mirror
/
datasette
kopia lustrzana https://github.com/simonw/datasette
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność
2 309 Commity
131 Gałęzie
148 Tagi
75 MiB
Wykres commitów

50 Commity (9c43b4164db4f60a0be912cfdb07ef8c58b36b22)

Autor SHA1 Wiadomość Data
Simon Willison 9c43b4164d Removed @pytest.mark.ds_client mark - refs #1959 
I don't need it - can run 'pytest -k ds_client' instead.

See https://github.com/simonw/datasette/pull/1960#issuecomment-1355685828
 2022-12-17 13:47:55 -08:00
Simon Willison e70974a4f1 Ran Black, refs #1959 2022-12-17 13:47:55 -08:00
Simon Willison be95359a80 ds_client for test_permissions.py, refs #1959 2022-12-17 13:47:55 -08:00
Simon Willison e238df3959 Handle non-initials in permission_allowed_actor_restrictions, closes #1956 2022-12-14 12:04:23 -08:00
Simon Willison a1a372f179 /-/actor no longer requires view-instance, refs #1945 2022-12-12 21:06:30 -08:00
Simon Willison 260fbb598e Fix some failing tests, refs #1855 2022-12-12 21:00:40 -08:00
Simon Willison 809fad2392 Tests for datasette create-token restrictions, refs #1855 2022-12-12 20:44:19 -08:00
Simon Willison c6a811237c /-/actor.json no longer requires view-instance, closes #1945 2022-12-12 20:11:51 -08:00
Simon Willison 3e6a208ba3 Rename 't' to 'r' in '_r' actor format, refs #1855 2022-12-12 19:27:34 -08:00
Simon Willison c5d30b58a1 Implemented metadata permissions: property, closes #1636 2022-12-12 18:40:45 -08:00
Simon Willison 8bf06a76b5
register_permissions() plugin hook (#1940) 
* Docs for permissions: in metadata, refs #1636
* Refactor default_permissions.py to help with implementation of #1636
* register_permissions() plugin hook, closes #1939 - also refs #1938
* Tests for register_permissions() hook, refs #1939
* Documentation for datasette.permissions, refs #1939
* permission_allowed() falls back on Permission.default, refs #1939
* Raise StartupError on duplicate permissions
* Allow dupe permisisons if exact matches
 2022-12-12 18:05:54 -08:00
Simon Willison 83a6872d1b Include views in SQL autocomplete, refs #1897 2022-11-17 18:53:48 -08:00
Simon Willison 98611b3da0 Include SQL schema for CodeMirror on query pages, closes #1897 
Refs #1893
 2022-11-17 17:24:44 -08:00
Simon Willison bcc781f4c5 Implementation and tests for _r field on actor, refs #1855 
New mechanism for restricting permissions further for a given actor.

This still needs documentation. It will eventually be used by the mechanism to issue
signed API tokens that are only able to perform a subset of actions.

This also adds tests that exercise the POST /-/permissions tool, refs #1881
 2022-11-03 17:12:23 -07:00
Simon Willison 5be86d48b2 Fix display of padlocks on database page, closes #1848 2022-10-23 19:42:30 -07:00
Simon Willison 78dad236df
check_visibility can now take multiple permissions into account 
Closes #1829
 2022-10-23 19:11:33 -07:00
Simon Willison 1a5e5f2aa9 Refactor breadcrumbs to respect permissions, refs #1831 2022-10-13 14:42:52 -07:00
Simon Willison c09c53f345 New handle_exception plugin hook, refs #1770 
Also refs:
- https://github.com/simonw/datasette-sentry/issues/1
- https://github.com/simonw/datasette-show-errors/issues/2
 2022-07-17 16:24:39 -07:00
Simon Willison 194e4f6c3f Removed check_permission() from BaseView, closes #1677 
Refs #1660
 2022-03-21 11:41:56 -07:00
Brandon Roberts baf986c871
New get_metadata() plugin hook for dynamic metadata 
The following hook is added:

    get_metadata(
      datasette=self, key=key, database=database, table=table,
      fallback=fallback
    )

This gets called when we're building our metdata for the rest
of the system to use. We merge whatever the plugins return
with any local metadata (from metadata.yml/yaml/json) allowing
for a live-editable dynamic Datasette.

As a security precation, local meta is *not* overwritable by
plugin hooks. The workflow for transitioning to live-meta would
be to load the plugin with the full metadata.yaml and save.
Then remove the parts of the metadata that you want to be able
to change from the file.

* Avoid race condition: don't mutate databases list

This avoids the nasty "RuntimeError: OrderedDict mutated during
iteration" error that randomly happens when a plugin adds a
new database to Datasette, using `add_database`. This change
makes the add and remove database functions more expensive, but
it prevents the random explosion race conditions that make for
confusing user experience when importing live databases.

Thanks, @brandonrobertz
 2021-06-26 15:24:54 -07:00
Miroslav Šedivý a882d67962
Modernize code to Python 3.6+ (#1158) 
* Compact dict and set building
* Remove redundant parentheses
* Simplify chained conditions
* Change method name to lowercase
* Use triple double quotes for docstrings

Thanks, @eumiro!
 2020-12-23 09:04:32 -08:00
Simon Willison 2a3d5b720b Redirect /-/config to /-/settings, closes #1103 2020-11-24 12:19:14 -08:00
Simon Willison 222f79bb4c debug-menu permission, closes #1068 
Also added tests for navigation menu logic.
 2020-10-30 08:41:57 -07:00
Simon Willison 78b3eeaad9
.blob output renderer 
* _blob_hash= checking plus refactored to use new BadRequest class, refs #1050
* Replace BlobView with new .blob renderer, closes #1050
* .blob downloads on arbitrary queries, closes #1051
 2020-10-29 15:01:38 -07:00
Simon Willison 7d9fedc176 Cascading permissions for .db download, closes #1058 2020-10-27 20:15:41 -07:00
Simon Willison 5a15197960
/db/table/-/blob/pk/column.blob download URL, refs #1036 2020-10-24 16:09:18 -07:00
Simon Willison a648bb82ba Upgrade to Black 20.8b1, closes #958 2020-09-02 15:24:55 -07:00
Simon Willison 12c0bc09cc /-/allow-debug tool, closes #908 2020-07-24 15:55:10 -07:00
Simon Willison 57879dc8b3 Better titles for canned query pages, closes #887 2020-07-01 17:23:37 -07:00
Simon Willison d6e03b0430 Cascading view permissions, closes #832 
- If you have table permission but not database permission you can now view the table page
- New BaseView.check_permissions() method
 2020-06-30 16:40:50 -07:00
Simon Willison 308bcc8805 Fixed test_permissions_debug 2020-06-11 17:25:12 -07:00
Simon Willison 29c5ff493a view-instance permission for debug URLs, closes #833 2020-06-11 15:14:51 -07:00
Simon Willison 57e812d5de ds_author cookie can now expire, closes #829 
Refs https://github.com/simonw/datasette-auth-github/issues/62#issuecomment-642152076
 2020-06-10 12:39:54 -07:00
Simon Willison 5ef3b7b0c9 Applied Black 
Refs #825
 2020-06-09 12:25:48 -07:00
Simon Willison 7633b9ab24 unauthenticated: true method plus allow block docs, closes #825 2020-06-09 10:01:03 -07:00
Simon Willison 49d6d2f7b0 allow_sql block to control execute-sql upermission in metadata.json, closes #813 
Also removed the --config allow_sql:0 mechanism in favour of the new allow_sql block.
 2020-06-08 17:05:44 -07:00
Simon Willison 040fc0546f Updated tests, refs #817 2020-06-08 12:02:56 -07:00
Simon Willison 5598c5de01 Database list on index page respects table/view permissions, refs #811 2020-06-08 11:34:14 -07:00
Simon Willison dcec89270a View list respects view-table permission, refs #811 
Also makes a small change to the /fixtures.json JSON:

    "views": ["view_name"]

Is now:

    "views": [{"name": "view_name", "private": true}]
 2020-06-08 11:20:59 -07:00
Simon Willison 9ac27f67fe Show padlock on private query page, refs #811 2020-06-08 11:13:32 -07:00
Simon Willison aa420009c0 Show padlock on private table page, refs #811 2020-06-08 11:07:11 -07:00
Simon Willison 3ce7f2e7da Show padlock on private database page, refs #811 2020-06-08 07:23:10 -07:00
Simon Willison 1cf86e5ecc Show padlock on private index page, refs #811 2020-06-08 07:18:47 -07:00
Simon Willison cc218fa9be Move assert_permissions_checked() calls from test_html.py to test_permissions.py, refs #811 2020-06-08 07:02:31 -07:00
Simon Willison 9397d71834 Implemented view-table, refs #811 2020-06-07 21:47:22 -07:00
Simon Willison b26292a458 Test that view-query is respected by query list, refs #811 2020-06-07 20:56:49 -07:00
Simon Willison 9b42e1a4f5 view-database permission 
Also now using 🔒 to indicate private resources - resources that
would not be available to the anonymous user. Refs #811
 2020-06-07 20:50:37 -07:00
Simon Willison cd92e4fe2a Fixed test name, this executes view-query, not execute-sql - refs #811 2020-06-07 14:33:56 -07:00
Simon Willison 8571ce388a Implemented view-instance permission, refs #811 2020-06-07 14:30:39 -07:00
Simon Willison ece0ba6f4b Test + default impl for view-query permission, refs #811 2020-06-07 14:23:16 -07:00