30 commits

Author	SHA1	Message	Date
Miroslav Šedivý	a882d67962	Modernize code to Python 3.6+ (#1158) ... * Compact dict and set building * Remove redundant parentheses * Simplify chained conditions * Change method name to lowercase * Use triple double quotes for docstrings Thanks, @eumiro!	2020-12-23 09:04:32 -08:00
Simon Willison	2a3d5b720b	Redirect /-/config to /-/settings, closes #1103	2020-11-24 12:19:14 -08:00
Simon Willison	222f79bb4c	debug-menu permission, closes #1068 ... Also added tests for navigation menu logic.	2020-10-30 08:41:57 -07:00
Simon Willison	78b3eeaad9	.blob output renderer ... * _blob_hash= checking plus refactored to use new BadRequest class, refs #1050 * Replace BlobView with new .blob renderer, closes #1050 * .blob downloads on arbitrary queries, closes #1051	2020-10-29 15:01:38 -07:00
Simon Willison	7d9fedc176	Cascading permissions for .db download, closes #1058	2020-10-27 20:15:41 -07:00
Simon Willison	5a15197960	/db/table/-/blob/pk/column.blob download URL, refs #1036	2020-10-24 16:09:18 -07:00
Simon Willison	a648bb82ba	Upgrade to Black 20.8b1, closes #958	2020-09-02 15:24:55 -07:00
Simon Willison	12c0bc09cc	/-/allow-debug tool, closes #908	2020-07-24 15:55:10 -07:00
Simon Willison	57879dc8b3	Better titles for canned query pages, closes #887	2020-07-01 17:23:37 -07:00
Simon Willison	d6e03b0430	Cascading view permissions, closes #832 ... - If you have table permission but not database permission you can now view the table page - New BaseView.check_permissions() method	2020-06-30 16:40:50 -07:00
Simon Willison	308bcc8805	Fixed test_permissions_debug	2020-06-11 17:25:12 -07:00
Simon Willison	29c5ff493a	view-instance permission for debug URLs, closes #833	2020-06-11 15:14:51 -07:00
Simon Willison	57e812d5de	ds_author cookie can now expire, closes #829 ... Refs https://github.com/simonw/datasette-auth-github/issues/62#issuecomment-642152076	2020-06-10 12:39:54 -07:00
Simon Willison	5ef3b7b0c9	Applied Black ... Refs #825	2020-06-09 12:25:48 -07:00
Simon Willison	7633b9ab24	unauthenticated: true method plus allow block docs, closes #825	2020-06-09 10:01:03 -07:00
Simon Willison	49d6d2f7b0	allow_sql block to control execute-sql upermission in metadata.json, closes #813 ... Also removed the --config allow_sql:0 mechanism in favour of the new allow_sql block.	2020-06-08 17:05:44 -07:00
Simon Willison	040fc0546f	Updated tests, refs #817	2020-06-08 12:02:56 -07:00
Simon Willison	5598c5de01	Database list on index page respects table/view permissions, refs #811	2020-06-08 11:34:14 -07:00
Simon Willison	dcec89270a	View list respects view-table permission, refs #811 ... Also makes a small change to the /fixtures.json JSON: "views": ["view_name"] Is now: "views": [{"name": "view_name", "private": true}]	2020-06-08 11:20:59 -07:00
Simon Willison	9ac27f67fe	Show padlock on private query page, refs #811	2020-06-08 11:13:32 -07:00
Simon Willison	aa420009c0	Show padlock on private table page, refs #811	2020-06-08 11:07:11 -07:00
Simon Willison	3ce7f2e7da	Show padlock on private database page, refs #811	2020-06-08 07:23:10 -07:00
Simon Willison	1cf86e5ecc	Show padlock on private index page, refs #811	2020-06-08 07:18:47 -07:00
Simon Willison	cc218fa9be	Move assert_permissions_checked() calls from test_html.py to test_permissions.py, refs #811	2020-06-08 07:02:31 -07:00
Simon Willison	9397d71834	Implemented view-table, refs #811	2020-06-07 21:47:22 -07:00
Simon Willison	b26292a458	Test that view-query is respected by query list, refs #811	2020-06-07 20:56:49 -07:00
Simon Willison	9b42e1a4f5	view-database permission ... Also now using 🔒 to indicate private resources - resources that would not be available to the anonymous user. Refs #811	2020-06-07 20:50:37 -07:00
Simon Willison	cd92e4fe2a	Fixed test name, this executes view-query, not execute-sql - refs #811	2020-06-07 14:33:56 -07:00
Simon Willison	8571ce388a	Implemented view-instance permission, refs #811	2020-06-07 14:30:39 -07:00
Simon Willison	ece0ba6f4b	Test + default impl for view-query permission, refs #811	2020-06-07 14:23:16 -07:00