Simon Willison
|
371170eee8
|
publish heroku now deploys with Python 3.8.3
|
2020-06-11 08:44:44 -07:00 |
Simon Willison
|
ce4958018e
|
Clarify that view-query also lets you execute writable queries
|
2020-06-10 17:10:28 -07:00 |
Simon Willison
|
198545733b
|
Document that "allow": {} denies all
https://github.com/simonw/datasette/issues/831#issuecomment-642324847
|
2020-06-10 16:56:53 -07:00 |
Simon Willison
|
9f236c4c00
|
Warn that register_facet_classes may change, refs #830
Also documented policy that plugin hooks should not be shipped without a real example. Refs #818
|
2020-06-10 13:06:46 -07:00 |
Simon Willison
|
57e812d5de
|
ds_author cookie can now expire, closes #829
Refs https://github.com/simonw/datasette-auth-github/issues/62#issuecomment-642152076
|
2020-06-10 12:39:54 -07:00 |
Simon Willison
|
d828abadde
|
Fix horizontal scrollbar on changelog, refs #828
|
2020-06-09 21:20:07 -07:00 |
Simon Willison
|
f3951539f1
|
Hopefully fix horizontal scroll with changelog on mobile
|
2020-06-09 18:19:11 -07:00 |
Simon Willison
|
d94fc39e33
|
Crafty JavaScript trick for generating commit references
|
2020-06-09 16:43:58 -07:00 |
Simon Willison
|
b3919d8059
|
Mostly complete release notes for 0.44, refs #806
|
2020-06-09 16:03:42 -07:00 |
Simon Willison
|
b5f04f42ab
|
ds_actor cookie documentation, closes #826
|
2020-06-09 15:32:24 -07:00 |
Simon Willison
|
008e2f63c2
|
response.set_cookie(), closes #795
|
2020-06-09 15:19:37 -07:00 |
Simon Willison
|
f240970b83
|
Fixed tests/fixtures.py, closes #804
|
2020-06-09 12:58:12 -07:00 |
Simon Willison
|
56eb80a459
|
Documented CSRF protection, closes #827
|
2020-06-09 12:32:52 -07:00 |
Simon Willison
|
5ef3b7b0c9
|
Applied Black
Refs #825
|
2020-06-09 12:25:48 -07:00 |
Simon Willison
|
7633b9ab24
|
unauthenticated: true method plus allow block docs, closes #825
|
2020-06-09 10:01:03 -07:00 |
Simon Willison
|
70dd14876e
|
Improved documentation for permissions, refs #699
|
2020-06-09 09:04:46 -07:00 |
Simon Willison
|
3aa87eeaf2
|
Documentation no loger suggests that actor["id"] is required, closes #823
|
2020-06-09 07:58:12 -07:00 |
Simon Willison
|
fa87d16612
|
Clearer docs for actor_matches_allow
|
2020-06-09 07:10:46 -07:00 |
Simon Willison
|
eefeafaa27
|
Removed unused import
|
2020-06-09 07:09:39 -07:00 |
Simon Willison
|
fec750435d
|
Support anonymous: true in actor_matches_allow, refs #825
|
2020-06-09 07:01:23 -07:00 |
Simon Willison
|
eb3ec279be
|
Test for anonymous: true, refs #825
|
2020-06-08 23:33:06 -07:00 |
Simon Willison
|
5a6a73e319
|
Replace os.urandom(32).hex() with secrets.token_hex(32)
|
2020-06-08 21:37:35 -07:00 |
Simon Willison
|
fac8e93815
|
request.url_vars property, closes #822
|
2020-06-08 20:40:00 -07:00 |
Simon Willison
|
db660db463
|
Docs + unit tests for Response, closes #821
|
2020-06-08 20:32:10 -07:00 |
Simon Willison
|
f5e79adf26
|
register_routes() plugin hook (#819)
Fixes #215
|
2020-06-08 20:12:06 -07:00 |
Simon Willison
|
d392dc1cfa
|
Fixed test_table_not_exists_json test
|
2020-06-08 19:28:25 -07:00 |
Simon Willison
|
647c5ff0f3
|
Fixed broken CSS on 404 page, closes #777
|
2020-06-08 17:35:23 -07:00 |
Simon Willison
|
49d6d2f7b0
|
allow_sql block to control execute-sql upermission in metadata.json, closes #813
Also removed the --config allow_sql:0 mechanism in favour of the new allow_sql block.
|
2020-06-08 17:05:44 -07:00 |
Simon Willison
|
e0a4664fba
|
Better example plugin for permission_allowed
Also fixed it so default permission checks run after plugin permission checks, refs #818
|
2020-06-08 15:09:57 -07:00 |
Simon Willison
|
8205d58316
|
Corrected documentation for resource in view-query
|
2020-06-08 13:10:40 -07:00 |
Simon Willison
|
5437085382
|
Documentation for allow blocks on more stuff, closes #811
|
2020-06-08 12:32:27 -07:00 |
Simon Willison
|
c7d145e016
|
Updated example for extra_template_vars hook, closes #816
|
2020-06-08 12:06:05 -07:00 |
Simon Willison
|
040fc0546f
|
Updated tests, refs #817
|
2020-06-08 12:02:56 -07:00 |
Simon Willison
|
799c5d5357
|
Renamed resource_identifier to resource, refs #817
|
2020-06-08 11:59:53 -07:00 |
Simon Willison
|
c9f1ec616e
|
Removed resource_type from permissions system, closes #817
Refs #811, #699
|
2020-06-08 11:51:03 -07:00 |
Simon Willison
|
5598c5de01
|
Database list on index page respects table/view permissions, refs #811
|
2020-06-08 11:34:14 -07:00 |
Simon Willison
|
dcec89270a
|
View list respects view-table permission, refs #811
Also makes a small change to the /fixtures.json JSON:
"views": ["view_name"]
Is now:
"views": [{"name": "view_name", "private": true}]
|
2020-06-08 11:20:59 -07:00 |
Simon Willison
|
9ac27f67fe
|
Show padlock on private query page, refs #811
|
2020-06-08 11:13:32 -07:00 |
Simon Willison
|
aa420009c0
|
Show padlock on private table page, refs #811
|
2020-06-08 11:07:11 -07:00 |
Simon Willison
|
dfff34e198
|
Applied black, refs #811
|
2020-06-08 11:03:33 -07:00 |
Simon Willison
|
ab14b20b24
|
Get tests working again
|
2020-06-08 10:16:24 -07:00 |
Simon Willison
|
177059284d
|
New request.actor property, refs #811
|
2020-06-08 10:05:32 -07:00 |
Simon Willison
|
2a8b39800f
|
Updated tests, refs #811
|
2020-06-08 07:50:06 -07:00 |
Simon Willison
|
3ce7f2e7da
|
Show padlock on private database page, refs #811
|
2020-06-08 07:23:10 -07:00 |
Simon Willison
|
1cf86e5ecc
|
Show padlock on private index page, refs #811
|
2020-06-08 07:18:47 -07:00 |
Simon Willison
|
cc218fa9be
|
Move assert_permissions_checked() calls from test_html.py to test_permissions.py, refs #811
|
2020-06-08 07:02:31 -07:00 |
Simon Willison
|
e18f8c3f87
|
New check_visibility() utility function, refs #811
|
2020-06-08 06:49:55 -07:00 |
Simon Willison
|
9397d71834
|
Implemented view-table, refs #811
|
2020-06-07 21:47:22 -07:00 |
Simon Willison
|
b26292a458
|
Test that view-query is respected by query list, refs #811
|
2020-06-07 20:56:49 -07:00 |
Simon Willison
|
9b42e1a4f5
|
view-database permission
Also now using 🔒 to indicate private resources - resources that
would not be available to the anonymous user. Refs #811
|
2020-06-07 20:50:37 -07:00 |