remote/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2026-05-28 21:06:18 +02:00
Code Issues Projects Releases Packages Wiki Activity
3,118 commits 166 branches 170 tags 46 MiB
Commit graph

43 commits

Author SHA1 Message Date
Simon Willison
51dab16149 Allow SQL functions in SQL write queries 
Closes #2751
 2026-05-28 10:22:28 -07:00
Simon Willison
bcd989f4f8 Detect and disallow insert to virtual/shadow table 
Refs https://github.com/simonw/datasette/pull/2749#issuecomment-4565727978
 2026-05-28 08:36:59 -07:00
Simon Willison
11bddc8919 Deny VACUUM in user-authored SQL 
Reject VACUUM explicitly during write-query permission analysis so arbitrary write SQL and untrusted stored write queries cannot run it, even when the actor has execute-write-sql.

Refs https://github.com/simonw/datasette/pull/2749#issuecomment-4559073803 (P3)
 2026-05-27 17:09:27 -07:00
Simon Willison
951f5a9f30 Detect VACUUM in SQL analysis 
Refs https://github.com/simonw/datasette/pull/2749#issuecomment-4559073803
 2026-05-27 16:30:21 -07:00
Simon Willison
1932f8429f Deny user-authored schema table reads in write SQL 
Stop marking sqlite_master and sqlite_schema reads as internal as soon as the SQLite authorizer reports them. The later DDL-aware pass still treats schema catalog access as internal when it accompanies semantic CREATE, ALTER, or DROP operations.

This makes explicit catalog reads in write SQL fall through to the deny-by-default path as unsupported read schema operations, preventing queries from copying private table definitions into writable tables.

Refs https://github.com/simonw/datasette/pull/2749#issuecomment-4559073803
 2026-05-27 16:14:56 -07:00
Simon Willison
03b2c66f63 Require full row mutation permissions for raw SQL 
Raw SQL insert and update statements can have broader effects than their SQLite authorizer callbacks reveal. INSERT OR REPLACE and UPDATE OR REPLACE can delete conflicting rows while only surfacing insert or update operations.

Expand table insert and update operations to require insert-row, update-row, and delete-row together. Keep delete operations mapped to delete-row, and update the analysis UI/API to report and evaluate multiple required permissions for a single operation.

Refs https://github.com/simonw/datasette/pull/2749#issuecomment-4559083539
 2026-05-27 15:17:22 -07:00
Simon Willison
86d0e7335f Deny unsupported write SQL operations by default 
Require view-table permission for reads discovered inside write SQL analysis, including INSERT ... SELECT and CREATE TABLE ... AS SELECT.

Record additional SQLite authorizer callbacks as Operation values so unsupported functions, savepoints, virtual table DDL, and unknown callbacks are denied unless explicitly handled.
 2026-05-27 14:52:52 -07:00
Simon Willison
737ff03efb Expanded analysis of SQL operations, refs #2748 2026-05-26 22:11:35 -07:00
Simon Willison
b1289a73f9 stored_queries.StoredQuery dataclass 2026-05-26 16:51:00 -07:00
Simon Willison
2fde692a3e Disallow edits of dangerous decsription_html/on_success_message_sql 
Refs https://github.com/simonw/datasette/pull/2741#issuecomment-4549891578
 2026-05-26 16:34:48 -07:00
Simon Willison
ec438496a9 Get rid of the write/is_write dual properties 2026-05-26 16:31:07 -07:00
Simon Willison
56160e44fc Trusted queries cannot be updated using the API 
Refs https://github.com/simonw/datasette/pull/2741#issuecomment-4549620486
 2026-05-26 16:25:33 -07:00
Simon Willison
d6de8e7520 Link to save query from /-/execute-write 2026-05-26 15:52:16 -07:00
Simon Willison
24887004cf Rename insert-query to store-query 
Also queries/insert to queries/store

Refs https://github.com/simonw/datasette/pull/2741#issuecomment-4549103663
 2026-05-26 14:51:59 -07:00
Simon Willison
ac6ee097dd Disallow update/delete of private queries 
If a user does not own a private query they cannot update
or delete it either, even if they have global update-query.

https://github.com/simonw/datasette/pull/2741/changes#r3306417463
 2026-05-26 14:10:48 -07:00
Simon Willison
f7e9dbc27e Tweaked design of create query page 2026-05-26 14:02:44 -07:00
Simon Willison
5dca2dc9be Show query count on database page 2026-05-26 13:54:47 -07:00
Simon Willison
eb7c25c57c Major redesign of create saved query UI 
https://github.com/simonw/datasette/pull/2741#issuecomment-4548707129
 2026-05-26 13:48:40 -07:00
Simon Willison
0fcaa5792b Style query operations on create query 
Made it consistent with the SQL write page.
 2026-05-26 13:12:07 -07:00
Simon Willison
71c76e3853 Better faceting on /-/queries 
Ref https://github.com/simonw/datasette/pull/2741#issuecomment-4548321815
 2026-05-26 13:08:19 -07:00
Simon Willison
1ac4265ffd Require permissions for untrusted stored query execution, refs #2735 2026-05-26 12:12:59 -07:00
Simon Willison
1cd162e9da Removed some no-longer-necessary code, simplified 
view-query is back in the default allow actions now. We have
other mechanisms that work for controlling visibility, and
the fact that queries default to running with the permissions
of the actor makes this safe.
 2026-05-26 12:07:30 -07:00
Simon Willison
4a1a4d7807 Query is_trusted and is_private properties 
Refs https://github.com/simonw/datasette/issues/2735#issuecomment-4547270516

Diff explanation: https://gist.github.com/simonw/1e4de6c4b041a51968eb273ee96dec1f
 2026-05-26 11:59:49 -07:00
Simon Willison
f1dd86ebfb Tweak URL designs of new endpoints 2026-05-25 14:05:26 -07:00
Simon Willison
8ab8999ba9 Big visual improvement to /-/queries pages 
Including /db/-/queries

Refs https://github.com/simonw/datasette/issues/2735#issuecomment-4536860239
 2026-05-25 12:56:59 -07:00
Simon Willison
4208ded249 No execute-write on immutable databases 
Refs https://github.com/simonw/datasette/issues/2742#issuecomment-4536690161
 2026-05-25 12:46:21 -07:00
Simon Willison
1f7c26ffea Refactor to share JS/HTML between execute and execute-write 
Refs #2742
 2026-05-25 12:45:42 -07:00
Simon Willison
e1261442c0 Update parameters/query operations as user edits the write query 
Refs #2742
 2026-05-25 12:09:52 -07:00
Simon Willison
66bbbbc947 Support multi-line parameters on /db/-/execute-write 
Refs https://github.com/simonw/datasette/issues/2742#issuecomment-4536317049

Each paramater input now has an expand/collapse button toggle to turn into a textarea.

If you paste text that includes at least one newline it toggles automatically.
 2026-05-25 11:35:09 -07:00
Simon Willison
1bce34a338 If just a single insert, link to row page 
Refs #2742
 2026-05-25 11:22:24 -07:00
Simon Willison
2b5b4ed66b Much improved "Write to this database" UI 
- Start with a template option, letting you pick table and operation
- SQL textarea defaults to 4 empty lines at start
- Query operations table is simpler and looks nicer

Refs #2742
 2026-05-25 11:11:11 -07:00
Simon Willison
6eee6c81e8 Add global query browser 
Refs #2735
 2026-05-25 10:24:42 -07:00
Simon Willison
310c36ae94 Limit database query preview to five 
Refs #2735
 2026-05-25 10:18:36 -07:00
Simon Willison
4a70b89355 Add cursor-paginated query browser 
Refs #2735
 2026-05-25 10:11:46 -07:00
Simon Willison
e62a5ea337 Rename query publication flag 
Refs #2735
 2026-05-25 09:46:39 -07:00
Simon Willison
e0d39ba69f Store query options as JSON 
Refs #2735
 2026-05-25 09:41:32 -07:00
Simon Willison
b7505a9fc2 Add execute write SQL database action 
Refs #2735
 2026-05-25 08:49:18 -07:00
Simon Willison
ef43c10388 Add arbitrary write SQL execution page 
Refs #2735
 2026-05-25 08:30:49 -07:00
Simon Willison
040e42ddca Enforce query ownership and remove canned query hook 
Refs #2735
 2026-05-24 22:58:50 -07:00
Simon Willison
4b5fac9cf7 Add query management API and create UI 
Refs #2735
 2026-05-24 22:52:06 -07:00
Simon Willison
221be2632e Add query management actions and write analysis 
Refs #2735
 2026-05-24 22:41:56 -07:00
Simon Willison
b4c63966f8 Load saved queries into permission resources 
Refs #2735
 2026-05-24 22:40:22 -07:00
Simon Willison
7e1abd0da4 Add internal query storage APIs 
Refs #2735
 2026-05-24 22:37:34 -07:00