Simon Willison
bcc4f6bf1f
track_event() mechanism for analytics and plugins
...
* Closes #2240
* Documentation for event plugin hooks, refs #2240
* Include example track_event plugin in docs, refs #2240
* Tests for track_event() and register_events() hooks, refs #2240
* Initial documentation for core events, refs #2240
* Internals documentation for datasette.track_event()
2024-01-31 15:21:40 -08:00
Simon Willison
50da908213
Cascade for restricted token view-table/view-database/view-instance operations ( #2154 )
...
Closes #2102
* Permission is now a dataclass, not a namedtuple - refs https://github.com/simonw/datasette/pull/2154/#discussion_r1308087800
* datasette.get_permission() method
2023-08-29 09:32:34 -07:00
Alex Garcia
92b8bf38c0
Add new `--internal internal.db` option, deprecate legacy `_internal` database
...
Refs:
- #2157
---------
Co-authored-by: Simon Willison <swillison@gmail.com>
2023-08-28 20:24:23 -07:00
Simon Willison
01e0558825
Merge pull request from GHSA-7ch3-7pp7-7cpq
...
* API explorer requires view-instance permission
* Check database/table permissions on /-/api page
* Release notes for 1.0a4
Refs #2119 , #2133 , #2138 , #2140
Refs https://github.com/simonw/datasette/security/advisories/GHSA-7ch3-7pp7-7cpq
2023-08-22 10:10:01 -07:00
Simon Willison
dda99fc09f
New View base class ( #2080 )
...
* New View base class, closes #2078
* Use new View subclass for PatternPortfolioView
2023-05-25 17:18:43 -07:00
Simon Willison
572bdb5b80
Applied Black, refs #782
2022-12-31 19:32:07 -08:00
Simon Willison
d94a3c4326
No need to link to _shape=objects any more
...
It's the default now. Refs #782
2022-12-31 17:42:48 -08:00
Simon Willison
1a3dcf4943
Don't include _memory on /-/create-token, refs #1947
2022-12-13 21:19:31 -08:00
Simon Willison
d98a8effb1
UI for restricting permissions on /-/create-token, refs #1947
...
Also fixes test failures I introduced in #1951
2022-12-13 21:03:17 -08:00
Simon Willison
c6a811237c
/-/actor.json no longer requires view-instance, closes #1945
2022-12-12 20:11:51 -08:00
Simon Willison
8bf06a76b5
register_permissions() plugin hook ( #1940 )
...
* Docs for permissions: in metadata, refs #1636
* Refactor default_permissions.py to help with implementation of #1636
* register_permissions() plugin hook, closes #1939 - also refs #1938
* Tests for register_permissions() hook, refs #1939
* Documentation for datasette.permissions, refs #1939
* permission_allowed() falls back on Permission.default, refs #1939
* Raise StartupError on duplicate permissions
* Allow dupe permisisons if exact matches
2022-12-12 18:05:54 -08:00
Simon Willison
272982e8a6
/db/table/-/upsert API
...
Close #1878
Also made a few tweaks to how _r works in tokens and actors,
refs #1855 - I needed that mechanism for the tests.
2022-12-07 17:12:15 -08:00
Simon Willison
5518397338
Show mutable DBs first in API explorer, closes #1918
2022-11-29 21:07:51 -08:00
Simon Willison
575a29c424
API explorer: respect immutability, closes #1888
2022-11-13 22:01:56 -08:00
Simon Willison
612da8eae6
confirm: true mechanism for drop table API, closes #1887
2022-11-13 21:17:18 -08:00
Simon Willison
db796771e2
Example links for API explorer, closes #1871
2022-11-13 20:58:45 -08:00
Simon Willison
bcc781f4c5
Implementation and tests for _r field on actor, refs #1855
...
New mechanism for restricting permissions further for a given actor.
This still needs documentation. It will eventually be used by the mechanism to issue
signed API tokens that are only able to perform a subset of actions.
This also adds tests that exercise the POST /-/permissions tool, refs #1881
2022-11-03 17:12:23 -07:00
Simon Willison
c51d9246b9
Permission check testing tool, refs #1881
2022-11-02 22:10:07 -07:00
Simon Willison
f6bf2d8045
Initial prototype of API explorer at /-/api, refs #1871
2022-10-29 23:20:11 -07:00
Simon Willison
382a871583
max_signed_tokens_ttl setting, closes #1858
...
Also redesigned token format to include creation time and optional duration.
2022-10-26 20:14:59 -07:00
Simon Willison
c23fa850e7
allow_signed_tokens setting, closes #1856
2022-10-25 19:55:47 -07:00
Simon Willison
0f013ff497
Mechanism to prevent tokens creating tokens, closes #1857
2022-10-25 19:43:55 -07:00
Simon Willison
7ab091e8ef
Tests and docs for /-/create-token, refs #1852
2022-10-25 19:04:05 -07:00
Simon Willison
68ccb7578b
dstoke_ prefix for tokens
...
Refs https://github.com/simonw/datasette/issues/1852#issuecomment-1291290451
2022-10-25 18:40:07 -07:00
Simon Willison
42f8b402e6
Initial prototype of create API token page, refs #1852
2022-10-25 17:07:58 -07:00
Simon Willison
194e4f6c3f
Removed check_permission() from BaseView, closes #1677
...
Refs #1660
2022-03-21 11:41:56 -07:00
Simon Willison
61419388c1
Rename route match groups for consistency, refs #1667 , #1660
2022-03-19 09:52:08 -07:00
Simon Willison
d4f60c2388
Remove hashed URL mode
...
Also simplified how view class routing works.
Refs #1661
2022-03-18 17:12:03 -07:00
Simon Willison
23a09b0f6a
Remove JSON rel=alternate from some pages, closes #1623
2022-02-02 13:48:52 -08:00
Simon Willison
8584993529
--cors Access-Control-Allow-Headers: Authorization
...
Refs #1467 , refs https://github.com/simonw/datasette-auth-tokens/issues/4
2021-10-14 12:03:28 -07:00
Simon Willison
30e64c8d3b
Use f-strings in place of .format()
...
Code transformed like so:
pip install flynt
flynt .
black .
2020-11-15 15:24:22 -08:00
Simon Willison
222f79bb4c
debug-menu permission, closes #1068
...
Also added tests for navigation menu logic.
2020-10-30 08:41:57 -07:00
Simon Willison
5a15197960
/db/table/-/blob/pk/column.blob download URL, refs #1036
2020-10-24 16:09:18 -07:00
Simon Willison
091441a444
Fixed remaining places that needed datasette.urls, closes #1025
2020-10-19 22:21:19 -07:00
Simon Willison
a648bb82ba
Upgrade to Black 20.8b1, closes #958
2020-09-02 15:24:55 -07:00
Simon Willison
12c0bc09cc
/-/allow-debug tool, closes #908
2020-07-24 15:55:10 -07:00
Simon Willison
549b1c2063
New forbidden() plugin hook, closes #812
2020-06-30 21:17:38 -07:00
Simon Willison
51427323e6
Add message when user logs out, refs #840
2020-06-29 11:31:35 -07:00
Simon Willison
22d932fafc
/-/logout page for logging out of ds_actor cookie
...
Refs #840
2020-06-28 21:17:58 -07:00
Simon Willison
308bcc8805
Fixed test_permissions_debug
2020-06-11 17:25:12 -07:00
Simon Willison
29c5ff493a
view-instance permission for debug URLs, closes #833
2020-06-11 15:14:51 -07:00
Simon Willison
57e812d5de
ds_author cookie can now expire, closes #829
...
Refs https://github.com/simonw/datasette-auth-github/issues/62#issuecomment-642152076
2020-06-10 12:39:54 -07:00
Simon Willison
008e2f63c2
response.set_cookie(), closes #795
2020-06-09 15:19:37 -07:00
Simon Willison
dfff34e198
Applied black, refs #811
2020-06-08 11:03:33 -07:00
Simon Willison
177059284d
New request.actor property, refs #811
2020-06-08 10:05:32 -07:00
Simon Willison
4fa7cf6853
Flash messages mechanism, closes #790
2020-06-02 14:12:18 -07:00
Simon Willison
b4cd8797b8
permission_checks is now _permission_checks
2020-06-02 14:11:32 -07:00
Simon Willison
dfdbdf378a
Added /-/permissions debug tool, closes #788
...
Also started the authentication.rst docs page, refs #786 .
Part of authentication work, refs #699 .
2020-05-31 22:00:36 -07:00
Simon Willison
9f3d4aba31
--root option and /-/auth-token view, refs #784
2020-05-31 18:16:42 -07:00
Simon Willison
1fc6ceefb9
Added /-/actor.json - refs #699
...
Also added JSON highlighting to introspection documentation.
2020-05-31 18:16:42 -07:00