Migrate allow from metadata to config if necessary, closes #2249

2024-02-06 22:18:38 -08:00 · 2024-02-06 22:18:38 -08:00 · 9ac9f0152f
commit 9ac9f0152f
--- a/datasette/app.py
+++ b/datasette/app.py
@ -74,7 +74,7 @@ from .utils import (
    find_spatialite,
    format_bytes,
    module_from_path,
-    move_plugins,
+    move_plugins_and_allow,
    move_table_config,
    parse_metadata,
    resolve_env_secrets,
@ -344,10 +344,10 @@ class Datasette:
            with config_files[0].open() as fp:
                config = parse_metadata(fp.read())

-        # Move any "plugins" settings from metadata to config - updates them in place
+        # Move any "plugins" and "allow" settings from metadata to config - updates them in place
        metadata = metadata or {}
        config = config or {}
-        metadata, config = move_plugins(metadata, config)
+        metadata, config = move_plugins_and_allow(metadata, config)
        # Now migrate any known table configuration settings over as well
        metadata, config = move_table_config(metadata, config)

--- a/datasette/utils/init.py
+++ b/datasette/utils/init.py
@ -1302,10 +1302,11 @@ def prune_empty_dicts(d: dict):
                d.pop(key, None)


-def move_plugins(source: dict, destination: dict) -> Tuple[dict, dict]:
+def move_plugins_and_allow(source: dict, destination: dict) -> Tuple[dict, dict]:
    """
-    Move 'plugins' keys from source to destination dictionary. Creates hierarchy in destination if needed.
-    After moving, recursively remove any keys in the source that are left empty.
+    Move 'plugins' and 'allow' keys from source to destination dictionary. Creates
+    hierarchy in destination if needed. After moving, recursively remove any keys
+    in the source that are left empty.
    """
    source = copy.deepcopy(source)
    destination = copy.deepcopy(destination)
@ -1315,7 +1316,7 @@ def move_plugins(source: dict, destination: dict) -> Tuple[dict, dict]:
            path = []
        for key, value in list(src.items()):
            new_path = path + [key]
-            if key == "plugins":
+            if key in ("plugins", "allow"):
                # Navigate and create the hierarchy in destination if needed
                d = dest
                for step in path:
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@ -89,10 +89,11 @@ def test_view_padlock(allow, expected_anon, expected_auth, path, padlock_client)
        ({"id": "root"}, 403, 200),
    ],
 )
-def test_view_database(allow, expected_anon, expected_auth):
-    with make_app_client(
-        config={"databases": {"fixtures": {"allow": allow}}}
-    ) as client:
+@pytest.mark.parametrize("use_metadata", (True, False))
+def test_view_database(allow, expected_anon, expected_auth, use_metadata):
+    key = "metadata" if use_metadata else "config"
+    kwargs = {key: {"databases": {"fixtures": {"allow": allow}}}}
+    with make_app_client(**kwargs) as client:
        for path in (
            "/fixtures",
            "/fixtures/compound_three_primary_keys",
@ -173,16 +174,19 @@ def test_database_list_respects_view_table():
        ({"id": "root"}, 403, 200),
    ],
 )
-def test_view_table(allow, expected_anon, expected_auth):
-    with make_app_client(
-        config={
+@pytest.mark.parametrize("use_metadata", (True, False))
+def test_view_table(allow, expected_anon, expected_auth, use_metadata):
+    key = "metadata" if use_metadata else "config"
+    kwargs = {
+        key: {
            "databases": {
                "fixtures": {
                    "tables": {"compound_three_primary_keys": {"allow": allow}}
                }
            }
        }
-    ) as client:
+    }
+    with make_app_client(**kwargs) as client:
        anon_response = client.get("/fixtures/compound_three_primary_keys")
        assert expected_anon == anon_response.status
        if allow and anon_response.status == 200: