github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity
1,208 commits 143 branches 163 tags 44 MiB
Commit graph

677 commits

Author SHA1 Message Date
Simon Willison
1bae24691f Only show 'log out' if ds_cookie present, closes #884 2020-07-01 14:25:59 -07:00
Simon Willison
549b1c2063 New forbidden() plugin hook, closes #812 2020-06-30 21:17:38 -07:00
Simon Willison
2b85bbdd45 Added logout button to pattern portfolio, closes #876 
Refs #875
 2020-06-30 16:47:23 -07:00
Simon Willison
d6e03b0430 Cascading view permissions, closes #832 
- If you have table permission but not database permission you can now view the table page
- New BaseView.check_permissions() method
 2020-06-30 16:40:50 -07:00
Simon Willison
ab76eddf31 Express no opinion if allow block is missing 
Default permission policy was returning True by default for permission
checks - which means that if allow was not defined for a level it would
be treated as a passing check.

This is better: we now return None of the allow block is not defined,
which means 'I have no opinion on this' and allows other code to make
its own decisions.

Added while working on #832
 2020-06-30 15:49:06 -07:00
Simon Willison
9ac6292614 _header_x now defaults to empty string 
Prior to this a request to e.g. https://latest.datasette.io/fixtures/magic_parameters
which did not include a User-Agent header would trigger a 500 error.
 2020-06-30 15:00:17 -07:00
Simon Willison
2115d7e345 Logout link in nav, refs #875 2020-06-29 11:40:40 -07:00
Simon Willison
51427323e6 Add message when user logs out, refs #840 2020-06-29 11:31:35 -07:00
Simon Willison
16f592247a Use explicit lifestyle=on for Uvicorn, refs #873 2020-06-29 08:42:50 -07:00
Simon Willison
35aee82c60 Fixed 500 error with /favicon.ico, closes #874 2020-06-28 21:27:11 -07:00
Simon Willison
22d932fafc /-/logout page for logging out of ds_actor cookie 
Refs #840
 2020-06-28 21:17:58 -07:00
Simon Willison
a8a5f81372 Made show_messages available to plugins, closes #864 2020-06-28 17:50:47 -07:00
Simon Willison
7ac4936cec .add_message() now works inside plugins, closes #864 
Refs #870
 2020-06-28 17:25:35 -07:00
Simon Willison
af350ba457 Use single Request created in DatasetteRouter, refs #870 2020-06-28 17:01:33 -07:00
Simon Willison
4dad028432 BaseView.as_asgi is now .as_view, refs #870 2020-06-28 16:47:40 -07:00
Simon Willison
3bc2461c77 Refactored AsgiView into BaseView, refs #870 2020-06-28 16:06:30 -07:00
Simon Willison
a8bcafc177 Refactored out AsgiRouter, refs #870 2020-06-28 13:45:17 -07:00
Simon Willison
0991ea75cc Renamed _timestamp to _now, refs #842, closes #871 2020-06-28 12:47:28 -07:00
Simon Willison
563f5a2d3a
 		Magic parameters for canned queries 
Closes #842

Includes a new plugin hook, register_magic_parameters()
 2020-06-27 19:58:16 -07:00
Simon Willison
4b142862f2 Support non-async view functions, closes #867 2020-06-27 11:30:34 -07:00
Simon Willison
28bb1c5189 csrftoken() now works with .render_template(), closes #863 2020-06-23 20:23:50 -07:00
Simon Willison
6c26345836 New plugin hook: canned_queries(), refs #852 2020-06-18 16:35:15 -07:00
Simon Willison
6151c25a5a Respect existing scope["actor"] if set, closes #854 2020-06-18 11:37:28 -07:00
Simon Willison
09a3479a54 New "startup" plugin hook, closes #834 2020-06-13 10:55:41 -07:00
Simon Willison
9ae0d483ea Get "$file": "../path" mechanism working again, closes #839 2020-06-11 17:48:20 -07:00
Simon Willison
308bcc8805 Fixed test_permissions_debug 2020-06-11 17:25:12 -07:00
Simon Willison
fba8ff6e76 "$env": "X" mechanism now works with nested lists, closes #837 2020-06-11 17:21:48 -07:00
Simon Willison
f39f111331 Fixed actor_matches_allow bug, closes #836 2020-06-11 15:47:19 -07:00
Simon Willison
29c5ff493a view-instance permission for debug URLs, closes #833 2020-06-11 15:14:51 -07:00
Simon Willison
98632f0a87
 		--secret command for datasette publish 
Closes #787
 2020-06-11 09:02:03 -07:00
Simon Willison
371170eee8 publish heroku now deploys with Python 3.8.3 2020-06-11 08:44:44 -07:00
Simon Willison
57e812d5de ds_author cookie can now expire, closes #829 
Refs https://github.com/simonw/datasette-auth-github/issues/62#issuecomment-642152076
 2020-06-10 12:39:54 -07:00
Simon Willison
008e2f63c2 response.set_cookie(), closes #795 2020-06-09 15:19:37 -07:00
Simon Willison
7633b9ab24 unauthenticated: true method plus allow block docs, closes #825 2020-06-09 10:01:03 -07:00
Simon Willison
fa87d16612 Clearer docs for actor_matches_allow 2020-06-09 07:10:46 -07:00
Simon Willison
eefeafaa27 Removed unused import 2020-06-09 07:09:39 -07:00
Simon Willison
fec750435d Support anonymous: true in actor_matches_allow, refs #825 2020-06-09 07:01:23 -07:00
Simon Willison
5a6a73e319 Replace os.urandom(32).hex() with secrets.token_hex(32) 2020-06-08 21:37:35 -07:00
Simon Willison
fac8e93815 request.url_vars property, closes #822 2020-06-08 20:40:00 -07:00
Simon Willison
db660db463 Docs + unit tests for Response, closes #821 2020-06-08 20:32:10 -07:00
Simon Willison
f5e79adf26
 		register_routes() plugin hook (#819) 
Fixes #215
 2020-06-08 20:12:06 -07:00
Simon Willison
d392dc1cfa Fixed test_table_not_exists_json test 2020-06-08 19:28:25 -07:00
Simon Willison
647c5ff0f3 Fixed broken CSS on 404 page, closes #777 2020-06-08 17:35:23 -07:00
Simon Willison
49d6d2f7b0 allow_sql block to control execute-sql upermission in metadata.json, closes #813 
Also removed the --config allow_sql:0 mechanism in favour of the new allow_sql block.
 2020-06-08 17:05:44 -07:00
Simon Willison
e0a4664fba Better example plugin for permission_allowed 
Also fixed it so default permission checks run after plugin permission checks, refs #818
 2020-06-08 15:09:57 -07:00
Simon Willison
799c5d5357 Renamed resource_identifier to resource, refs #817 2020-06-08 11:59:53 -07:00
Simon Willison
c9f1ec616e Removed resource_type from permissions system, closes #817 
Refs #811, #699
 2020-06-08 11:51:03 -07:00
Simon Willison
5598c5de01 Database list on index page respects table/view permissions, refs #811 2020-06-08 11:34:14 -07:00
Simon Willison
dcec89270a View list respects view-table permission, refs #811 
Also makes a small change to the /fixtures.json JSON:

    "views": ["view_name"]

Is now:

    "views": [{"name": "view_name", "private": true}]
 2020-06-08 11:20:59 -07:00
Simon Willison
9ac27f67fe Show padlock on private query page, refs #811 2020-06-08 11:13:32 -07:00