Simon Willison
|
72ae975156
|
Added test for async startup hook, refs #834
|
2020-06-13 10:58:32 -07:00 |
Simon Willison
|
09a3479a54
|
New "startup" plugin hook, closes #834
|
2020-06-13 10:55:41 -07:00 |
Simon Willison
|
308bcc8805
|
Fixed test_permissions_debug
|
2020-06-11 17:25:12 -07:00 |
Simon Willison
|
fba8ff6e76
|
"$env": "X" mechanism now works with nested lists, closes #837
|
2020-06-11 17:21:48 -07:00 |
Simon Willison
|
f39f111331
|
Fixed actor_matches_allow bug, closes #836
|
2020-06-11 15:47:19 -07:00 |
Simon Willison
|
29c5ff493a
|
view-instance permission for debug URLs, closes #833
|
2020-06-11 15:14:51 -07:00 |
Simon Willison
|
98632f0a87
|
--secret command for datasette publish
Closes #787
|
2020-06-11 09:02:03 -07:00 |
Simon Willison
|
198545733b
|
Document that "allow": {} denies all
https://github.com/simonw/datasette/issues/831#issuecomment-642324847
|
2020-06-10 16:56:53 -07:00 |
Simon Willison
|
57e812d5de
|
ds_author cookie can now expire, closes #829
Refs https://github.com/simonw/datasette-auth-github/issues/62#issuecomment-642152076
|
2020-06-10 12:39:54 -07:00 |
Simon Willison
|
008e2f63c2
|
response.set_cookie(), closes #795
|
2020-06-09 15:19:37 -07:00 |
Simon Willison
|
f240970b83
|
Fixed tests/fixtures.py, closes #804
|
2020-06-09 12:58:12 -07:00 |
Simon Willison
|
5ef3b7b0c9
|
Applied Black
Refs #825
|
2020-06-09 12:25:48 -07:00 |
Simon Willison
|
7633b9ab24
|
unauthenticated: true method plus allow block docs, closes #825
|
2020-06-09 10:01:03 -07:00 |
Simon Willison
|
eb3ec279be
|
Test for anonymous: true, refs #825
|
2020-06-08 23:33:06 -07:00 |
Simon Willison
|
fac8e93815
|
request.url_vars property, closes #822
|
2020-06-08 20:40:00 -07:00 |
Simon Willison
|
db660db463
|
Docs + unit tests for Response, closes #821
|
2020-06-08 20:32:10 -07:00 |
Simon Willison
|
f5e79adf26
|
register_routes() plugin hook (#819)
Fixes #215
|
2020-06-08 20:12:06 -07:00 |
Simon Willison
|
647c5ff0f3
|
Fixed broken CSS on 404 page, closes #777
|
2020-06-08 17:35:23 -07:00 |
Simon Willison
|
49d6d2f7b0
|
allow_sql block to control execute-sql upermission in metadata.json, closes #813
Also removed the --config allow_sql:0 mechanism in favour of the new allow_sql block.
|
2020-06-08 17:05:44 -07:00 |
Simon Willison
|
040fc0546f
|
Updated tests, refs #817
|
2020-06-08 12:02:56 -07:00 |
Simon Willison
|
799c5d5357
|
Renamed resource_identifier to resource, refs #817
|
2020-06-08 11:59:53 -07:00 |
Simon Willison
|
c9f1ec616e
|
Removed resource_type from permissions system, closes #817
Refs #811, #699
|
2020-06-08 11:51:03 -07:00 |
Simon Willison
|
5598c5de01
|
Database list on index page respects table/view permissions, refs #811
|
2020-06-08 11:34:14 -07:00 |
Simon Willison
|
dcec89270a
|
View list respects view-table permission, refs #811
Also makes a small change to the /fixtures.json JSON:
"views": ["view_name"]
Is now:
"views": [{"name": "view_name", "private": true}]
|
2020-06-08 11:20:59 -07:00 |
Simon Willison
|
9ac27f67fe
|
Show padlock on private query page, refs #811
|
2020-06-08 11:13:32 -07:00 |
Simon Willison
|
aa420009c0
|
Show padlock on private table page, refs #811
|
2020-06-08 11:07:11 -07:00 |
Simon Willison
|
2a8b39800f
|
Updated tests, refs #811
|
2020-06-08 07:50:06 -07:00 |
Simon Willison
|
3ce7f2e7da
|
Show padlock on private database page, refs #811
|
2020-06-08 07:23:10 -07:00 |
Simon Willison
|
1cf86e5ecc
|
Show padlock on private index page, refs #811
|
2020-06-08 07:18:47 -07:00 |
Simon Willison
|
cc218fa9be
|
Move assert_permissions_checked() calls from test_html.py to test_permissions.py, refs #811
|
2020-06-08 07:02:31 -07:00 |
Simon Willison
|
9397d71834
|
Implemented view-table, refs #811
|
2020-06-07 21:47:22 -07:00 |
Simon Willison
|
b26292a458
|
Test that view-query is respected by query list, refs #811
|
2020-06-07 20:56:49 -07:00 |
Simon Willison
|
9b42e1a4f5
|
view-database permission
Also now using 🔒 to indicate private resources - resources that
would not be available to the anonymous user. Refs #811
|
2020-06-07 20:50:37 -07:00 |
Simon Willison
|
613fa551a1
|
Removed view-row permission, for the moment - refs #811
https://github.com/simonw/datasette/issues/811#issuecomment-640338347
|
2020-06-07 20:14:27 -07:00 |
Simon Willison
|
cd92e4fe2a
|
Fixed test name, this executes view-query, not execute-sql - refs #811
|
2020-06-07 14:33:56 -07:00 |
Simon Willison
|
8571ce388a
|
Implemented view-instance permission, refs #811
|
2020-06-07 14:30:39 -07:00 |
Simon Willison
|
ece0ba6f4b
|
Test + default impl for view-query permission, refs #811
|
2020-06-07 14:23:16 -07:00 |
Simon Willison
|
abc7339124
|
Nicer pattern for make_app_client() in tests, closes #395
|
2020-06-07 14:14:10 -07:00 |
Simon Willison
|
a1e801453a
|
Renamed execute-query permission to execute-sql, refs #811
|
2020-06-07 13:20:59 -07:00 |
Simon Willison
|
4340845754
|
Nested permission checks for all views, refs #811
|
2020-06-07 13:03:08 -07:00 |
Simon Willison
|
86dec9e8ff
|
Added permission check to every view, closes #808
|
2020-06-06 22:30:36 -07:00 |
Simon Willison
|
3359d54a4e
|
Use cookies when accessing csrftoken_from
|
2020-06-06 12:33:08 -07:00 |
Simon Willison
|
966eec7f75
|
Check permissions on canned query page, refs #800
|
2020-06-06 12:27:00 -07:00 |
Simon Willison
|
070838bfa1
|
Better test for Vary header
|
2020-06-06 12:26:19 -07:00 |
Simon Willison
|
3f83d4632a
|
Respect query permissions on database page, refs #800
|
2020-06-06 12:05:22 -07:00 |
Simon Willison
|
14f6b4d200
|
actor_matches_allow utility function, refs #800
|
2020-06-06 11:39:11 -07:00 |
Simon Willison
|
75c143a84c
|
Fixed /-/plugins?all=1, refs #802
|
2020-06-05 16:55:08 -07:00 |
Simon Willison
|
f786033a5f
|
Fixed 'datasette plugins' command, with tests - closes #802
|
2020-06-05 16:46:37 -07:00 |
Simon Willison
|
033a1bb22c
|
Removed rogue print() from test
|
2020-06-05 12:06:43 -07:00 |
Simon Willison
|
84a9c4ff75
|
CSRF protection (#798)
Closes #793.
* Rename RequestParameters to MultiParams, refs #799
* Allow tuples as well as lists in MultiParams, refs #799
* Use csrftokens when running tests, refs #799
* Use new csrftoken() function, refs https://github.com/simonw/asgi-csrf/issues/7
* Check for Vary: Cookie hedaer, refs https://github.com/simonw/asgi-csrf/issues/8
|
2020-06-05 12:05:57 -07:00 |