{"html_url": "https://github.com/simonw/datasette/issues/1675#issuecomment-1074141457", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1675", "id": 1074141457, "node_id": "IC_kwDOBm6k_c5ABhkR", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-03-21T16:44:09Z", "updated_at": "2022-03-21T16:44:09Z", "author_association": "OWNER", "body": "A slightly odd thing about these methods is that they either fail silently or they raise a `Forbidden` exception.\r\n\r\nMaybe they should instead return `True` or `False` and the calling code could decide if it wants to raise the exception? That would make them more usable and a little less surprising.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1175648453, "label": "Extract out `check_permissions()` from `BaseView"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1675#issuecomment-1074142617", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1675", "id": 1074142617, "node_id": "IC_kwDOBm6k_c5ABh2Z", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-03-21T16:45:27Z", "updated_at": "2022-03-21T16:45:27Z", "author_association": "OWNER", "body": "Though at that point `check_permission` is such a light wrapper around `self.ds.permission_allowed()` that there's little point in it existing at all.\r\n\r\nSo maybe `check_permisions()` becomes `ds.permissions_allowed()`.\r\n\r\n`permission_allowed()` v.s. `permissions_allowed()` is a bit of a subtle naming difference, but I think it works.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1175648453, "label": "Extract out `check_permissions()` from `BaseView"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1675#issuecomment-1074143209", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1675", "id": 1074143209, "node_id": "IC_kwDOBm6k_c5ABh_p", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-03-21T16:46:05Z", "updated_at": "2022-03-21T16:46:05Z", "author_association": "OWNER", "body": "The other difference though is that `ds.permission_allowed(...)` works against an actor, while `check_permission()` works against a request (though just to access `request.actor`).", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1175648453, "label": "Extract out `check_permissions()` from `BaseView"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1675#issuecomment-1074156779", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1675", "id": 1074156779, "node_id": "IC_kwDOBm6k_c5ABlTr", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-03-21T16:55:08Z", "updated_at": "2022-03-21T16:56:02Z", "author_association": "OWNER", "body": "One benefit of the current design of `check_permissions` that raises an exception is that the exception includes information on WHICH of the permission checks failed. Returning just `True` or `False` loses that information.\r\n\r\nI could return an object which evaluates to `False` but also carries extra information? Bit weird, I've never seen anything like that in other Python code.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1175648453, "label": "Extract out `check_permissions()` from `BaseView"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1675#issuecomment-1074158890", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1675", "id": 1074158890, "node_id": "IC_kwDOBm6k_c5ABl0q", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-03-21T16:57:15Z", "updated_at": "2022-03-21T16:57:15Z", "author_association": "OWNER", "body": "Idea: `ds.permission_allowed()` continues to just return `True` or `False`.\r\n\r\nA new `ds.ensure_permissions(...)` method is added which raises a `Forbidden` exception if a check fails (hence the different name)`.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1175648453, "label": "Extract out `check_permissions()` from `BaseView"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1675#issuecomment-1074161523", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1675", "id": 1074161523, "node_id": "IC_kwDOBm6k_c5ABmdz", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-03-21T16:59:55Z", "updated_at": "2022-03-21T17:00:03Z", "author_association": "OWNER", "body": "Also calling that function `permissions_allowed()` is confusing because there is a plugin hook with a similar name already: https://docs.datasette.io/en/stable/plugin_hooks.html#permission-allowed-datasette-actor-action-resource", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1175648453, "label": "Extract out `check_permissions()` from `BaseView"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1675#issuecomment-1074177827", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1675", "id": 1074177827, "node_id": "IC_kwDOBm6k_c5ABqcj", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-03-21T17:14:31Z", "updated_at": "2022-03-21T17:14:31Z", "author_association": "OWNER", "body": "Updated documentation: https://github.com/simonw/datasette/blob/e627510b760198ccedba9e5af47a771e847785c9/docs/internals.rst#await-ensure_permissionsactor-permissions\r\n\r\n> This method allows multiple permissions to be checked at onced. It raises a `datasette.Forbidden` exception if any of the checks are denied before one of them is explicitly granted.\r\n> \r\n> This is useful when you need to check multiple permissions at once. For example, an actor should be able to view a table if either one of the following checks returns `True` or not a single one of them returns `False`:\r\n\r\nThat's pretty hard to understand! I'm going to open a separate issue to reconsider if this is a useful enough abstraction given how confusing it is.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1175648453, "label": "Extract out `check_permissions()` from `BaseView"}, "performed_via_github_app": null}