Support CREATE VIEW / DROP VIEW in execute-write-sql

New create-view and drop-view actions.

Also fix a related bug in analyze_sql_tables(): SQLite's authorizer fires a spurious SQLITE_DELETE callback against the view name when a view is dropped (the same thing it does for dropped tables), which was incorrectly surfaced as a delete-row requirement on the view. Broaden the existing drop-table-delete suppression to cover dropped views too.

Closes #2819
This commit is contained in:
Simon Willison 2026-07-02 08:56:04 -07:00 committed by GitHub
commit 2f84ab77f2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 155 additions and 6 deletions

View file

@ -50,7 +50,7 @@ The one exception is the "root" account, which you can sign into while using Dat
The ``--root`` flag is designed for local development and testing. When you start Datasette with ``--root``, the root user automatically receives every permission, including:
* All view permissions (``view-instance``, ``view-database``, ``view-table``, etc.)
* All write permissions (``insert-row``, ``update-row``, ``delete-row``, ``create-table``, ``alter-table``, ``set-column-type``, ``drop-table``)
* All write permissions (``insert-row``, ``update-row``, ``delete-row``, ``create-table``, ``create-view``, ``alter-table``, ``set-column-type``, ``drop-table``, ``drop-view``)
* Debug permissions (``permissions-debug``, ``debug-menu``)
* Any custom permissions defined by plugins
@ -1386,6 +1386,16 @@ create-table
Actor is allowed to create a database table.
``resource`` - ``datasette.resources.DatabaseResource(database)``
``database`` is the name of the database (string)
.. _actions_create_view:
create-view
-----------
Actor is allowed to create a database view.
``resource`` - ``datasette.resources.DatabaseResource(database)``
``database`` is the name of the database (string)
@ -1425,6 +1435,18 @@ Actor is allowed to drop a database table.
``table`` is the name of the table (string)
.. _actions_drop_view:
drop-view
---------
Actor is allowed to drop a database view.
``resource`` - ``datasette.resources.TableResource(database, table)``
``database`` is the name of the database (string)
``table`` is the name of the view (string)
.. _actions_execute_sql:
execute-sql