mirror
/
datasette
kopia lustrzana https://github.com/simonw/datasette
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

View list respects view-table permission, refs #811 

Also makes a small change to the /fixtures.json JSON:

    "views": ["view_name"]

Is now:

    "views": [{"name": "view_name", "private": true}]
pull/819/head
Simon Willison 2020-06-08 11:20:21 -07:00
rodzic 9ac27f67fe
commit dcec89270a
3 zmienionych plików z 24 dodań i 7 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

2
datasette/templates/database.html
Wyświetl plik

@ -51,7 +51,7 @@
<h2 id="views">Views</h2> <h2 id="views">Views</h2>
<ul> <ul>
{% for view in views %} {% for view in views %}
<li><a href="{{ database_url(database) }}/{{ view|urlencode }}">{{ view }}</a></li> <li><a href="{{ database_url(database) }}/{{ view.name|urlencode }}">{{ view.name }}</a>{% if view.private %} 🔒{% endif %}</li>
{% endfor %} {% endfor %}
</ul> </ul>
{% endif %} {% endif %}

11
datasette/views/database.py
Wyświetl plik

@ -37,10 +37,19 @@ class DatabaseView(DataView):
db = self.ds.databases[database] db = self.ds.databases[database]
table_counts = await db.table_counts(5) table_counts = await db.table_counts(5)
views = await db.view_names()
hidden_table_names = set(await db.hidden_table_names()) hidden_table_names = set(await db.hidden_table_names())
all_foreign_keys = await db.get_all_foreign_keys() all_foreign_keys = await db.get_all_foreign_keys()
views = []
for view_name in await db.view_names():
visible, private = await check_visibility(
self.ds, request.actor, "view-table", "table", (database, view_name),
)
if visible:
views.append(
{"name": view_name, "private": private,}
)
tables = [] tables = []
for table in table_counts: for table in table_counts:
visible, private = await check_visibility( visible, private = await check_visibility(

18
tests/test_permissions.py
Wyświetl plik

@ -107,19 +107,27 @@ def test_table_list_respects_view_table():
metadata={ metadata={
"databases": { "databases": {
"fixtures": { "fixtures": {
"tables": {"compound_three_primary_keys": {"allow": {"id": "root"}}} "tables": {
"compound_three_primary_keys": {"allow": {"id": "root"}},
# And a SQL view too:
"paginated_view": {"allow": {"id": "root"}},
}
} }
} }
} }
) as client: ) as client:
html_fragment = '<a href="/fixtures/compound_three_primary_keys">compound_three_primary_keys</a> 🔒' html_fragments = [
">compound_three_primary_keys</a> 🔒",
">paginated_view</a> 🔒",
]
anon_response = client.get("/fixtures") anon_response = client.get("/fixtures")
assert html_fragment not in anon_response.text for html_fragment in html_fragments:
assert '"/fixtures/compound_three_primary_keys"' not in anon_response.text assert html_fragment not in anon_response.text
auth_response = client.get( auth_response = client.get(
"/fixtures", cookies={"ds_actor": client.ds.sign({"id": "root"}, "actor")} "/fixtures", cookies={"ds_actor": client.ds.sign({"id": "root"}, "actor")}
) )
assert html_fragment in auth_response.text for html_fragment in html_fragments:
assert html_fragment in auth_response.text
@pytest.mark.parametrize( @pytest.mark.parametrize(