html_url,issue_url,id,node_id,user,created_at,updated_at,author_association,body,reactions,issue,performed_via_github_app
https://github.com/simonw/datasette/issues/2102#issuecomment-1690705243,https://api.github.com/repos/simonw/datasette/issues/2102,1690705243,IC_kwDOBm6k_c5kxh1b,9599,2023-08-23T22:03:54Z,2023-08-23T22:03:54Z,OWNER,Idea: `datasette-permissions-debug` plugin which simply prints out a stacktrace for every permission check so you can see where in the code they are.,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1805076818,
https://github.com/simonw/datasette/issues/2102#issuecomment-1690703764,https://api.github.com/repos/simonw/datasette/issues/2102,1690703764,IC_kwDOBm6k_c5kxheU,9599,2023-08-23T22:02:14Z,2023-08-23T22:02:14Z,OWNER,"Built this new test:
```python
@pytest.mark.asyncio
async def test_view_table_token_can_access_table(perms_ds):
    actor = {
        ""id"": ""restricted-token"",
        ""token"": ""dstok"",
        # Restricted to just view-table on perms_ds_two/t1
        ""_r"": {""r"": {""perms_ds_two"": {""t1"": [""vt""]}}},
    }
    cookies = {""ds_actor"": perms_ds.client.actor_cookie(actor)}
    response = await perms_ds.client.get(""/perms_ds_two/t1.json"", cookies=cookies)
    assert response.status_code == 200
```
The test fails. Running it with `pytest --pdb` let me do this:
```
(Pdb) from pprint import pprint
(Pdb) pprint(perms_ds._permission_checks)
deque([{'action': 'view-table',
        'actor': {'_r': {'r': {'perms_ds_two': {'t1': ['vt']}}},
                  'id': 'restricted-token',
                  'token': 'dstok'},
        'resource': ('perms_ds_two', 't1'),
        'result': None,
        'used_default': True,
        'when': '2023-08-23T21:59:45.117155'},
       {'action': 'view-database',
        'actor': {'_r': {'r': {'perms_ds_two': {'t1': ['vt']}}},
                  'id': 'restricted-token',
                  'token': 'dstok'},
        'resource': 'perms_ds_two',
        'result': False,
        'used_default': False,
        'when': '2023-08-23T21:59:45.117189'},
       {'action': 'view-instance',
        'actor': {'_r': {'r': {'perms_ds_two': {'t1': ['vt']}}},
                  'id': 'restricted-token',
                  'token': 'dstok'},
        'resource': None,
        'result': False,
        'used_default': False,
        'when': '2023-08-23T21:59:45.126751'},
       {'action': 'debug-menu',
        'actor': {'_r': {'r': {'perms_ds_two': {'t1': ['vt']}}},
                  'id': 'restricted-token',
                  'token': 'dstok'},
        'resource': None,
        'result': False,
        'used_default': False,
        'when': '2023-08-23T21:59:45.126777'}],
      maxlen=200)
```","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1805076818,
https://github.com/simonw/datasette/issues/2102#issuecomment-1690693830,https://api.github.com/repos/simonw/datasette/issues/2102,1690693830,IC_kwDOBm6k_c5kxfDG,9599,2023-08-23T21:51:52Z,2023-08-23T21:52:58Z,OWNER,"This is the hook in question: https://github.com/simonw/datasette/blob/bdf59eb7db42559e538a637bacfe86d39e5d17ca/datasette/hookspecs.py#L108-L110

- `True` means they are allowed to access it. You only need a single`True` from a plugin to allow it.
- `False` means they are not, and just one `False` from a plugin will deny it (even if another one returned `True` I think)
- `None` means that the plugin has no opinion on this question.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1805076818,