{"html_url": "https://github.com/simonw/datasette/issues/1636#issuecomment-1347655074", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1636", "id": 1347655074, "node_id": "IC_kwDOBm6k_c5QU5Wi", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-13T02:21:04Z", "updated_at": "2022-12-13T02:21:23Z", "author_association": "OWNER", "body": "The thing I'm stuck on at the moment is how to implement it such that an `allow` block for `create-table` at the root of the metadata will be checked correctly.\r\n\r\nMaybe the algorithm when `_resolve_metadata_permissions_blocks(datasette, actor, action, resource)` is called should do this:\r\n\r\n1. If a root permission block matching that action exists, test with that\r\n2. Next, if resource has been passed, check at the database level\r\n3. If the resource included a table/query, check at that level too\r\n\r\nSo everything is keyed off the incoming `action` name.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1138008042, "label": "\"permissions\" propery in metadata for configuring arbitrary permissions"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1636#issuecomment-1347648326", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1636", "id": 1347648326, "node_id": "IC_kwDOBm6k_c5QU3tG", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-13T02:10:02Z", "updated_at": "2022-12-13T02:10:02Z", "author_association": "OWNER", "body": "The implementation for this will go here: https://github.com/simonw/datasette/blob/8bf06a76b51bc9ace7cf72cf0cca8f1da7704ea7/datasette/default_permissions.py#L81-L83\r\n\r\nHere's the start of the tests (currently marked as `xfail`):\r\n\r\nhttps://github.com/simonw/datasette/blob/8bf06a76b51bc9ace7cf72cf0cca8f1da7704ea7/tests/test_permissions.py#L652-L689", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1138008042, "label": "\"permissions\" propery in metadata for configuring arbitrary permissions"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1636#issuecomment-1347647298", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1636", "id": 1347647298, "node_id": "IC_kwDOBm6k_c5QU3dC", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-13T02:08:46Z", "updated_at": "2022-12-13T02:08:46Z", "author_association": "OWNER", "body": "A bunch of the work for this just landed - in particular the new scheme is now documented (even though it doesn't work yet):\r\n\r\nhttps://docs.datasette.io/en/latest/authentication.html#other-permissions-in-metadata", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1138008042, "label": "\"permissions\" propery in metadata for configuring arbitrary permissions"}, "performed_via_github_app": null}