Simon Willison 6584c9e03f Remove ensure_permissions() and simplify check_visibility() ... This commit removes the ensure_permissions() method entirely and updates all code to use direct allowed() checks instead. Key changes: - Removed ensure_permissions() method from datasette/app.py - Simplified check_visibility() to check single permissions directly - Replaced all ensure_permissions() calls with direct allowed() checks - Updated all check_visibility() calls to use only primary permission - Added Forbidden import to index.py Why this change: - ensure_permissions() used OR logic (any permission passes) which conflicted with explicit denies in the config - For example, check_visibility() called ensure_permissions() with ["view-database", "view-instance"] and if view-instance passed, it would show pages even with explicit database deny - The new approach checks only the specific permission needed for each resource, respecting explicit denies Test improvements: 64 failures → 41 failures 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>		2025-10-25 15:38:07 -07:00
..
__init__.py	Drop 3.8 testing, add 3.13 testing, upgrade Black	2025-03-09 20:45:18 -07:00
base.py	New allowed_resources_sql plugin hook and debug tools (#2505)	2025-10-08 14:27:51 -07:00
database.py	Remove ensure_permissions() and simplify check_visibility()	2025-10-25 15:38:07 -07:00
index.py	Remove ensure_permissions() and simplify check_visibility()	2025-10-25 15:38:07 -07:00
row.py	Remove ensure_permissions() and simplify check_visibility()	2025-10-25 15:38:07 -07:00
special.py	Remove ensure_permissions() and simplify check_visibility()	2025-10-25 15:38:07 -07:00
table.py	Remove ensure_permissions() and simplify check_visibility()	2025-10-25 15:38:07 -07:00