set-column-types permission, refs #2671

2026-05-29 13:17:02 +02:00 · 2026-03-18 11:47:13 -07:00 · 2026-03-18 11:47:13 -07:00 · bee25f58cb
commit bee25f58cb
parent feaba9b18b
5 changed files with 64 additions and 2 deletions
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@ -191,6 +191,7 @@ def test_auth_create_token(
            "all:view-query",
            "database:fixtures:drop-table",
            "resource:fixtures:foreign_key_references:insert-row",
+            "resource:fixtures:facetable:set-column-types",
        }
    )
    # Now try actually creating one
@ -427,6 +428,15 @@ async def test_root_with_root_enabled_gets_all_permissions(ds_client):
        is True
    )

+    assert (
+        await ds_client.ds.allowed(
+            action="set-column-types",
+            resource=TableResource("fixtures", "facetable"),
+            actor=root_actor,
+        )
+        is True
+    )
+
    assert (
        await ds_client.ds.allowed(
            action="drop-table",
@ -491,3 +501,12 @@ async def test_root_without_root_enabled_no_special_permissions(ds_client):
        )
        is not True
    ), "Root without root_enabled should not automatically get drop-table"
+
+    assert (
+        await ds_client.ds.allowed(
+            action="set-column-types",
+            resource=TableResource("fixtures", "facetable"),
+            actor=root_actor,
+        )
+        is not True
+    ), "Root without root_enabled should not automatically get set-column-types"
--- a/tests/test_internals_datasette.py
+++ b/tests/test_internals_datasette.py
@ -164,7 +164,14 @@ def test_datasette_error_if_string_not_list(tmpdir):
@pytest.mark.asyncio
 async def test_get_action(ds_client):
    ds = ds_client.ds
-    for name_or_abbr in ("vi", "view-instance", "vt", "view-table"):
+    for name_or_abbr in (
+        "vi",
+        "view-instance",
+        "vt",
+        "view-table",
+        "sct",
+        "set-column-types",
+    ):
        action = ds.get_action(name_or_abbr)
        if "-" in name_or_abbr:
            assert action.name == name_or_abbr
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@ -831,6 +831,22 @@ PermConfigTestCase = collections.namedtuple(
            resource=("perms_ds_one", "t1"),
            expected_result=True,
        ),
+        # set-column-types on specific table
+        PermConfigTestCase(
+            config={
+                "databases": {
+                    "perms_ds_one": {
+                        "tables": {
+                            "t1": {"permissions": {"set-column-types": {"id": "user"}}}
+                        }
+                    }
+                }
+            },
+            actor={"id": "user"},
+            action="set-column-types",
+            resource=("perms_ds_one", "t1"),
+            expected_result=True,
+        ),
        # insert-row on database
        PermConfigTestCase(
            config={