{"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350414961", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350414961, "node_id": "IC_kwDOBm6k_c5QfbJx", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-14T05:22:00Z", "updated_at": "2022-12-14T05:22:00Z", "author_association": "OWNER", "body": "I think the next big step for this feature is for me to actually use it to build a few things.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1493390939, "label": "UI to create reduced scope tokens from the `/-/create-token` page"}, "performed_via_github_app": null} {"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350414402", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350414402, "node_id": "IC_kwDOBm6k_c5QfbBC", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-14T05:21:07Z", "updated_at": "2022-12-14T05:21:07Z", "author_association": "OWNER", "body": "It would be neat not to show write permissions against immutable databases too - and not hard from a performance perspective since it doesn't involve hundreds more permission checks.\r\n\r\nThat will need permissions to grow a flag for if they need a mutable database though, which is a bigger job.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1493390939, "label": "UI to create reduced scope tokens from the `/-/create-token` page"}, "performed_via_github_app": null} {"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350413555", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350413555, "node_id": "IC_kwDOBm6k_c5Qfazz", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-14T05:19:52Z", "updated_at": "2022-12-14T05:19:52Z", "author_association": "OWNER", "body": "Maybe I should have kept `_memory` listed for instances that are running with `--crossdb` enabled?\r\n\r\nYeah I think I should.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1493390939, "label": "UI to create reduced scope tokens from the `/-/create-token` page"}, "performed_via_github_app": null} {"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350409537", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350409537, "node_id": "IC_kwDOBm6k_c5QfZ1B", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-14T05:14:16Z", "updated_at": "2022-12-14T05:14:16Z", "author_association": "OWNER", "body": "New interface now live at https://latest.datasette.io/-/create-token\r\n\r\n\r\n\r\nIt shouldn't be showing `_memory` though.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1493390939, "label": "UI to create reduced scope tokens from the `/-/create-token` page"}, "performed_via_github_app": null} {"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350402667", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350402667, "node_id": "IC_kwDOBm6k_c5QfYJr", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-14T05:05:10Z", "updated_at": "2022-12-14T05:05:10Z", "author_association": "OWNER", "body": "Tests can go here:\r\n\r\nhttps://github.com/simonw/datasette/blob/d98a8effb10ce8fe04a03eae42baa8a9cb0ca3f7/tests/test_auth.py#L143-L160", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1493390939, "label": "UI to create reduced scope tokens from the `/-/create-token` page"}, "performed_via_github_app": null} {"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350401651", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350401651, "node_id": "IC_kwDOBm6k_c5QfX5z", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-14T05:03:59Z", "updated_at": "2022-12-14T05:03:59Z", "author_association": "OWNER", "body": "I shipped a working interface. Could still do with some extra tests.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1493390939, "label": "UI to create reduced scope tokens from the `/-/create-token` page"}, "performed_via_github_app": null} {"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350215936", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350215936, "node_id": "IC_kwDOBm6k_c5QeqkA", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-14T01:23:42Z", "updated_at": "2022-12-14T01:23:42Z", "author_association": "OWNER", "body": "With tilde-encoding for database and table names the HTML looks like this:\r\n\r\n```html\r\n\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1493390939, "label": "UI to create reduced scope tokens from the `/-/create-token` page"}, "performed_via_github_app": null} {"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350148192", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350148192, "node_id": "IC_kwDOBm6k_c5QeaBg", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-14T00:19:06Z", "updated_at": "2022-12-14T00:19:06Z", "author_association": "OWNER", "body": "Another option: I could set a time limit - say 200ms - on how long I'm willing to spend calculating permissions before displaying this form\r\n\r\nFirst calculate view permissions for tables and databases (and maybe views and canned queries too).\r\n\r\nThen see if I can check every permission that I'm going to show as a checkbox on this page. If I get that done within the time limit use that to show the options.\r\n\r\nIf I run out of time show all options and maybe include a note saying that some of them may not actually be available.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1493390939, "label": "UI to create reduced scope tokens from the `/-/create-token` page"}, "performed_via_github_app": null} {"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350125018", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350125018, "node_id": "IC_kwDOBm6k_c5QeUXa", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-14T00:08:09Z", "updated_at": "2022-12-14T00:08:09Z", "author_association": "OWNER", "body": "Also: don't show hidden tables.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1493390939, "label": "UI to create reduced scope tokens from the `/-/create-token` page"}, "performed_via_github_app": null} {"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350124381", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350124381, "node_id": "IC_kwDOBm6k_c5QeUNd", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-14T00:07:51Z", "updated_at": "2022-12-14T00:07:51Z", "author_association": "OWNER", "body": "Another thing to consider in the future: once Datasette can support thousands of tables (see #417) the list on this page will turn into multiple MBs of HTML, which may cause all kinds of problems - not to mention the overhead of all of those table visibility permission checks. \r\n\r\nHopefully by then I'll have a good fix for the permission listings problem:\r\n- #1152\r\n\r\nAnd I can apply the same mechanism here.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1493390939, "label": "UI to create reduced scope tokens from the `/-/create-token` page"}, "performed_via_github_app": null} {"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350037572", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350037572, "node_id": "IC_kwDOBm6k_c5Qd_BE", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-13T23:27:32Z", "updated_at": "2022-12-13T23:27:32Z", "author_association": "OWNER", "body": "I'm going to ignore the permissions issue for the moment - I'll allow people to select any permissions they like in any of the databases or tables that are visible to them (don't want to leak the existence of databases/tables to users who shouldn't be able to see them).\r\n\r\nI think the value of getting this working outweights any potential confusion from not using finely grained permission checks to decide if the user should be able to apply a permission or not.\r\n\r\nThe tokens themselves won't be able to perform `insert-row` or similar if the user doesn't have the ability to do that, even if they selected that checkbox.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1493390939, "label": "UI to create reduced scope tokens from the `/-/create-token` page"}, "performed_via_github_app": null} {"html_url": "https://github.com/simonw/datasette/issues/1947#issuecomment-1350019528", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1947", "id": 1350019528, "node_id": "IC_kwDOBm6k_c5Qd6nI", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-13T23:19:16Z", "updated_at": "2022-12-13T23:19:16Z", "author_association": "OWNER", "body": "Here's the checkbox prototype:\r\n```diff\r\ndiff --git a/datasette/templates/create_token.html b/datasette/templates/create_token.html\r\nindex a94881ed..1795ebaf 100644\r\n--- a/datasette/templates/create_token.html\r\n+++ b/datasette/templates/create_token.html\r\n@@ -2,11 +2,20 @@\r\n \r\n {% block title %}Create an API token{% endblock %}\r\n \r\n+{% block extra_head %}\r\n+\r\n+{% endblock %}\r\n+\r\n {% block content %}\r\n \r\n
This token will allow API access with the same abilities as your current user.
\r\n+This token will allow API access with the same abilities as your current user, {{ request.actor.id }}
\r\n \r\n {% if errors %}\r\n {% for error in errors %}\r\n@@ -27,8 +36,39 @@\r\n \r\n \r\n \r\n- \r\n+\r\n+Restrict actions that can be performed using this token:
\r\n+ \r\n+ \r\n+