remote/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2026-06-06 09:07:00 +02:00
Code Issues Projects Releases Packages Wiki Activity

set-column-types permission, refs #2671

Browse source
This commit is contained in:
Simon Willison 2026-03-18 11:47:13 -07:00
commit bee25f58cb
5 changed files with 64 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
datasette/default_actions.py
View file

@ -85,6 +85,12 @@ def register_actions():
description="Alter tables", description="Alter tables",
resource_class=TableResource, resource_class=TableResource,
), ),
Action(
name="set-column-types",
abbr="sct",
description="Set column types",
resource_class=TableResource,
),
Action( Action(
name="drop-table", name="drop-table",
abbr="dt", abbr="dt",

16
docs/authentication.rst
View file

@ -33,7 +33,7 @@ The one exception is the "root" account, which you can sign into while using Dat
The ``--root`` flag is designed for local development and testing. When you start Datasette with ``--root``, the root user automatically receives every permission, including: The ``--root`` flag is designed for local development and testing. When you start Datasette with ``--root``, the root user automatically receives every permission, including:
* All view permissions (``view-instance``, ``view-database``, ``view-table``, etc.) * All view permissions (``view-instance``, ``view-database``, ``view-table``, etc.)
* All write permissions (``insert-row``, ``update-row``, ``delete-row``, ``create-table``, ``alter-table``, ``drop-table``) * All write permissions (``insert-row``, ``update-row``, ``delete-row``, ``create-table``, ``alter-table``, ``set-column-types``, ``drop-table``)
* Debug permissions (``permissions-debug``, ``debug-menu``) * Debug permissions (``permissions-debug``, ``debug-menu``)
* Any custom permissions defined by plugins * Any custom permissions defined by plugins
@ -886,6 +886,8 @@ To grant ``create-table`` to the user with ``id`` of ``editor`` for the ``docs``
} }
.. [[[end]]] .. [[[end]]]
Other table-scoped write permissions, including ``set-column-types``, can be configured in the same place.
And for ``insert-row`` against the ``reports`` table in that ``docs`` database: And for ``insert-row`` against the ``reports`` table in that ``docs`` database:
.. [[[cog .. [[[cog
@ -1343,6 +1345,18 @@ alter-table
Actor is allowed to alter a database table. Actor is allowed to alter a database table.
``resource`` - ``datasette.resources.TableResource(database, table)``
``database`` is the name of the database (string)
``table`` is the name of the table (string)
.. _actions_set_column_types:
set-column-types
----------------
Actor is allowed to set assigned column types for columns in a table.
``resource`` - ``datasette.resources.TableResource(database, table)`` ``resource`` - ``datasette.resources.TableResource(database, table)``
``database`` is the name of the database (string) ``database`` is the name of the database (string)

19
tests/test_auth.py
View file

@ -191,6 +191,7 @@ def test_auth_create_token(
"all:view-query", "all:view-query",
"database:fixtures:drop-table", "database:fixtures:drop-table",
"resource:fixtures:foreign_key_references:insert-row", "resource:fixtures:foreign_key_references:insert-row",
"resource:fixtures:facetable:set-column-types",
} }
) )
# Now try actually creating one # Now try actually creating one
@ -427,6 +428,15 @@ async def test_root_with_root_enabled_gets_all_permissions(ds_client):
is True is True
) )
assert (
await ds_client.ds.allowed(
action="set-column-types",
resource=TableResource("fixtures", "facetable"),
actor=root_actor,
)
is True
)
assert ( assert (
await ds_client.ds.allowed( await ds_client.ds.allowed(
action="drop-table", action="drop-table",
@ -491,3 +501,12 @@ async def test_root_without_root_enabled_no_special_permissions(ds_client):
) )
is not True is not True
), "Root without root_enabled should not automatically get drop-table" ), "Root without root_enabled should not automatically get drop-table"
assert (
await ds_client.ds.allowed(
action="set-column-types",
resource=TableResource("fixtures", "facetable"),
actor=root_actor,
)
is not True
), "Root without root_enabled should not automatically get set-column-types"

9
tests/test_internals_datasette.py
View file

@ -164,7 +164,14 @@ def test_datasette_error_if_string_not_list(tmpdir):
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_get_action(ds_client): async def test_get_action(ds_client):
ds = ds_client.ds ds = ds_client.ds
for name_or_abbr in ("vi", "view-instance", "vt", "view-table"): for name_or_abbr in (
"vi",
"view-instance",
"vt",
"view-table",
"sct",
"set-column-types",
):
action = ds.get_action(name_or_abbr) action = ds.get_action(name_or_abbr)
if "-" in name_or_abbr: if "-" in name_or_abbr:
assert action.name == name_or_abbr assert action.name == name_or_abbr

16
tests/test_permissions.py
View file

@ -831,6 +831,22 @@ PermConfigTestCase = collections.namedtuple(
resource=("perms_ds_one", "t1"), resource=("perms_ds_one", "t1"),
expected_result=True, expected_result=True,
), ),
# set-column-types on specific table
PermConfigTestCase(
config={
"databases": {
"perms_ds_one": {
"tables": {
"t1": {"permissions": {"set-column-types": {"id": "user"}}}
}
}
}
},
actor={"id": "user"},
action="set-column-types",
resource=("perms_ds_one", "t1"),
expected_result=True,
),
# insert-row on database # insert-row on database
PermConfigTestCase( PermConfigTestCase(
config={ config={