{"id": 629541395, "node_id": "MDU6SXNzdWU2Mjk1NDEzOTU=", "number": 795, "title": "response.set_cookie() method", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 2, "created_at": "2020-06-02T21:57:05Z", "updated_at": "2020-06-09T22:33:33Z", "closed_at": "2020-06-09T22:19:48Z", "author_association": "OWNER", "pull_request": null, "body": "Mainly to clean up this code:\r\n\r\nhttps://github.com/simonw/datasette/blob/4fa7cf68536628344356d3ef8c92c25c249067a0/datasette/app.py#L439-L454", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/795/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 635519358, "node_id": "MDU6SXNzdWU2MzU1MTkzNTg=", "number": 826, "title": "Document the ds_actor signed cookie", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 3, "created_at": "2020-06-09T15:06:52Z", "updated_at": "2020-06-09T22:33:12Z", "closed_at": "2020-06-09T22:32:31Z", "author_association": "OWNER", "pull_request": null, "body": "Most authentication plugins (https://github.com/simonw/datasette-auth-github for example) are likely to work by setting the `ds_actor` signed cookie, which is already magically decoded and supported by default Datasette here:\r\n\r\nhttps://github.com/simonw/datasette/blob/4fa7cf68536628344356d3ef8c92c25c249067a0/datasette/actor_auth_cookie.py#L1-L13\r\n\r\nI should document this.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/826/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 632673972, "node_id": "MDU6SXNzdWU2MzI2NzM5NzI=", "number": 804, "title": "python tests/fixtures.py command has a bug", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 6, "created_at": "2020-06-06T19:17:36Z", "updated_at": "2020-06-09T20:01:30Z", "closed_at": "2020-06-09T19:58:34Z", "author_association": "OWNER", "pull_request": null, "body": "This command is meant to write out `fixtures.db`, `metadata.json` and a plugins directory:\r\n```\r\n$ python tests/fixtures.py /tmp/fixtures.db /tmp/metadata.json /tmp/plugins/\r\nTest tables written to /tmp/fixtures.db\r\n- metadata written to /tmp/metadata.json\r\nTraceback (most recent call last):\r\n  File \"tests/fixtures.py\", line 833, in <module>\r\n    (\"my_plugin.py\", PLUGIN1),\r\nNameError: name 'PLUGIN1' is not defined\r\n```", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/804/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 635696400, "node_id": "MDU6SXNzdWU2MzU2OTY0MDA=", "number": 827, "title": "Document CSRF protection (for plugins)", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 1, "created_at": "2020-06-09T19:19:10Z", "updated_at": "2020-06-09T19:38:30Z", "closed_at": "2020-06-09T19:35:13Z", "author_association": "OWNER", "pull_request": null, "body": "Plugin authors need to know that if they want to POST a form they should include this:\r\n```html+jinja\r\n<input type=\"hidden\" name=\"csrftoken\" value=\"{{ csrftoken() }}\">\r\n```", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/827/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 635147716, "node_id": "MDU6SXNzdWU2MzUxNDc3MTY=", "number": 825, "title": "Way to enable a default=False permission for anonymous users", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 6, "created_at": "2020-06-09T06:26:27Z", "updated_at": "2020-06-09T17:19:19Z", "closed_at": "2020-06-09T17:01:10Z", "author_association": "OWNER", "pull_request": null, "body": "I'd like plugins to be able to ship with a default that says \"anonymous users cannot do this\", but allow site administrators to over-ride that such that anonymous users can use the feature after all.\r\n\r\nThis is tricky because right now the anonymous user doesn't have an actor dictionary at all, so there's no key to match to an allow block.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/825/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 635107393, "node_id": "MDU6SXNzdWU2MzUxMDczOTM=", "number": 823, "title": "Documentation is inconsistent about \"id\" as required field on actor", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 3, "created_at": "2020-06-09T04:47:58Z", "updated_at": "2020-06-09T14:58:36Z", "closed_at": "2020-06-09T14:58:19Z", "author_association": "OWNER", "pull_request": null, "body": "Docs at https://github.com/simonw/datasette/blob/5a6a73e3190cac103906b479d56129413e5ef190/docs/authentication.rst#actors say:\r\n\r\n> The only required field in an actor is `\"id\"`, which must be a string.\r\n\r\nBut the example here returns `{\"token\": token}`:\r\n\r\n```python\r\n@hookimpl\r\ndef actor_from_request(datasette, request):\r\n    async def inner():\r\n        token = request.args.get(\"_token\")\r\n        if not token:\r\n            return None\r\n        # Look up ?_token=xxx in sessions table\r\n        result = await datasette.get_database().execute(\r\n            \"select count(*) from sessions where token = ?\", [token]\r\n        )\r\n        if result.first()[0]:\r\n            return {\"token\": token}\r\n        else:\r\n            return None\r\n\r\n    return inner\r\n```", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/823/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 635077656, "node_id": "MDU6SXNzdWU2MzUwNzc2NTY=", "number": 822, "title": "request.url_vars helper property", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 2, "created_at": "2020-06-09T03:15:53Z", "updated_at": "2020-06-09T03:40:07Z", "closed_at": "2020-06-09T03:40:06Z", "author_association": "OWNER", "pull_request": null, "body": "This example: https://github.com/simonw/datasette/blob/f5e79adf26d0daa3831e3fba022f1b749a9efdee/docs/plugins.rst#register_routes\r\n\r\n```python\r\nfrom datasette.utils.asgi import Response\r\nimport html\r\n\r\n\r\nasync def hello_from(scope):\r\n    name = scope[\"url_route\"][\"kwargs\"][\"name\"]\r\n    return Response.html(\"Hello from {}\".format(\r\n        html.escape(name)\r\n    ))\r\n\r\n\r\n@hookimpl\r\ndef register_routes():\r\n    return [\r\n        (r\"^/hello-from/(?P<name>.*)$\"), hello_from)\r\n    ]\r\n```\r\nWould be nicer if you could easily get `scope[\"url_route\"][\"kwargs\"][\"name\"]` directly from the request object, without looking at the `scope`.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/822/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 635076066, "node_id": "MDU6SXNzdWU2MzUwNzYwNjY=", "number": 821, "title": "Add Response class to internals documentation", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 0, "created_at": "2020-06-09T03:11:06Z", "updated_at": "2020-06-09T03:32:16Z", "closed_at": "2020-06-09T03:32:16Z", "author_association": "OWNER", "pull_request": null, "body": "> I'll need to add documentation of the `Response` object (and `Response.html()` and `Response.text()` class methods - I should add `Response.json()` too) to the internals page https://datasette.readthedocs.io/en/stable/internals.html\r\n\r\n_Originally posted by @simonw in https://github.com/simonw/datasette/issues/215#issuecomment-640971470_", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/821/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 314506669, "node_id": "MDU6SXNzdWUzMTQ1MDY2Njk=", "number": 215, "title": "Allow plugins to define additional URL routes and views", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 14, "created_at": "2018-04-16T05:31:09Z", "updated_at": "2020-06-09T03:14:32Z", "closed_at": "2020-06-09T03:12:08Z", "author_association": "OWNER", "pull_request": null, "body": "Might be as simple as having plugins get passed the `app` after the other routes have been defined:\r\n\r\nhttps://github.com/simonw/datasette/blob/b2955d9065ea019500c7d072bcd9d49d1967f051/datasette/app.py#L1270-L1274\r\n\r\nRefs #14", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/215/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 635037204, "node_id": "MDExOlB1bGxSZXF1ZXN0NDMxNDc4NzI0", "number": 819, "title": "register_routes() plugin hook", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 0, "created_at": "2020-06-09T01:20:44Z", "updated_at": "2020-06-09T03:12:08Z", "closed_at": "2020-06-09T03:12:07Z", "author_association": "OWNER", "pull_request": "simonw/datasette/pulls/819", "body": "Refs #215", "repo": {"value": 107914493, "label": "datasette"}, "type": "pull", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/819/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": 0, "state_reason": null}
{"id": 626171242, "node_id": "MDU6SXNzdWU2MjYxNzEyNDI=", "number": 777, "title": "Error pages not correctly loading CSS", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 4, "created_at": "2020-05-28T02:47:52Z", "updated_at": "2020-06-09T00:35:29Z", "closed_at": "2020-06-09T00:35:29Z", "author_association": "OWNER", "pull_request": null, "body": "e.g. https://latest.datasette.io/fixtures/compound_three_primary_keys.tsv?_size=max\r\n\r\n<img width=\"856\" alt=\"Error_404_and_All_plugin_hooks_should_have_unit_tests_\u00b7_Issue__773_\u00b7_simonw_datasette\" src=\"https://user-images.githubusercontent.com/9599/83092786-e5b79e80-a052-11ea-9cd7-6a1c01eb08e7.png\">\r\n\r\nThe HTML starts like this:\r\n\r\n```html\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n    <title>Error 404</title>\r\n    <link rel=\"stylesheet\" href=\"-/static/app.css?\">\r\n```", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/777/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 634139848, "node_id": "MDU6SXNzdWU2MzQxMzk4NDg=", "number": 813, "title": "Mechanism for specifying allow_sql permission in metadata.json", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 6, "created_at": "2020-06-08T04:57:19Z", "updated_at": "2020-06-09T00:09:57Z", "closed_at": "2020-06-09T00:07:19Z", "author_association": "OWNER", "pull_request": null, "body": "Split from #811. It would be useful if finely-grained permissions configured in `metadata.json` could be used to specify if a user is allowed to execute arbitrary SQL queries.\r\n\r\nWe have a permission check call for this already: https://github.com/simonw/datasette/blob/9397d718345c4b35d2a5c55bfcbd1468876b5ab9/datasette/views/database.py#L159\r\n\r\nBut there's currently no way to implement this check without writing a plugin.\r\n\r\nI think a `\"allow_sql\": {...}` block at the database level in `metadata.json` (sibling to the current `\"allow\"` block for that database implemented in #811) would be a good option for this.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/813/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}