Simon Willison
|
ece0ba6f4b
|
Test + default impl for view-query permission, refs #811
|
2020-06-07 14:23:16 -07:00 |
Simon Willison
|
abc7339124
|
Nicer pattern for make_app_client() in tests, closes #395
|
2020-06-07 14:14:10 -07:00 |
Simon Willison
|
5ed2853cf3
|
Fix permissions documenation test
|
2020-06-07 14:01:22 -07:00 |
Simon Willison
|
a1e801453a
|
Renamed execute-query permission to execute-sql, refs #811
|
2020-06-07 13:20:59 -07:00 |
Simon Willison
|
4340845754
|
Nested permission checks for all views, refs #811
|
2020-06-07 13:03:08 -07:00 |
Simon Willison
|
86dec9e8ff
|
Added permission check to every view, closes #808
|
2020-06-06 22:30:36 -07:00 |
Simon Willison
|
bd4de0647d
|
Improved permissions documentation
|
2020-06-06 19:09:59 -07:00 |
Simon Willison
|
7dc23cd71a
|
Whitespace
|
2020-06-06 13:05:09 -07:00 |
Simon Willison
|
f1daf64e72
|
Link to canned query permissions documentation
|
2020-06-06 12:46:40 -07:00 |
Simon Willison
|
415ccd7cbd
|
Merge pull request #803 from simonw/canned-query-permissions
|
2020-06-06 12:40:19 -07:00 |
Simon Willison
|
3359d54a4e
|
Use cookies when accessing csrftoken_from
|
2020-06-06 12:33:08 -07:00 |
Simon Willison
|
966eec7f75
|
Check permissions on canned query page, refs #800
|
2020-06-06 12:27:00 -07:00 |
Simon Willison
|
070838bfa1
|
Better test for Vary header
|
2020-06-06 12:26:19 -07:00 |
Simon Willison
|
3f83d4632a
|
Respect query permissions on database page, refs #800
|
2020-06-06 12:05:22 -07:00 |
Simon Willison
|
14f6b4d200
|
actor_matches_allow utility function, refs #800
|
2020-06-06 11:39:11 -07:00 |
Simon Willison
|
d4c7b85f55
|
Documentation for "id": "*", refs #800
|
2020-06-06 11:23:54 -07:00 |
Simon Willison
|
30a8132d58
|
Docs for authentication + canned query permissions, refs #800
Closes #786
|
2020-06-06 11:18:46 -07:00 |
Simon Willison
|
9c563d6aed
|
Bump asgi-csrf to 0.5.1 for a bug fix
Refs https://github.com/simonw/asgi-csrf/issues/10
|
2020-06-05 17:15:52 -07:00 |
Simon Willison
|
75c143a84c
|
Fixed /-/plugins?all=1, refs #802
|
2020-06-05 16:55:08 -07:00 |
Simon Willison
|
f786033a5f
|
Fixed 'datasette plugins' command, with tests - closes #802
|
2020-06-05 16:46:37 -07:00 |
Simon Willison
|
033a1bb22c
|
Removed rogue print() from test
|
2020-06-05 12:06:43 -07:00 |
Simon Willison
|
84a9c4ff75
|
CSRF protection (#798)
Closes #793.
* Rename RequestParameters to MultiParams, refs #799
* Allow tuples as well as lists in MultiParams, refs #799
* Use csrftokens when running tests, refs #799
* Use new csrftoken() function, refs https://github.com/simonw/asgi-csrf/issues/7
* Check for Vary: Cookie hedaer, refs https://github.com/simonw/asgi-csrf/issues/8
|
2020-06-05 12:05:57 -07:00 |
Simon Willison
|
d96ac1d52c
|
Allow tuples as well as lists in MultiParams, refs #799
|
2020-06-05 11:01:06 -07:00 |
Simon Willison
|
0da7f49b24
|
Rename RequestParameters to MultiParams, refs #799
|
2020-06-05 10:52:50 -07:00 |
Simon Willison
|
0c064c5fe2
|
More things you can do with plugins
|
2020-06-04 20:10:40 -07:00 |
Simon Willison
|
2074efa5a4
|
Another actor_from_request example
|
2020-06-04 18:38:32 -07:00 |
Simon Willison
|
8524866fdf
|
Link to authentication docs
|
2020-06-04 16:58:19 -07:00 |
Simon Willison
|
9cb44be42f
|
Docs and tests for "params", closes #797
|
2020-06-03 14:04:40 -07:00 |
Simon Willison
|
aa82d03704
|
Basic writable canned queries
Refs #698. First working version of this feature.
* request.post_vars() no longer discards empty values
|
2020-06-03 08:16:50 -07:00 |
Simon Willison
|
0934844c0b
|
request.post_vars() no longer discards empty values
|
2020-06-03 06:48:39 -07:00 |
Simon Willison
|
9690ce6068
|
More efficient modifiation of scope
|
2020-06-02 17:05:33 -07:00 |
Simon Willison
|
3c5e4f266d
|
Added messages to pattern portfolio, refs #790
|
2020-06-02 15:34:50 -07:00 |
Simon Willison
|
a7137dfe06
|
/-/plugins now shows details of hooks, closes #794
Also added /-/plugins?all=1 parameter to see default plugins.
|
2020-06-02 14:49:28 -07:00 |
Simon Willison
|
5278c04682
|
More consistent use of response.text/response.json in tests, closes #792
|
2020-06-02 14:29:12 -07:00 |
Simon Willison
|
4fa7cf6853
|
Flash messages mechanism, closes #790
|
2020-06-02 14:12:18 -07:00 |
Simon Willison
|
1d0bea157a
|
New request.cookies property
|
2020-06-02 14:11:41 -07:00 |
Simon Willison
|
b4cd8797b8
|
permission_checks is now _permission_checks
|
2020-06-02 14:11:32 -07:00 |
Simon Willison
|
dfdbdf378a
|
Added /-/permissions debug tool, closes #788
Also started the authentication.rst docs page, refs #786.
Part of authentication work, refs #699.
|
2020-05-31 22:00:36 -07:00 |
Simon Willison
|
57cf5139c5
|
Default actor_from_request hook supporting ds_actor signed cookie
Refs #784, refs #699
|
2020-05-31 18:16:42 -07:00 |
Simon Willison
|
9f3d4aba31
|
--root option and /-/auth-token view, refs #784
|
2020-05-31 18:16:42 -07:00 |
Simon Willison
|
7690d5ba40
|
Docs for --secret/DATASETTE_SECRET - closes #785
|
2020-05-31 18:16:42 -07:00 |
Simon Willison
|
fa27e44fe0
|
datasette.sign() and datasette.unsign() methods, refs #785
|
2020-05-31 18:16:42 -07:00 |
Simon Willison
|
1fc6ceefb9
|
Added /-/actor.json - refs #699
Also added JSON highlighting to introspection documentation.
|
2020-05-31 18:16:42 -07:00 |
Simon Willison
|
9315bacf6f
|
Implemented datasette.permission_allowed(), refs #699
|
2020-05-31 18:16:42 -07:00 |
Simon Willison
|
461c82838d
|
Implemented actor_from_request with tests, refs #699
Also added datasette argument to permission_allowed hook
|
2020-05-31 18:16:42 -07:00 |
Simon Willison
|
060a56735c
|
actor_from_request and permission_allowed hookspecs, refs #699
|
2020-05-31 18:16:42 -07:00 |
Simon Willison
|
c4fbe50676
|
Documentation for Database introspection methods, closes #684
Refs #576
|
2020-05-30 11:40:30 -07:00 |
Simon Willison
|
124acf34a6
|
Removed db.get_outbound_foreign_keys method
It duplicated the functionality of db.foreign_keys_for_table.
|
2020-05-30 11:39:46 -07:00 |
Simon Willison
|
4d798ca0e3
|
Added test for db.mtime_ns
|
2020-05-30 11:17:20 -07:00 |
Simon Willison
|
3c5afaeb23
|
Re-arranged internals documentation
Request is more useful to most people than Database.
|
2020-05-30 11:06:13 -07:00 |