Simon Willison 2c8e92acf2 Require permissions-debug permission for /-/check endpoint ... The /-/check endpoint now requires the permissions-debug permission to access. This prevents unauthorized users from probing the permission system. Administrators can grant this permission to specific users or anonymous users if they want to allow open access. Added test to verify anonymous and regular users are denied access, while root user (who has all permissions) can access the endpoint. Closes #2546		2025-10-26 11:16:07 -07:00
..
plugins	Remove permission_allowed hook entirely, refs #2528	2025-10-25 15:38:07 -07:00
test_templates	Fix handling of nested custom page wildcard paths, closes #996	2020-10-07 15:51:11 -07:00
__init__.py	Broke up test_app into test_api and test_html	2017-12-15 04:08:24 -08:00
build_small_spatialite_db.py	New run_sanity_checks mechanism, for SpatiLite	2019-05-11 15:55:30 -07:00
conftest.py	Remove permission_allowed hook entirely, refs #2528	2025-10-25 15:38:07 -07:00
ext.c	Add new entrypoint option to --load-extensions. (#1789)	2022-08-23 11:34:30 -07:00
fixtures.py	Fix assert_permissions_checked to handle PermissionCheck dataclass	2025-10-25 15:38:07 -07:00
spatialite.db	New run_sanity_checks mechanism, for SpatiLite	2019-05-11 15:55:30 -07:00
test-datasette-load-plugins.sh	fix (typo): Corrected spelling of 'environments' (#2268)	2024-02-19 14:41:32 -08:00
test_actions_sql.py	Show multiple permission reasons as JSON arrays, refs #2531	2025-10-25 21:24:05 -07:00
test_allowed_resources.py	Rename test_tables_endpoint.py and remove outdated tests	2025-10-25 17:32:48 -07:00
test_api.py	Migrate view-query permission to SQL-based system, refs #2510	2025-10-25 15:38:07 -07:00
test_api_write.py	Fixed some more tests	2025-10-24 10:32:18 -07:00
test_auth.py	Fix test_auth_create_token - template variables and action abbreviation	2025-10-25 15:38:07 -07:00
test_base_view.py	New View base class (#2080)	2023-05-25 17:18:43 -07:00
test_black.py	Remove legacy event_loop fixture usage	2025-10-01 12:51:23 -07:00
test_canned_queries.py	Migrate view-query permission to SQL-based system, refs #2510	2025-10-25 15:38:07 -07:00
test_cli.py	Error on startup if invalid setting types	2025-10-24 10:32:18 -07:00
test_cli_serve_get.py	Introduce new /$DB/-/query endpoint, soft replaces /$DB?sql=... (#2363)	2024-07-15 10:33:51 -07:00
test_cli_serve_server.py	Move HTTPS test to a bash script	2022-12-17 18:33:07 -08:00
test_config_dir.py	Error on startup if invalid setting types	2025-10-24 10:32:18 -07:00
test_config_permission_rules.py	Run black formatter	2025-10-25 15:38:07 -07:00
test_crossdb.py	Remove obsolete mix_stderr=False	2025-09-30 14:33:24 -07:00
test_csv.py	simple_primary_key now uses integer id, helps close #2458	2025-02-01 21:44:53 -08:00
test_custom_pages.py	Remove hashed URL mode	2022-03-18 17:12:03 -07:00
test_datasette_https_server.sh	Detect server start/stop more reliably.	2022-12-18 08:01:51 -08:00
test_docs.py	Applied Black, refs #2544	2025-10-26 10:05:12 -07:00
test_docs_plugins.py	Docs on temporary plugins in fixtures, closes #2234	2024-01-12 14:12:14 -08:00
test_facets.py	Consider just 1000 rows for suggest facet, closes #2406	2024-08-21 13:36:42 -07:00
test_filters.py	?column_notcontains= table filter, closes #2287	2024-02-27 16:07:41 -08:00
test_html.py	Migrate view-query permission to SQL-based system, refs #2510	2025-10-25 15:38:07 -07:00
test_internal_db.py	catalog_views table, closes #2495	2025-07-15 10:22:56 -07:00
test_internals_database.py	Hide FTS tables that have content=	2025-04-16 21:44:09 -07:00
test_internals_datasette.py	Refactor check_visibility() to use Resource objects, refs #2537	2025-10-26 09:49:49 -07:00
test_internals_datasette_client.py	A bunch of remaining ds_client conversions, refs #1959	2022-12-17 13:47:55 -08:00
test_internals_request.py	Request.fake(... url_vars), plus .fake() is now documented	2022-03-31 19:01:58 -07:00
test_internals_response.py	response.set_cookie(), closes #795	2020-06-09 15:19:37 -07:00
test_internals_urls.py	Remove hashed URL mode	2022-03-18 17:12:03 -07:00
test_label_column_for_table.py	Detect single unique text column in label_column_for_table, closes #2458	2025-02-01 17:02:49 -08:00
test_load_extensions.py	Introduce new /$DB/-/query endpoint, soft replaces /$DB?sql=... (#2363)	2024-07-15 10:33:51 -07:00
test_messages.py	Introduce new /$DB/-/query endpoint, soft replaces /$DB?sql=... (#2363)	2024-07-15 10:33:51 -07:00
test_package.py	Upgrade Docker images to Python 3.11, closes #1853	2022-10-25 12:04:53 -07:00
test_permission_endpoints.py	Fix minor irritation with /-/allowed UI	2025-10-25 18:02:26 -07:00
test_permissions.py	Require permissions-debug permission for /-/check endpoint	2025-10-26 11:16:07 -07:00
test_plugins.py	Migrate view-query permission to SQL-based system, refs #2510	2025-10-25 15:38:07 -07:00
test_publish_cloudrun.py	Use service-specific image ID for Cloud Run deploys, refs #2036	2023-03-08 12:25:55 -08:00
test_publish_heroku.py	Upgrade to Python 3.11 on Heroku, refs #1905	2022-11-18 16:44:46 -08:00
test_routes.py	Introduce new /$DB/-/query endpoint, soft replaces /$DB?sql=... (#2363)	2024-07-15 10:33:51 -07:00
test_search_tables.py	Rename test_tables_endpoint.py and remove outdated tests	2025-10-25 17:32:48 -07:00
test_spatialite.py	Skip SpatiaLite test if no conn.enable_load_extension()	2022-09-05 17:09:57 -07:00
test_table_api.py	Migrate view-query permission to SQL-based system, refs #2510	2025-10-25 15:38:07 -07:00
test_table_html.py	fix: tilde encode database name in expanded foreign key links (#2476)	2025-04-16 22:15:11 -07:00
test_tracer.py	Tracer now catches errors, closes #2405	2024-08-21 12:19:18 -07:00
test_utils.py	Fix bug where -s could reset settings to defaults, closes #2389	2024-08-14 14:28:48 -07:00
test_utils_check_callable.py	Rename callable.py to check_callable.py, refs #2078	2023-05-25 11:49:40 -07:00
test_utils_permissions.py	Implement also_requires to enforce view-database for execute-sql	2025-10-24 12:14:52 -07:00
utils.py	Test improvements and fixed deprecation warnings (#2464)	2025-02-04 14:49:52 -08:00