github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity
datasette/datasette
History
Simon Willison de21a4209c Apply database-level allow blocks to view-query action, refs #2510 
When a database has an "allow" block in the configuration, it should
apply to all queries in that database, not just tables and the database
itself. This fix ensures that queries respect database-level access
controls.

This fixes the test_padlocks_on_database_page test which expects
plugin-defined queries (from_async_hook, from_hook) to show padlock
indicators when the database has restricted access.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-25 15:38:07 -07:00
..
publish Use service-specific image ID for Cloud Run deploys, refs #2036 2023-03-08 12:25:55 -08:00
static Ran prettier 2025-10-25 15:38:07 -07:00
templates Add PermissionCheck dataclass with parent/child fields, refs #2528 2025-10-25 15:38:07 -07:00
utils Migrate view-query permission to SQL-based system, refs #2510 2025-10-25 15:38:07 -07:00
views Add datasette.resource_for_action() helper method, refs #2510 2025-10-25 15:38:07 -07:00
__init__.py track_event() mechanism for analytics and plugins 2024-01-31 15:21:40 -08:00
__main__.py Add support for running datasette as a module (#556) 2019-07-11 09:07:44 -07:00
actor_auth_cookie.py Remove python-baseconv dependency, refs #1733, closes #1734 2022-05-02 12:39:06 -07:00
app.py Add datasette.resource_for_action() helper method, refs #2510 2025-10-25 15:38:07 -07:00
blob_renderer.py Rename route match groups for consistency, refs #1667, #1660 2022-03-19 09:52:08 -07:00
cli.py New --root mechanism with datasette.root_enabled, closes #2521 2025-10-24 10:32:18 -07:00
database.py Hide FTS tables that have content= 2025-04-16 21:44:09 -07:00
default_actions.py Fix view-database-download permission handling 2025-10-25 15:38:07 -07:00
default_magic_parameters.py Fix datetime.utcnow deprecation warning 2024-03-15 15:32:12 -07:00
default_menu_links.py Update permission hooks to include source_plugin column and simplify menu_links 2025-10-25 15:38:07 -07:00
default_permissions.py Apply database-level allow blocks to view-query action, refs #2510 2025-10-25 15:38:07 -07:00
events.py alter table support for /db/-/create API, refs #2101 2024-02-08 13:36:17 -08:00
facets.py Fix huge performance bug in DateFacet, refs #2407 2024-08-21 14:38:11 -07:00
filters.py Fix expand_foreign_keys and filters to use new check_visibility() and allowed() signatures 2025-10-25 15:38:07 -07:00
forbidden.py Fixed a bunch of unused imports spotted with ruff 2024-02-06 17:27:20 -08:00
handle_exception.py debugger: load 'ipdb' if present 2024-08-20 20:02:35 -07:00
hookspecs.py Remove permission_allowed hook entirely, refs #2528 2025-10-25 15:38:07 -07:00
inspect.py Modernize code to Python 3.6+ (#1158) 2020-12-23 09:04:32 -08:00
permissions.py Implement also_requires to enforce view-database for execute-sql 2025-10-24 12:14:52 -07:00
plugins.py Implement resource-based permission system with SQL-driven access control 2025-10-24 10:32:18 -07:00
renderer.py Move Metadata to --internal database 2024-06-11 09:33:23 -07:00
resources.py Migrate view-query permission to SQL-based system, refs #2510 2025-10-25 15:38:07 -07:00
sql_functions.py _search= queries now correctly escaped, fixes #651 2019-12-29 18:48:30 +00:00
tracer.py Tracer now catches errors, closes #2405 2024-08-21 12:19:18 -07:00
url_builder.py count all rows button on table page, refs #2408 2024-08-21 19:09:25 -07:00
version.py Release 1.0a19 2025-04-21 22:38:53 -07:00