datasette

Wykres commitów

Autor	SHA1	Wiadomość	Data
Simon Willison	72ae975156	Added test for async startup hook, refs #834	2020-06-13 10:58:32 -07:00
Simon Willison	09a3479a54	New "startup" plugin hook, closes #834	2020-06-13 10:55:41 -07:00
Simon Willison	308bcc8805	Fixed test_permissions_debug	2020-06-11 17:25:12 -07:00
Simon Willison	fba8ff6e76	"$env": "X" mechanism now works with nested lists, closes #837	2020-06-11 17:21:48 -07:00
Simon Willison	f39f111331	Fixed actor_matches_allow bug, closes #836	2020-06-11 15:47:19 -07:00
Simon Willison	29c5ff493a	view-instance permission for debug URLs, closes #833	2020-06-11 15:14:51 -07:00
Simon Willison	98632f0a87	--secret command for datasette publish Closes #787	2020-06-11 09:02:03 -07:00
Simon Willison	198545733b	Document that "allow": {} denies all https://github.com/simonw/datasette/issues/831#issuecomment-642324847	2020-06-10 16:56:53 -07:00
Simon Willison	57e812d5de	ds_author cookie can now expire, closes #829 Refs https://github.com/simonw/datasette-auth-github/issues/62#issuecomment-642152076	2020-06-10 12:39:54 -07:00
Simon Willison	008e2f63c2	response.set_cookie(), closes #795	2020-06-09 15:19:37 -07:00
Simon Willison	f240970b83	Fixed tests/fixtures.py, closes #804	2020-06-09 12:58:12 -07:00
Simon Willison	5ef3b7b0c9	Applied Black Refs #825	2020-06-09 12:25:48 -07:00
Simon Willison	7633b9ab24	unauthenticated: true method plus allow block docs, closes #825	2020-06-09 10:01:03 -07:00
Simon Willison	eb3ec279be	Test for anonymous: true, refs #825	2020-06-08 23:33:06 -07:00
Simon Willison	fac8e93815	request.url_vars property, closes #822	2020-06-08 20:40:00 -07:00
Simon Willison	db660db463	Docs + unit tests for Response, closes #821	2020-06-08 20:32:10 -07:00
Simon Willison	f5e79adf26	register_routes() plugin hook (#819 ) Fixes #215	2020-06-08 20:12:06 -07:00
Simon Willison	647c5ff0f3	Fixed broken CSS on 404 page, closes #777	2020-06-08 17:35:23 -07:00
Simon Willison	49d6d2f7b0	allow_sql block to control execute-sql upermission in metadata.json, closes #813 Also removed the --config allow_sql:0 mechanism in favour of the new allow_sql block.	2020-06-08 17:05:44 -07:00
Simon Willison	040fc0546f	Updated tests, refs #817	2020-06-08 12:02:56 -07:00
Simon Willison	799c5d5357	Renamed resource_identifier to resource, refs #817	2020-06-08 11:59:53 -07:00
Simon Willison	c9f1ec616e	Removed resource_type from permissions system, closes #817 Refs #811, #699	2020-06-08 11:51:03 -07:00
Simon Willison	5598c5de01	Database list on index page respects table/view permissions, refs #811	2020-06-08 11:34:14 -07:00
Simon Willison	dcec89270a	View list respects view-table permission, refs #811 Also makes a small change to the /fixtures.json JSON: "views": ["view_name"] Is now: "views": [{"name": "view_name", "private": true}]	2020-06-08 11:20:59 -07:00
Simon Willison	9ac27f67fe	Show padlock on private query page, refs #811	2020-06-08 11:13:32 -07:00
Simon Willison	aa420009c0	Show padlock on private table page, refs #811	2020-06-08 11:07:11 -07:00
Simon Willison	2a8b39800f	Updated tests, refs #811	2020-06-08 07:50:06 -07:00
Simon Willison	3ce7f2e7da	Show padlock on private database page, refs #811	2020-06-08 07:23:10 -07:00
Simon Willison	1cf86e5ecc	Show padlock on private index page, refs #811	2020-06-08 07:18:47 -07:00
Simon Willison	cc218fa9be	Move assert_permissions_checked() calls from test_html.py to test_permissions.py, refs #811	2020-06-08 07:02:31 -07:00
Simon Willison	9397d71834	Implemented view-table, refs #811	2020-06-07 21:47:22 -07:00
Simon Willison	b26292a458	Test that view-query is respected by query list, refs #811	2020-06-07 20:56:49 -07:00
Simon Willison	9b42e1a4f5	view-database permission Also now using 🔒 to indicate private resources - resources that would not be available to the anonymous user. Refs #811	2020-06-07 20:50:37 -07:00
Simon Willison	613fa551a1	Removed view-row permission, for the moment - refs #811 https://github.com/simonw/datasette/issues/811#issuecomment-640338347	2020-06-07 20:14:27 -07:00
Simon Willison	cd92e4fe2a	Fixed test name, this executes view-query, not execute-sql - refs #811	2020-06-07 14:33:56 -07:00
Simon Willison	8571ce388a	Implemented view-instance permission, refs #811	2020-06-07 14:30:39 -07:00
Simon Willison	ece0ba6f4b	Test + default impl for view-query permission, refs #811	2020-06-07 14:23:16 -07:00
Simon Willison	abc7339124	Nicer pattern for make_app_client() in tests, closes #395	2020-06-07 14:14:10 -07:00
Simon Willison	a1e801453a	Renamed execute-query permission to execute-sql, refs #811	2020-06-07 13:20:59 -07:00
Simon Willison	4340845754	Nested permission checks for all views, refs #811	2020-06-07 13:03:08 -07:00
Simon Willison	86dec9e8ff	Added permission check to every view, closes #808	2020-06-06 22:30:36 -07:00
Simon Willison	3359d54a4e	Use cookies when accessing csrftoken_from	2020-06-06 12:33:08 -07:00
Simon Willison	966eec7f75	Check permissions on canned query page, refs #800	2020-06-06 12:27:00 -07:00
Simon Willison	070838bfa1	Better test for Vary header	2020-06-06 12:26:19 -07:00
Simon Willison	3f83d4632a	Respect query permissions on database page, refs #800	2020-06-06 12:05:22 -07:00
Simon Willison	14f6b4d200	actor_matches_allow utility function, refs #800	2020-06-06 11:39:11 -07:00
Simon Willison	75c143a84c	Fixed /-/plugins?all=1, refs #802	2020-06-05 16:55:08 -07:00
Simon Willison	f786033a5f	Fixed 'datasette plugins' command, with tests - closes #802	2020-06-05 16:46:37 -07:00
Simon Willison	033a1bb22c	Removed rogue print() from test	2020-06-05 12:06:43 -07:00
Simon Willison	84a9c4ff75	CSRF protection (#798 ) Closes #793. * Rename RequestParameters to MultiParams, refs #799 * Allow tuples as well as lists in MultiParams, refs #799 * Use csrftokens when running tests, refs #799 * Use new csrftoken() function, refs https://github.com/simonw/asgi-csrf/issues/7 * Check for Vary: Cookie hedaer, refs https://github.com/simonw/asgi-csrf/issues/8	2020-06-05 12:05:57 -07:00

1 2 3 4 5 ...

415 Commity (ae99af25361c9248c721153922c623bd5f440159)