{"html_url": "https://github.com/simonw/datasette/issues/699#issuecomment-636576603", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/699", "id": 636576603, "node_id": "MDEyOklzc3VlQ29tbWVudDYzNjU3NjYwMw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-01T02:13:26Z", "updated_at": "2020-06-01T03:13:31Z", "author_association": "OWNER", "body": "Debugging tool idea: `/-/permissions` page which shows you the actor and lets you type in the strings for `action`, `resource_type` and `resource_identifier` - then shows you EVERY plugin hook that would have executed and what it would have said, plus when the chain would have terminated.\r\n\r\nBonus: if you're logged in as the `root` user (or a user that matches some kind of permission check, maybe a check for `permissions_debug`) you get to see a rolling log of the last 30 permission checks and what the results were across the whole of Datasette. This should make figuring out permissions policies a whole lot easier.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582526961, "label": "Authentication (and permissions) as a core concept"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/699#issuecomment-636576252", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/699", "id": 636576252, "node_id": "MDEyOklzc3VlQ29tbWVudDYzNjU3NjI1Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-01T02:11:40Z", "updated_at": "2020-06-01T02:11:40Z", "author_association": "OWNER", "body": "Plugin idea: `datasette-allow-all` - really simple plugin which just says \"yes\" to every permission check.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582526961, "label": "Authentication (and permissions) as a core concept"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/699#issuecomment-636566616", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/699", "id": 636566616, "node_id": "MDEyOklzc3VlQ29tbWVudDYzNjU2NjYxNg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-01T01:23:48Z", "updated_at": "2020-06-01T01:23:48Z", "author_association": "OWNER", "body": "https://latest.datasette.io/-/actor is now live (it returns `null` because there's no current way to sign into the `latest.datasette.io` site - not even with a fake `ds_actor` cookie because there's no way to know what that site's random secret is).", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582526961, "label": "Authentication (and permissions) as a core concept"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/699#issuecomment-636566433", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/699", "id": 636566433, "node_id": "MDEyOklzc3VlQ29tbWVudDYzNjU2NjQzMw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-01T01:22:59Z", "updated_at": "2020-06-01T01:22:59Z", "author_association": "OWNER", "body": "Some next steps:\r\n\r\n- Try out a branch of `datasette-auth-github` that builds on these new plugin hooks\r\n- Build a `datasette-api-tokens` plugin which implements `Authorization: bearer xxx` token support for API access\r\n- Maybe prototype up a `datasette-user-accounts` plugin which supports username/password accounts and allows an admin user to create/delete them\r\n- Do more work on writable canned queries in #698 and see what they look like if they take advantage of the permissions hook (to restrict some to only allowing authenticated users)", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582526961, "label": "Authentication (and permissions) as a core concept"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/699#issuecomment-636565610", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/699", "id": 636565610, "node_id": "MDEyOklzc3VlQ29tbWVudDYzNjU2NTYxMA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-01T01:19:45Z", "updated_at": "2020-06-01T01:19:45Z", "author_association": "OWNER", "body": "I rebased in #783 so all of this is on master now.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582526961, "label": "Authentication (and permissions) as a core concept"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/699#issuecomment-636562999", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/699", "id": 636562999, "node_id": "MDEyOklzc3VlQ29tbWVudDYzNjU2Mjk5OQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-01T01:09:47Z", "updated_at": "2020-06-01T01:09:47Z", "author_association": "OWNER", "body": "I should add an entire page to the documentation describing Datasette authentication.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582526961, "label": "Authentication (and permissions) as a core concept"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/699#issuecomment-636562658", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/699", "id": 636562658, "node_id": "MDEyOklzc3VlQ29tbWVudDYzNjU2MjY1OA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-01T01:08:20Z", "updated_at": "2020-06-01T01:08:54Z", "author_association": "OWNER", "body": "OK, the implementation in PR #783 is in a good state now - it implements the new plugin hooks with tests and documentation, plus it implements this:\r\n\r\n    $ datasette . --root\r\n    http://127.0.0.1:8001/-/auth-token?token=3ca9ee460a6451142389351d19b147bce27d2a785dfb6b5a74f82211be1ede49\r\n    ...\r\n\r\nThat URL, when clicked, will set a cookie for the `{\"id\": \"root\"}` user. The cookie is respected and used to populate `scope[\"actor\"]`.\r\n\r\nI'm going to merge that pull request and continue working on this stuff on master.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582526961, "label": "Authentication (and permissions) as a core concept"}, "performed_via_github_app": null}