datasette

mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00

Author	SHA1	Message	Date
Simon Willison	5be86d48b2	Fix display of padlocks on database page, closes #1848	2022-10-23 19:42:30 -07:00
Simon Willison	78dad236df	check_visibility can now take multiple permissions into account Closes #1829	2022-10-23 19:11:33 -07:00
Simon Willison	1a5e5f2aa9	Refactor breadcrumbs to respect permissions, refs #1831	2022-10-13 14:42:52 -07:00
Simon Willison	c09c53f345	New handle_exception plugin hook, refs #1770 Also refs: - https://github.com/simonw/datasette-sentry/issues/1 - https://github.com/simonw/datasette-show-errors/issues/2	2022-07-17 16:24:39 -07:00
Simon Willison	194e4f6c3f	Removed check_permission() from BaseView, closes #1677 Refs #1660	2022-03-21 11:41:56 -07:00
Brandon Roberts	baf986c871	New get_metadata() plugin hook for dynamic metadata The following hook is added: get_metadata( datasette=self, key=key, database=database, table=table, fallback=fallback ) This gets called when we're building our metdata for the rest of the system to use. We merge whatever the plugins return with any local metadata (from metadata.yml/yaml/json) allowing for a live-editable dynamic Datasette. As a security precation, local meta is not overwritable by plugin hooks. The workflow for transitioning to live-meta would be to load the plugin with the full metadata.yaml and save. Then remove the parts of the metadata that you want to be able to change from the file. * Avoid race condition: don't mutate databases list This avoids the nasty "RuntimeError: OrderedDict mutated during iteration" error that randomly happens when a plugin adds a new database to Datasette, using `add_database`. This change makes the add and remove database functions more expensive, but it prevents the random explosion race conditions that make for confusing user experience when importing live databases. Thanks, @brandonrobertz	2021-06-26 15:24:54 -07:00
Miroslav Šedivý	a882d67962	Modernize code to Python 3.6+ (#1158 ) * Compact dict and set building * Remove redundant parentheses * Simplify chained conditions * Change method name to lowercase * Use triple double quotes for docstrings Thanks, @eumiro!	2020-12-23 09:04:32 -08:00
Simon Willison	2a3d5b720b	Redirect /-/config to /-/settings, closes #1103	2020-11-24 12:19:14 -08:00
Simon Willison	222f79bb4c	debug-menu permission, closes #1068 Also added tests for navigation menu logic.	2020-10-30 08:41:57 -07:00
Simon Willison	78b3eeaad9	.blob output renderer * _blob_hash= checking plus refactored to use new BadRequest class, refs #1050 * Replace BlobView with new .blob renderer, closes #1050 * .blob downloads on arbitrary queries, closes #1051	2020-10-29 15:01:38 -07:00
Simon Willison	7d9fedc176	Cascading permissions for .db download, closes #1058	2020-10-27 20:15:41 -07:00
Simon Willison	5a15197960	/db/table/-/blob/pk/column.blob download URL, refs #1036	2020-10-24 16:09:18 -07:00
Simon Willison	a648bb82ba	Upgrade to Black 20.8b1, closes #958	2020-09-02 15:24:55 -07:00
Simon Willison	12c0bc09cc	/-/allow-debug tool, closes #908	2020-07-24 15:55:10 -07:00
Simon Willison	57879dc8b3	Better titles for canned query pages, closes #887	2020-07-01 17:23:37 -07:00
Simon Willison	d6e03b0430	Cascading view permissions, closes #832 - If you have table permission but not database permission you can now view the table page - New BaseView.check_permissions() method	2020-06-30 16:40:50 -07:00
Simon Willison	308bcc8805	Fixed test_permissions_debug	2020-06-11 17:25:12 -07:00
Simon Willison	29c5ff493a	view-instance permission for debug URLs, closes #833	2020-06-11 15:14:51 -07:00
Simon Willison	57e812d5de	ds_author cookie can now expire, closes #829 Refs https://github.com/simonw/datasette-auth-github/issues/62#issuecomment-642152076	2020-06-10 12:39:54 -07:00
Simon Willison	5ef3b7b0c9	Applied Black Refs #825	2020-06-09 12:25:48 -07:00
Simon Willison	7633b9ab24	unauthenticated: true method plus allow block docs, closes #825	2020-06-09 10:01:03 -07:00
Simon Willison	49d6d2f7b0	allow_sql block to control execute-sql upermission in metadata.json, closes #813 Also removed the --config allow_sql:0 mechanism in favour of the new allow_sql block.	2020-06-08 17:05:44 -07:00
Simon Willison	040fc0546f	Updated tests, refs #817	2020-06-08 12:02:56 -07:00
Simon Willison	5598c5de01	Database list on index page respects table/view permissions, refs #811	2020-06-08 11:34:14 -07:00
Simon Willison	dcec89270a	View list respects view-table permission, refs #811 Also makes a small change to the /fixtures.json JSON: "views": ["view_name"] Is now: "views": [{"name": "view_name", "private": true}]	2020-06-08 11:20:59 -07:00
Simon Willison	9ac27f67fe	Show padlock on private query page, refs #811	2020-06-08 11:13:32 -07:00
Simon Willison	aa420009c0	Show padlock on private table page, refs #811	2020-06-08 11:07:11 -07:00
Simon Willison	3ce7f2e7da	Show padlock on private database page, refs #811	2020-06-08 07:23:10 -07:00
Simon Willison	1cf86e5ecc	Show padlock on private index page, refs #811	2020-06-08 07:18:47 -07:00
Simon Willison	cc218fa9be	Move assert_permissions_checked() calls from test_html.py to test_permissions.py, refs #811	2020-06-08 07:02:31 -07:00
Simon Willison	9397d71834	Implemented view-table, refs #811	2020-06-07 21:47:22 -07:00
Simon Willison	b26292a458	Test that view-query is respected by query list, refs #811	2020-06-07 20:56:49 -07:00
Simon Willison	9b42e1a4f5	view-database permission Also now using 🔒 to indicate private resources - resources that would not be available to the anonymous user. Refs #811	2020-06-07 20:50:37 -07:00
Simon Willison	cd92e4fe2a	Fixed test name, this executes view-query, not execute-sql - refs #811	2020-06-07 14:33:56 -07:00
Simon Willison	8571ce388a	Implemented view-instance permission, refs #811	2020-06-07 14:30:39 -07:00
Simon Willison	ece0ba6f4b	Test + default impl for view-query permission, refs #811	2020-06-07 14:23:16 -07:00

36 commits