{"html_url": "https://github.com/simonw/datasette/pull/1940#issuecomment-1347640542", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1940", "id": 1347640542, "node_id": "IC_kwDOBm6k_c5QU1ze", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-13T02:02:10Z", "updated_at": "2022-12-13T02:02:10Z", "author_association": "OWNER", "body": "This PR ended up bundling part of the implementation of:\r\n- #1636\r\n\r\nI'm going to be bad an NOT untangle that from this before I merge it.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1486011362, "label": "register_permissions() plugin hook"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/pull/1940#issuecomment-1347634128", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1940", "id": 1347634128, "node_id": "IC_kwDOBm6k_c5QU0PQ", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-13T01:51:56Z", "updated_at": "2022-12-13T01:51:56Z", "author_association": "OWNER", "body": "Actually one last thing: I said that the error would only occur if the permissions differed in some way.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1486011362, "label": "register_permissions() plugin hook"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/pull/1940#issuecomment-1347620733", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1940", "id": 1347620733, "node_id": "IC_kwDOBm6k_c5QUw99", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-13T01:33:06Z", "updated_at": "2022-12-13T01:33:06Z", "author_association": "OWNER", "body": "It's this change which triggers the failures:\r\n```diff\r\ndiff --git a/datasette/app.py b/datasette/app.py\r\nindex 760063d5..defa9688 100644\r\n--- a/datasette/app.py\r\n+++ b/datasette/app.py\r\n@@ -707,9 +707,12 @@ class Datasette:\r\n                 )\r\n         return crumbs\r\n \r\n-    async def permission_allowed(self, actor, action, resource=None, default=False):\r\n+    async def permission_allowed(self, actor, action, resource=None, default=None):\r\n         \"\"\"Check permissions using the permissions_allowed plugin hook\"\"\"\r\n         result = None\r\n+        # Use default from registered permission, if available\r\n+        if default is None and action in self.permissions:\r\n+            default = self.permissions[action].default\r\n         for check in pm.hook.permission_allowed(\r\n             datasette=self,\r\n             actor=actor,\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1486011362, "label": "register_permissions() plugin hook"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/pull/1940#issuecomment-1347616055", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1940", "id": 1347616055, "node_id": "IC_kwDOBm6k_c5QUv03", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-13T01:27:03Z", "updated_at": "2022-12-13T01:27:03Z", "author_association": "OWNER", "body": "I'm going to revert that last commit, see if I can get the tests running again and then apply the changes a line at a time to figure out which ones broke things.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1486011362, "label": "register_permissions() plugin hook"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/pull/1940#issuecomment-1345701316", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1940", "id": 1345701316, "node_id": "IC_kwDOBm6k_c5QNcXE", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-12T00:10:59Z", "updated_at": "2022-12-12T00:10:59Z", "author_association": "OWNER", "body": "Here's my first test failure:\r\n```\r\ntests/test_permissions.py .......F\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> traceback >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n\r\nallow = {}, expected_anon = 403, expected_auth = 403, path = '/fixtures/compound_three_primary_keys'\r\npadlock_client = <datasette.utils.testing.TestClient object at 0x107c09d20>\r\n\r\n    @pytest.mark.parametrize(\r\n        \"allow,expected_anon,expected_auth\",\r\n        [\r\n            (None, 200, 200),\r\n            ({}, 403, 403),\r\n            ({\"id\": \"root\"}, 403, 200),\r\n        ],\r\n    )\r\n    @pytest.mark.parametrize(\r\n        \"path\",\r\n        (\r\n            \"/\",\r\n            \"/fixtures\",\r\n            \"/fixtures/compound_three_primary_keys\",\r\n            \"/fixtures/compound_three_primary_keys/a,a,a\",\r\n            \"/fixtures/two\",  # Query\r\n        ),\r\n    )\r\n    def test_view_padlock(allow, expected_anon, expected_auth, path, padlock_client):\r\n        padlock_client.ds._metadata_local[\"allow\"] = allow\r\n        fragment = \"\ud83d\udd12</h1>\"\r\n        anon_response = padlock_client.get(path)\r\n>       assert expected_anon == anon_response.status\r\nE       assert 403 == 200\r\nE        +  where 200 = <datasette.utils.testing.TestResponse object at 0x107aea680>.status\r\n\r\n/Users/simon/Dropbox/Development/datasette/tests/test_permissions.py:61: AssertionError\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> entering PDB >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> PDB post_mortem (IO-capturing turned off) >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n> /Users/simon/Dropbox/Development/datasette/tests/test_permissions.py(61)test_view_padlock()\r\n-> assert expected_anon == anon_response.status\r\n(Pdb) anon_response\r\n<datasette.utils.testing.TestResponse object at 0x107aea680>\r\n(Pdb) anon_response.status\r\n200\r\n(Pdb) path\r\n'/fixtures/compound_three_primary_keys'\r\n(Pdb) padlock_client.ds._metadata_\r\n*** AttributeError: 'Datasette' object has no attribute '_metadata_'\r\n(Pdb) padlock_client.ds._metadata_local\r\n{'databases': {'fixtures': {'queries': {'two': {'sql': 'select 1 + 1', 'name': 'two'}, 'from_async_hook': {'sql': 'select 2', 'name': 'from_async_hook'}, 'from_hook': {'sql': \"select 1, 'null' as actor_id\", 'name': 'from_hook'}}, 'source': None, 'source_url': None, 'license': None, 'license_url': None, 'about': None, 'about_url': None}}, 'allow': {}}\r\n(Pdb) allow\r\n{}\r\n```\r\nIt looks like I've broken the `allow` logic that notices that if there's an `\"allow\": {}` on the root then anonymous users should not be allowed to view any pages.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1486011362, "label": "register_permissions() plugin hook"}, "performed_via_github_app": null}