set-column-types permission, refs #2671

2026-05-28 12:56:18 +02:00 · 2026-03-18 11:47:13 -07:00 · 2026-03-18 11:47:13 -07:00 · bee25f58cb
commit bee25f58cb
parent feaba9b18b
5 changed files with 64 additions and 2 deletions
--- a/datasette/default_actions.py
+++ b/datasette/default_actions.py
@ -85,6 +85,12 @@ def register_actions():
            description="Alter tables",
            resource_class=TableResource,
        ),
+        Action(
+            name="set-column-types",
+            abbr="sct",
+            description="Set column types",
+            resource_class=TableResource,
+        ),
        Action(
            name="drop-table",
            abbr="dt",
--- a/docs/authentication.rst
+++ b/docs/authentication.rst
@ -33,7 +33,7 @@ The one exception is the "root" account, which you can sign into while using Dat
 The ``--root`` flag is designed for local development and testing. When you start Datasette with ``--root``, the root user automatically receives every permission, including:

 * All view permissions (``view-instance``, ``view-database``, ``view-table``, etc.)
-* All write permissions (``insert-row``, ``update-row``, ``delete-row``, ``create-table``, ``alter-table``, ``drop-table``)
+* All write permissions (``insert-row``, ``update-row``, ``delete-row``, ``create-table``, ``alter-table``, ``set-column-types``, ``drop-table``)
 * Debug permissions (``permissions-debug``, ``debug-menu``)
 * Any custom permissions defined by plugins

@ -886,6 +886,8 @@ To grant ``create-table`` to the user with ``id`` of ``editor`` for the ``docs``
        }
 .. [[[end]]]

+Other table-scoped write permissions, including ``set-column-types``, can be configured in the same place.
+
 And for ``insert-row`` against the ``reports`` table in that ``docs`` database:

 .. [[[cog
@ -1343,6 +1345,18 @@ alter-table

 Actor is allowed to alter a database table.

+``resource`` - ``datasette.resources.TableResource(database, table)``
+    ``database`` is the name of the database (string)
+
+    ``table`` is the name of the table (string)
+
+.. _actions_set_column_types:
+
+set-column-types
+----------------
+
+Actor is allowed to set assigned column types for columns in a table.
+
 ``resource`` - ``datasette.resources.TableResource(database, table)``
    ``database`` is the name of the database (string)

--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@ -191,6 +191,7 @@ def test_auth_create_token(
            "all:view-query",
            "database:fixtures:drop-table",
            "resource:fixtures:foreign_key_references:insert-row",
+            "resource:fixtures:facetable:set-column-types",
        }
    )
    # Now try actually creating one
@ -427,6 +428,15 @@ async def test_root_with_root_enabled_gets_all_permissions(ds_client):
        is True
    )

+    assert (
+        await ds_client.ds.allowed(
+            action="set-column-types",
+            resource=TableResource("fixtures", "facetable"),
+            actor=root_actor,
+        )
+        is True
+    )
+
    assert (
        await ds_client.ds.allowed(
            action="drop-table",
@ -491,3 +501,12 @@ async def test_root_without_root_enabled_no_special_permissions(ds_client):
        )
        is not True
    ), "Root without root_enabled should not automatically get drop-table"
+
+    assert (
+        await ds_client.ds.allowed(
+            action="set-column-types",
+            resource=TableResource("fixtures", "facetable"),
+            actor=root_actor,
+        )
+        is not True
+    ), "Root without root_enabled should not automatically get set-column-types"
--- a/tests/test_internals_datasette.py
+++ b/tests/test_internals_datasette.py
@ -164,7 +164,14 @@ def test_datasette_error_if_string_not_list(tmpdir):
@pytest.mark.asyncio
 async def test_get_action(ds_client):
    ds = ds_client.ds
-    for name_or_abbr in ("vi", "view-instance", "vt", "view-table"):
+    for name_or_abbr in (
+        "vi",
+        "view-instance",
+        "vt",
+        "view-table",
+        "sct",
+        "set-column-types",
+    ):
        action = ds.get_action(name_or_abbr)
        if "-" in name_or_abbr:
            assert action.name == name_or_abbr
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@ -831,6 +831,22 @@ PermConfigTestCase = collections.namedtuple(
            resource=("perms_ds_one", "t1"),
            expected_result=True,
        ),
+        # set-column-types on specific table
+        PermConfigTestCase(
+            config={
+                "databases": {
+                    "perms_ds_one": {
+                        "tables": {
+                            "t1": {"permissions": {"set-column-types": {"id": "user"}}}
+                        }
+                    }
+                }
+            },
+            actor={"id": "user"},
+            action="set-column-types",
+            resource=("perms_ds_one", "t1"),
+            expected_result=True,
+        ),
        # insert-row on database
        PermConfigTestCase(
            config={