Simon Willison
900d15bcb8
alter table support for /db/-/create API, refs #2101
2024-02-08 13:36:17 -08:00
Alex Garcia
35deaabcb1
Move non-metadata configuration from metadata.yaml to datasette.yaml
...
* Allow and permission blocks moved to datasette.yaml
* Documentation updates, initial framework for configuration reference
2023-10-12 09:16:37 -07:00
Simon Willison
98ffad9aed
execute-sql now implies can view instance/database, closes #2169
2023-08-31 15:46:26 -07:00
Simon Willison
50da908213
Cascade for restricted token view-table/view-database/view-instance operations ( #2154 )
...
Closes #2102
* Permission is now a dataclass, not a namedtuple - refs https://github.com/simonw/datasette/pull/2154/#discussion_r1308087800
* datasette.get_permission() method
2023-08-29 09:32:34 -07:00
Alex Garcia
92b8bf38c0
Add new `--internal internal.db` option, deprecate legacy `_internal` database
...
Refs:
- #2157
---------
Co-authored-by: Simon Willison <swillison@gmail.com>
2023-08-28 20:24:23 -07:00
Simon Willison
c41278b46f
default_allow_sql setting, closes #1409
...
Refs #1410
2023-01-04 16:51:26 -08:00
Simon Willison
e238df3959
Handle non-initials in permission_allowed_actor_restrictions, closes #1956
2022-12-14 12:04:23 -08:00
Simon Willison
34ad574bac
Don't hard-code permissions in permission_allowed_actor_restrictions, refs #1855
2022-12-12 21:14:40 -08:00
Simon Willison
e95b490d88
Move create-token command into cli.py, refs #1855
2022-12-12 20:18:42 -08:00
Simon Willison
9cc1a7c4c8
create-token command can now create restricted tokens, refs #1855
2022-12-12 20:15:56 -08:00
Simon Willison
3e6a208ba3
Rename 't' to 'r' in '_r' actor format, refs #1855
2022-12-12 19:27:34 -08:00
Simon Willison
c5d30b58a1
Implemented metadata permissions: property, closes #1636
2022-12-12 18:40:45 -08:00
Simon Willison
8bf06a76b5
register_permissions() plugin hook ( #1940 )
...
* Docs for permissions: in metadata, refs #1636
* Refactor default_permissions.py to help with implementation of #1636
* register_permissions() plugin hook, closes #1939 - also refs #1938
* Tests for register_permissions() hook, refs #1939
* Documentation for datasette.permissions, refs #1939
* permission_allowed() falls back on Permission.default, refs #1939
* Raise StartupError on duplicate permissions
* Allow dupe permisisons if exact matches
2022-12-12 18:05:54 -08:00
Simon Willison
272982e8a6
/db/table/-/upsert API
...
Close #1878
Also made a few tweaks to how _r works in tokens and actors,
refs #1855 - I needed that mechanism for the tests.
2022-12-07 17:12:15 -08:00
Simon Willison
484bef0d3b
/db/table/pk/-/update endpoint, closes #1863
2022-11-29 10:06:19 -08:00
Simon Willison
187d91d686
/db/-/create API endpoint, closes #1882
2022-11-14 21:57:28 -08:00
Simon Willison
bcc781f4c5
Implementation and tests for _r field on actor, refs #1855
...
New mechanism for restricting permissions further for a given actor.
This still needs documentation. It will eventually be used by the mechanism to issue
signed API tokens that are only able to perform a subset of actions.
This also adds tests that exercise the POST /-/permissions tool, refs #1881
2022-11-03 17:12:23 -07:00
Simon Willison
00632ded30
Initial attempt at /db/table/row/-/delete, refs #1864
2022-10-30 16:16:00 -07:00
Simon Willison
2865d3956f
/db/table/-/drop API, closes #1874
2022-10-30 15:17:21 -07:00
Simon Willison
9eb9ffae3d
Drop API token requirement from API explorer, refs #1871
2022-10-30 13:09:55 -07:00
Simon Willison
51c436fed2
First draft of insert row write API, refs #1851
2022-10-26 20:57:02 -07:00
Simon Willison
382a871583
max_signed_tokens_ttl setting, closes #1858
...
Also redesigned token format to include creation time and optional duration.
2022-10-26 20:14:59 -07:00
Simon Willison
c7956eed77
datasette create-token command, refs #1859
2022-10-25 21:26:12 -07:00
Simon Willison
c23fa850e7
allow_signed_tokens setting, closes #1856
2022-10-25 19:55:47 -07:00
Simon Willison
0f013ff497
Mechanism to prevent tokens creating tokens, closes #1857
2022-10-25 19:43:55 -07:00
Simon Willison
b29e487bc3
actor_from_request for dstok_ tokens, refs #1852
2022-10-25 19:18:41 -07:00
Simon Willison
dcdfb2c301
Rename _schemas to _internal, closes #1156
2020-12-21 11:48:06 -08:00
Simon Willison
ebc7aa287c
In-memory _schemas database tracking schemas of attached tables, closes #1150
2020-12-18 14:34:05 -08:00
Simon Willison
222f79bb4c
debug-menu permission, closes #1068
...
Also added tests for navigation menu logic.
2020-10-30 08:41:57 -07:00
Simon Willison
ab76eddf31
Express no opinion if allow block is missing
...
Default permission policy was returning True by default for permission
checks - which means that if allow was not defined for a level it would
be treated as a passing check.
This is better: we now return None of the allow block is not defined,
which means 'I have no opinion on this' and allows other code to make
its own decisions.
Added while working on #832
2020-06-30 15:49:06 -07:00
Simon Willison
6c26345836
New plugin hook: canned_queries(), refs #852
2020-06-18 16:35:15 -07:00
Simon Willison
49d6d2f7b0
allow_sql block to control execute-sql upermission in metadata.json, closes #813
...
Also removed the --config allow_sql:0 mechanism in favour of the new allow_sql block.
2020-06-08 17:05:44 -07:00
Simon Willison
e0a4664fba
Better example plugin for permission_allowed
...
Also fixed it so default permission checks run after plugin permission checks, refs #818
2020-06-08 15:09:57 -07:00
Simon Willison
799c5d5357
Renamed resource_identifier to resource, refs #817
2020-06-08 11:59:53 -07:00
Simon Willison
c9f1ec616e
Removed resource_type from permissions system, closes #817
...
Refs #811 , #699
2020-06-08 11:51:03 -07:00
Simon Willison
9397d71834
Implemented view-table, refs #811
2020-06-07 21:47:22 -07:00
Simon Willison
9b42e1a4f5
view-database permission
...
Also now using 🔒 to indicate private resources - resources that
would not be available to the anonymous user. Refs #811
2020-06-07 20:50:37 -07:00
Simon Willison
8571ce388a
Implemented view-instance permission, refs #811
2020-06-07 14:30:39 -07:00
Simon Willison
ece0ba6f4b
Test + default impl for view-query permission, refs #811
2020-06-07 14:23:16 -07:00
Simon Willison
dfdbdf378a
Added /-/permissions debug tool, closes #788
...
Also started the authentication.rst docs page, refs #786 .
Part of authentication work, refs #699 .
2020-05-31 22:00:36 -07:00