mirror of
https://github.com/simonw/datasette.git
synced 2026-06-06 00:56:57 +02:00
c9429466cdThree changes:
1. Rewrite test_utils_permissions.py to exercise production code paths
(allowed_resources / allowed) instead of the test-only
resolve_permissions_from_catalog function. Tests now register plugins
via ds.pm.register and call the real Datasette methods.
2. Remove resolve_permissions_from_catalog, resolve_permissions_with_candidates,
and build_rules_union from datasette/utils/permissions.py. These were
only used by tests and implemented the cascading logic a third time,
independently of the two production implementations.
3. Fix bug in gather_permission_sql_from_hooks where empty params dicts
({}) would cause framework-injected params (:actor_id, :actor, :action)
to be silently lost. The expression `params = permission_sql.params or {}`
creates a new dict when params is {} (falsy), so setdefault writes to a
throwaway dict. Fixed by explicitly checking `is None`.
https://claude.ai/code/session_013EkyroQKPhcjdMbpHc9g4X
|
||
|---|---|---|
| .. | ||
| __init__.py | ||
| actions_sql.py | ||
| asgi.py | ||
| baseconv.py | ||
| check_callable.py | ||
| internal_db.py | ||
| multipart.py | ||
| permissions.py | ||
| shutil_backport.py | ||
| sqlite.py | ||
| testing.py | ||