
 2020-07-24 17:04:06 -07:00
Simon Willison
88065fb74f Increase size of allow/actor fields, refs #908 2020-07-24 16:52:16 -07:00
Simon Willison
12c0bc09cc /-/allow-debug tool, closes #908 2020-07-24 15:55:10 -07:00
Simon Willison
57879dc8b3 Better titles for canned query pages, closes #887 2020-07-01 17:23:37 -07:00
Simon Willison
1bae24691f Only show 'log out' if ds_cookie present, closes #884 2020-07-01 14:25:59 -07:00
Simon Willison
2b85bbdd45 Added logout button to pattern portfolio, closes #876 
Refs #875
 2020-06-30 16:47:23 -07:00
Simon Willison
2115d7e345 Logout link in nav, refs #875 2020-06-29 11:40:40 -07:00
Simon Willison
22d932fafc /-/logout page for logging out of ds_actor cookie 
Refs #840
 2020-06-28 21:17:58 -07:00
Simon Willison
49d6d2f7b0 allow_sql block to control execute-sql upermission in metadata.json, closes #813 
Also removed the --config allow_sql:0 mechanism in favour of the new allow_sql block.
 2020-06-08 17:05:44 -07:00
Simon Willison
799c5d5357 Renamed resource_identifier to resource, refs #817 2020-06-08 11:59:53 -07:00
Simon Willison
c9f1ec616e Removed resource_type from permissions system, closes #817 
Refs #811, #699
 2020-06-08 11:51:03 -07:00
Simon Willison
5598c5de01 Database list on index page respects table/view permissions, refs #811 2020-06-08 11:34:14 -07:00
Simon Willison
dcec89270a View list respects view-table permission, refs #811 
Also makes a small change to the /fixtures.json JSON:

    "views": ["view_name"]

Is now:

    "views": [{"name": "view_name", "private": true}]
 2020-06-08 11:20:59 -07:00
Simon Willison
9ac27f67fe Show padlock on private query page, refs #811 2020-06-08 11:13:32 -07:00
Simon Willison
aa420009c0 Show padlock on private table page, refs #811 2020-06-08 11:07:11 -07:00
Simon Willison
3ce7f2e7da Show padlock on private database page, refs #811 2020-06-08 07:23:10 -07:00
Simon Willison
1cf86e5ecc Show padlock on private index page, refs #811 2020-06-08 07:18:47 -07:00
Simon Willison
9397d71834 Implemented view-table, refs #811 2020-06-07 21:47:22 -07:00
Simon Willison
b26292a458 Test that view-query is respected by query list, refs #811 2020-06-07 20:56:49 -07:00
Simon Willison
9b42e1a4f5 view-database permission 
Also now using 🔒 to indicate private resources - resources that
would not be available to the anonymous user. Refs #811
 2020-06-07 20:50:37 -07:00
Simon Willison
86dec9e8ff Added permission check to every view, closes #808 2020-06-06 22:30:36 -07:00
Simon Willison
3f83d4632a Respect query permissions on database page, refs #800 2020-06-06 12:05:22 -07:00
Simon Willison
84a9c4ff75
 		CSRF protection (#798) 
Closes #793.

* Rename RequestParameters to MultiParams, refs #799
* Allow tuples as well as lists in MultiParams, refs #799
* Use csrftokens when running tests, refs #799
* Use new csrftoken() function, refs https://github.com/simonw/asgi-csrf/issues/7
* Check for Vary: Cookie hedaer, refs https://github.com/simonw/asgi-csrf/issues/8
 2020-06-05 12:05:57 -07:00
Simon Willison
aa82d03704
 		Basic writable canned queries 
Refs #698. First working version of this feature.

* request.post_vars() no longer discards empty values
 2020-06-03 08:16:50 -07:00
Simon Willison
3c5e4f266d Added messages to pattern portfolio, refs #790 2020-06-02 15:34:50 -07:00
Simon Willison
4fa7cf6853 Flash messages mechanism, closes #790 2020-06-02 14:12:18 -07:00
Simon Willison
dfdbdf378a Added /-/permissions debug tool, closes #788 
Also started the authentication.rst docs page, refs #786.

Part of authentication work, refs #699.
 2020-05-31 22:00:36 -07:00
Simon Willison
ad88c9b3f3 Mechanism for adding a default URL fragment to a canned query 
Closes #767
 2020-05-27 14:52:03 -07:00
Simon Willison
504196341c Visually distinguish float/int columns, closes #729 2020-05-14 22:51:39 -07:00
Simon Willison
cef23e8861 Started pattern portfolio at /-/patterns, refs #151 2020-05-02 20:05:25 -07:00
Simon Willison
15e2321804 Extra body CSS class for canned queries, closes #727 2020-04-15 14:07:28 -07:00
Simon Willison
7656fd64d8
 		base_url configuration setting, closes #394 
* base_url configuration setting
* base_url works for static assets as well
 2020-03-24 17:18:43 -07:00
Simon Willison
d6b6c9171f Include asyncio task information in /-/threads debug page 2019-12-04 22:47:17 -08:00
Simon Willison
d3e1c3017e Display 0 results, closes #637 2019-11-22 22:07:01 -08:00
Stanley Zheng
848dec4deb Fix for datasette publish with just --source_url (#631) 
Closes #572
 2019-11-12 20:28:42 -08:00
Tobias Kunze
ee330222f4 Offer to format readonly SQL (#602) 
Following discussion in #601, this PR adds a "Format SQL" button to
read-only SQL (if the SQL actually differs from the formatting result).

It also removes a console error on readonly SQL queries.

Thanks, @rixx!
 2019-11-03 18:39:55 -08:00
Simon Willison
e877b1cb12
 		Don't auto-format SQL on page load (#601) 
Closes #600
 2019-10-18 16:56:44 -07:00
Tobias Kunze
af2e6a5cf1 Button to format SQL, closes #136 
SQL code will be formatted on page load, and can additionally
be formatted by clicking the "Format SQL" button.

Thanks, @rixx!
 2019-10-13 20:46:12 -07:00
Simon Willison
a9453c4dda Fixed CodeMirror on database page, closes #560 2019-07-13 20:38:40 -07:00
Simon Willison
5ed450a332 Fixed breadcrumbs on custom query page 2019-07-13 19:05:58 -07:00
Simon Willison
912ce848b9 Fix nav display on 500 page, closes #545 2019-07-07 13:26:45 -07:00
Simon Willison
787dd427de white-space: pre-wrap for table SQL, closes #505 2019-07-07 13:26:38 -07:00
Simon Willison
a18e0964ec Refactor templates for better top nav customization, refs #540 2019-07-05 13:34:41 -07:00
Simon Willison
e7120d91f6 Rename _rows_and_columns.html to _table.html, refs #521 2019-07-02 20:23:05 -07:00
Simon Willison
f4eefdf193 Do not allow downloads of mutable databases - closes #474 2019-05-19 13:41:09 -07:00
Simon Willison
689cf9c139 Index page only shows row counts for smaller databases 
The index page now only shows row counts for immutable databases OR for
databases with less than 30 tables provided it could get a count for
each of those tables in less than 10ms.

Closes #467, Refs #460
 2019-05-15 20:02:33 -07:00
Simon Willison
5d6b2c30f1 Include views on homepage, fix table counts 
If we have less than 5 tables we now also show one or more views in the
summary on the homepage.

Also corrected the logic for the row counts - we now count hidden and
visible tables separately.

Closes #373, Refs #460
 2019-05-15 17:28:07 -07:00
Simon Willison
ea66c45df9
 		Extract facet code out into a new plugin hook, closes #427 (#445) 
Datasette previously only supported one type of faceting: exact column value counting.

With this change, faceting logic is extracted out into one or more separate classes which can implement other patterns of faceting - this is discussed in #427, but potential upcoming facet types include facet-by-date, facet-by-JSON-array, facet-by-many-2-many and more.

A new plugin hook, register_facet_classes, can be used by plugins to add in additional facet classes.

Each class must implement two methods: suggest(), which scans columns in the table to decide if they might be worth suggesting for faceting, and facet_results(), which executes the facet operation and returns results ready to be displayed in the UI.
 2019-05-02 17:11:26 -07:00
Simon Willison
3651eedf20 Show 'many rows' if count times out, refs #420 2019-05-01 22:20:24 -07:00