From 34ad574baccfb3e732c6cb7eee6f55c63775ba3b Mon Sep 17 00:00:00 2001
From: Simon Willison <swillison@gmail.com>
Date: Mon, 12 Dec 2022 21:14:40 -0800
Subject: [PATCH] Don't hard-code permissions in
 permission_allowed_actor_restrictions, refs #1855

---
 datasette/default_permissions.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/datasette/default_permissions.py b/datasette/default_permissions.py
index a812f79f..e94014e7 100644
--- a/datasette/default_permissions.py
+++ b/datasette/default_permissions.py
@@ -191,7 +191,7 @@ def permission_allowed_actor_restrictions(actor, action, resource):
         if action_initials in all_allowed:
             return None
     # How about for the current database?
-    if action in ("view-database", "view-database-download", "execute-sql"):
+    if isinstance(resource, str):
         database_allowed = _r.get("d", {}).get(resource)
         if database_allowed is not None:
             assert isinstance(database_allowed, list)