github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity
2,374 commits 143 branches 163 tags 44 MiB
Commit graph

35 commits

Author SHA1 Message Date
Simon Willison
c41278b46f default_allow_sql setting, closes #1409 
Refs #1410
 2023-01-04 16:51:26 -08:00
Simon Willison
e238df3959 Handle non-initials in permission_allowed_actor_restrictions, closes #1956 2022-12-14 12:04:23 -08:00
Simon Willison
34ad574bac Don't hard-code permissions in permission_allowed_actor_restrictions, refs #1855 2022-12-12 21:14:40 -08:00
Simon Willison
e95b490d88 Move create-token command into cli.py, refs #1855 2022-12-12 20:18:42 -08:00
Simon Willison
9cc1a7c4c8 create-token command can now create restricted tokens, refs #1855 2022-12-12 20:15:56 -08:00
Simon Willison
3e6a208ba3 Rename 't' to 'r' in '_r' actor format, refs #1855 2022-12-12 19:27:34 -08:00
Simon Willison
c5d30b58a1 Implemented metadata permissions: property, closes #1636 2022-12-12 18:40:45 -08:00
Simon Willison
8bf06a76b5
 		register_permissions() plugin hook (#1940) 
* Docs for permissions: in metadata, refs #1636
* Refactor default_permissions.py to help with implementation of #1636
* register_permissions() plugin hook, closes #1939 - also refs #1938
* Tests for register_permissions() hook, refs #1939
* Documentation for datasette.permissions, refs #1939
* permission_allowed() falls back on Permission.default, refs #1939
* Raise StartupError on duplicate permissions
* Allow dupe permisisons if exact matches
 2022-12-12 18:05:54 -08:00
Simon Willison
272982e8a6
 		/db/table/-/upsert API 
Close #1878

Also made a few tweaks to how _r works in tokens and actors,
refs #1855 - I needed that mechanism for the tests.
 2022-12-07 17:12:15 -08:00
Simon Willison
484bef0d3b /db/table/pk/-/update endpoint, closes #1863 2022-11-29 10:06:19 -08:00
Simon Willison
187d91d686 /db/-/create API endpoint, closes #1882 2022-11-14 21:57:28 -08:00
Simon Willison
bcc781f4c5 Implementation and tests for _r field on actor, refs #1855 
New mechanism for restricting permissions further for a given actor.

This still needs documentation. It will eventually be used by the mechanism to issue
signed API tokens that are only able to perform a subset of actions.

This also adds tests that exercise the POST /-/permissions tool, refs #1881
 2022-11-03 17:12:23 -07:00
Simon Willison
00632ded30 Initial attempt at /db/table/row/-/delete, refs #1864 2022-10-30 16:16:00 -07:00
Simon Willison
2865d3956f /db/table/-/drop API, closes #1874 2022-10-30 15:17:21 -07:00
Simon Willison
9eb9ffae3d Drop API token requirement from API explorer, refs #1871 2022-10-30 13:09:55 -07:00
Simon Willison
51c436fed2 First draft of insert row write API, refs #1851 2022-10-26 20:57:02 -07:00
Simon Willison
382a871583 max_signed_tokens_ttl setting, closes #1858 
Also redesigned token format to include creation time and optional duration.
 2022-10-26 20:14:59 -07:00
Simon Willison
c7956eed77 datasette create-token command, refs #1859 2022-10-25 21:26:12 -07:00
Simon Willison
c23fa850e7 allow_signed_tokens setting, closes #1856 2022-10-25 19:55:47 -07:00
Simon Willison
0f013ff497 Mechanism to prevent tokens creating tokens, closes #1857 2022-10-25 19:43:55 -07:00
Simon Willison
b29e487bc3 actor_from_request for dstok_ tokens, refs #1852 2022-10-25 19:18:41 -07:00
Simon Willison
dcdfb2c301 Rename _schemas to _internal, closes #1156 2020-12-21 11:48:06 -08:00
Simon Willison
ebc7aa287c In-memory _schemas database tracking schemas of attached tables, closes #1150 2020-12-18 14:34:05 -08:00
Simon Willison
222f79bb4c debug-menu permission, closes #1068 
Also added tests for navigation menu logic.
 2020-10-30 08:41:57 -07:00
Simon Willison
ab76eddf31 Express no opinion if allow block is missing 
Default permission policy was returning True by default for permission
checks - which means that if allow was not defined for a level it would
be treated as a passing check.

This is better: we now return None of the allow block is not defined,
which means 'I have no opinion on this' and allows other code to make
its own decisions.

Added while working on #832
 2020-06-30 15:49:06 -07:00
Simon Willison
6c26345836 New plugin hook: canned_queries(), refs #852 2020-06-18 16:35:15 -07:00
Simon Willison
49d6d2f7b0 allow_sql block to control execute-sql upermission in metadata.json, closes #813 
Also removed the --config allow_sql:0 mechanism in favour of the new allow_sql block.
 2020-06-08 17:05:44 -07:00
Simon Willison
e0a4664fba Better example plugin for permission_allowed 
Also fixed it so default permission checks run after plugin permission checks, refs #818
 2020-06-08 15:09:57 -07:00
Simon Willison
799c5d5357 Renamed resource_identifier to resource, refs #817 2020-06-08 11:59:53 -07:00
Simon Willison
c9f1ec616e Removed resource_type from permissions system, closes #817 
Refs #811, #699
 2020-06-08 11:51:03 -07:00
Simon Willison
9397d71834 Implemented view-table, refs #811 2020-06-07 21:47:22 -07:00
Simon Willison
9b42e1a4f5 view-database permission 
Also now using 🔒 to indicate private resources - resources that
would not be available to the anonymous user. Refs #811
 2020-06-07 20:50:37 -07:00
Simon Willison
8571ce388a Implemented view-instance permission, refs #811 2020-06-07 14:30:39 -07:00
Simon Willison
ece0ba6f4b Test + default impl for view-query permission, refs #811 2020-06-07 14:23:16 -07:00
Simon Willison
dfdbdf378a Added /-/permissions debug tool, closes #788 
Also started the authentication.rst docs page, refs #786.

Part of authentication work, refs #699.
 2020-05-31 22:00:36 -07:00