From 244f3ff83aac19e96fab85a95ddde349079a9827 Mon Sep 17 00:00:00 2001
From: Simon Willison <swillison@gmail.com>
Date: Fri, 16 Feb 2024 13:39:57 -0800
Subject: [PATCH] Test demonstrating fix for permisisons bug in #2262

---
 tests/test_api_write.py | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/tests/test_api_write.py b/tests/test_api_write.py
index 2d127e1a..2aea699b 100644
--- a/tests/test_api_write.py
+++ b/tests/test_api_write.py
@@ -365,6 +365,41 @@ async def test_insert_or_upsert_row_errors(
     assert before_count == after_count
 
 
+@pytest.mark.asyncio
+@pytest.mark.parametrize("allowed", (True, False))
+async def test_upsert_permissions_per_table(ds_write, allowed):
+    # https://github.com/simonw/datasette/issues/2262
+    token = "dstok_{}".format(
+        ds_write.sign(
+            {
+                "a": "root",
+                "token": "dstok",
+                "t": int(time.time()),
+                "_r": {
+                    "r": {
+                        "data": {
+                            "docs" if allowed else "other": ["ir", "ur"],
+                        }
+                    }
+                },
+            },
+            namespace="token",
+        )
+    )
+    response = await ds_write.client.post(
+        "/data/docs/-/upsert",
+        json={"rows": [{"id": 1, "title": "One"}]},
+        headers={
+            "Authorization": "Bearer {}".format(token),
+        },
+    )
+    if allowed:
+        assert response.status_code == 200
+        assert response.json()["ok"] is True
+    else:
+        assert response.status_code == 403
+
+
 @pytest.mark.asyncio
 @pytest.mark.parametrize(
     "ignore,replace,expected_rows",