From 14f1cc49848f7194b914c9b604f3e99816281eb1 Mon Sep 17 00:00:00 2001 From: Simon Willison Date: Mon, 12 Dec 2022 20:21:48 -0800 Subject: [PATCH] Update CLI reference help, refs #1855 --- docs/authentication.rst | 2 +- docs/cli-reference.rst | 35 ++++++++++++++++++++++++++++++----- docs/plugins.rst | 1 - 3 files changed, 31 insertions(+), 7 deletions(-) diff --git a/docs/authentication.rst b/docs/authentication.rst index 3dfd9f61..1790359d 100644 --- a/docs/authentication.rst +++ b/docs/authentication.rst @@ -192,7 +192,7 @@ There are two ways to configure permissions using ``metadata.json`` (or ``metada For simple visibility permissions you can use ``"allow"`` blocks in the root, database, table and query sections. -For other permissions you can use a ``"permissions"`` block, described :ref:`in the next section `. +For other permissions you can use a ``"permissions"`` block, described :ref:`in the next section `. You can limit who is allowed to view different parts of your Datasette instance using ``"allow"`` keys in your :ref:`metadata` configuration. diff --git a/docs/cli-reference.rst b/docs/cli-reference.rst index 4633c73e..0b39126d 100644 --- a/docs/cli-reference.rst +++ b/docs/cli-reference.rst @@ -617,12 +617,37 @@ Create a signed API token, see :ref:`authentication_cli_create_token`. Create a signed API token for the specified actor ID + Example: + + datasette create-token root --secret mysecret + + To only allow create-table: + + datasette create-token root --secret mysecret \ + --all create-table + + Or to only allow insert-row against a specific table: + + datasette create-token root --secret myscret \ + --resource mydb mytable insert-row + + Restricted actions can be specified multiple times using multiple --all, + --database, and --resource options. + + Add --debug to see a decoded version of the token. + Options: - --secret TEXT Secret used for signing the API tokens - [required] - -e, --expires-after INTEGER Token should expire after this many seconds - --debug Show decoded token - --help Show this message and exit. + --secret TEXT Secret used for signing the API tokens + [required] + -e, --expires-after INTEGER Token should expire after this many seconds + -a, --all ACTION Restrict token to this action + -d, --database DB ACTION Restrict token to this action on this database + -r, --resource DB RESOURCE ACTION + Restrict token to this action on this database + resource (a table, SQL view or named query) + --debug Show decoded token + --plugins-dir DIRECTORY Path to directory containing custom plugins + --help Show this message and exit. .. [[[end]]] diff --git a/docs/plugins.rst b/docs/plugins.rst index fa97628c..90a13083 100644 --- a/docs/plugins.rst +++ b/docs/plugins.rst @@ -153,7 +153,6 @@ If you run ``datasette plugins --all`` it will include default plugins that ship "hooks": [ "actor_from_request", "permission_allowed", - "register_commands", "register_permissions", "skip_csrf" ]