mirror
/
datasette
kopia lustrzana https://github.com/simonw/datasette
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność
1 147 Commity
131 Gałęzie
149 Tagi
75 MiB
Wykres commitów

1147 Commity (80c18a18fc444b89cc12b73599d56e091f3a3c87)

Autor SHA1 Wiadomość Data
Simon Willison 799c5d5357 Renamed resource_identifier to resource, refs #817 2020-06-08 11:59:53 -07:00
Simon Willison c9f1ec616e Removed resource_type from permissions system, closes #817 
Refs #811, #699
 2020-06-08 11:51:03 -07:00
Simon Willison 5598c5de01 Database list on index page respects table/view permissions, refs #811 2020-06-08 11:34:14 -07:00
Simon Willison dcec89270a View list respects view-table permission, refs #811 
Also makes a small change to the /fixtures.json JSON:

    "views": ["view_name"]

Is now:

    "views": [{"name": "view_name", "private": true}]
 2020-06-08 11:20:59 -07:00
Simon Willison 9ac27f67fe Show padlock on private query page, refs #811 2020-06-08 11:13:32 -07:00
Simon Willison aa420009c0 Show padlock on private table page, refs #811 2020-06-08 11:07:11 -07:00
Simon Willison dfff34e198 Applied black, refs #811 2020-06-08 11:03:33 -07:00
Simon Willison ab14b20b24 Get tests working again 2020-06-08 10:16:24 -07:00
Simon Willison 177059284d New request.actor property, refs #811 2020-06-08 10:05:32 -07:00
Simon Willison 2a8b39800f Updated tests, refs #811 2020-06-08 07:50:06 -07:00
Simon Willison 3ce7f2e7da Show padlock on private database page, refs #811 2020-06-08 07:23:10 -07:00
Simon Willison 1cf86e5ecc Show padlock on private index page, refs #811 2020-06-08 07:18:47 -07:00
Simon Willison cc218fa9be Move assert_permissions_checked() calls from test_html.py to test_permissions.py, refs #811 2020-06-08 07:02:31 -07:00
Simon Willison e18f8c3f87 New check_visibility() utility function, refs #811 2020-06-08 06:49:55 -07:00
Simon Willison 9397d71834 Implemented view-table, refs #811 2020-06-07 21:47:22 -07:00
Simon Willison b26292a458 Test that view-query is respected by query list, refs #811 2020-06-07 20:56:49 -07:00
Simon Willison 9b42e1a4f5 view-database permission 
Also now using 🔒 to indicate private resources - resources that
would not be available to the anonymous user. Refs #811
 2020-06-07 20:50:37 -07:00
Simon Willison 613fa551a1 Removed view-row permission, for the moment - refs #811 
https://github.com/simonw/datasette/issues/811#issuecomment-640338347
 2020-06-07 20:14:27 -07:00
Simon Willison cd92e4fe2a Fixed test name, this executes view-query, not execute-sql - refs #811 2020-06-07 14:33:56 -07:00
Simon Willison 8571ce388a Implemented view-instance permission, refs #811 2020-06-07 14:30:39 -07:00
Simon Willison ece0ba6f4b Test + default impl for view-query permission, refs #811 2020-06-07 14:23:16 -07:00
Simon Willison abc7339124 Nicer pattern for make_app_client() in tests, closes #395 2020-06-07 14:14:10 -07:00
Simon Willison 5ed2853cf3 Fix permissions documenation test 2020-06-07 14:01:22 -07:00
Simon Willison a1e801453a Renamed execute-query permission to execute-sql, refs #811 2020-06-07 13:20:59 -07:00
Simon Willison 4340845754 Nested permission checks for all views, refs #811 2020-06-07 13:03:08 -07:00
Simon Willison 86dec9e8ff Added permission check to every view, closes #808 2020-06-06 22:30:36 -07:00
Simon Willison bd4de0647d Improved permissions documentation 2020-06-06 19:09:59 -07:00
Simon Willison 7dc23cd71a Whitespace 2020-06-06 13:05:09 -07:00
Simon Willison f1daf64e72 Link to canned query permissions documentation 2020-06-06 12:46:40 -07:00
Simon Willison 415ccd7cbd
Merge pull request #803 from simonw/canned-query-permissions 2020-06-06 12:40:19 -07:00
Simon Willison 3359d54a4e Use cookies when accessing csrftoken_from 2020-06-06 12:33:08 -07:00
Simon Willison 966eec7f75 Check permissions on canned query page, refs #800 2020-06-06 12:27:00 -07:00
Simon Willison 070838bfa1 Better test for Vary header 2020-06-06 12:26:19 -07:00
Simon Willison 3f83d4632a Respect query permissions on database page, refs #800 2020-06-06 12:05:22 -07:00
Simon Willison 14f6b4d200 actor_matches_allow utility function, refs #800 2020-06-06 11:39:11 -07:00
Simon Willison d4c7b85f55 Documentation for "id": "*", refs #800 2020-06-06 11:23:54 -07:00
Simon Willison 30a8132d58 Docs for authentication + canned query permissions, refs #800 
Closes #786
 2020-06-06 11:18:46 -07:00
Simon Willison 9c563d6aed Bump asgi-csrf to 0.5.1 for a bug fix 
Refs https://github.com/simonw/asgi-csrf/issues/10
 2020-06-05 17:15:52 -07:00
Simon Willison 75c143a84c Fixed /-/plugins?all=1, refs #802 2020-06-05 16:55:08 -07:00
Simon Willison f786033a5f Fixed 'datasette plugins' command, with tests - closes #802 2020-06-05 16:46:37 -07:00
Simon Willison 033a1bb22c Removed rogue print() from test 2020-06-05 12:06:43 -07:00
Simon Willison 84a9c4ff75
CSRF protection (#798) 
Closes #793.

* Rename RequestParameters to MultiParams, refs #799
* Allow tuples as well as lists in MultiParams, refs #799
* Use csrftokens when running tests, refs #799
* Use new csrftoken() function, refs https://github.com/simonw/asgi-csrf/issues/7
* Check for Vary: Cookie hedaer, refs https://github.com/simonw/asgi-csrf/issues/8
 2020-06-05 12:05:57 -07:00
Simon Willison d96ac1d52c Allow tuples as well as lists in MultiParams, refs #799 2020-06-05 11:01:06 -07:00
Simon Willison 0da7f49b24 Rename RequestParameters to MultiParams, refs #799 2020-06-05 10:52:50 -07:00
Simon Willison 0c064c5fe2 More things you can do with plugins 2020-06-04 20:10:40 -07:00
Simon Willison 2074efa5a4 Another actor_from_request example 2020-06-04 18:38:32 -07:00
Simon Willison 8524866fdf Link to authentication docs 2020-06-04 16:58:19 -07:00
Simon Willison 9cb44be42f Docs and tests for "params", closes #797 2020-06-03 14:04:40 -07:00
Simon Willison aa82d03704
Basic writable canned queries 
Refs #698. First working version of this feature.

* request.post_vars() no longer discards empty values
 2020-06-03 08:16:50 -07:00
Simon Willison 0934844c0b request.post_vars() no longer discards empty values 2020-06-03 06:48:39 -07:00