{"html_url": "https://github.com/simonw/datasette/issues/813#issuecomment-640951947", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/813", "id": 640951947, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDk1MTk0Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-09T00:09:56Z", "updated_at": "2020-06-09T00:09:56Z", "author_association": "OWNER", "body": "Documentation: https://datasette.readthedocs.io/en/latest/authentication.html#controlling-the-ability-to-execute-arbitrary-sql", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 634139848, "label": "Mechanism for specifying allow_sql permission in metadata.json"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/813#issuecomment-640916807", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/813", "id": 640916807, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDkxNjgwNw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-08T22:18:09Z", "updated_at": "2020-06-08T22:18:09Z", "author_association": "OWNER", "body": "I could retire the `--config allow_sql:0` option entirely, since the new `metadata.json` mechanism can be used to achieve the exact same thing.\r\n\r\nI'm going to do that.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 634139848, "label": "Mechanism for specifying allow_sql permission in metadata.json"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/813#issuecomment-640916290", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/813", "id": 640916290, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDkxNjI5MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-08T22:16:39Z", "updated_at": "2020-06-08T22:17:32Z", "author_association": "OWNER", "body": "Naming problem: Datasette already has a config option with this name:\r\n\r\n    $ datasette serve data.db --config allow_sql:1\r\n\r\nhttps://datasette.readthedocs.io/en/stable/config.html#allow-sql\r\n\r\nIt's confusing to have two things called `allow_sql` that do slightly different things.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 634139848, "label": "Mechanism for specifying allow_sql permission in metadata.json"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/813#issuecomment-640837908", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/813", "id": 640837908, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDgzNzkwOA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-08T19:33:03Z", "updated_at": "2020-06-08T19:33:03Z", "author_association": "OWNER", "body": "Don't forget to link to the `allow_sql` docs from the warning block here: https://github.com/simonw/datasette/blob/54370853828bdf87ca844fd0fc00900e0e2e659d/docs/authentication.rst#controlling-access-to-specific-tables-and-views", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 634139848, "label": "Mechanism for specifying allow_sql permission in metadata.json"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/813#issuecomment-640831842", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/813", "id": 640831842, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDgzMTg0Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-08T19:27:47Z", "updated_at": "2020-06-08T19:27:47Z", "author_association": "OWNER", "body": "This needs to be ready for Datasette 0.44 because without it the \"view-table\" permission is useless - it will protect the https://latest.datasette.io/fixtures/facetable page but will not prevent users from executing https://latest.datasette.io/fixtures?sql=select+*+from+facetable", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 634139848, "label": "Mechanism for specifying allow_sql permission in metadata.json"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/813#issuecomment-640830088", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/813", "id": 640830088, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDgzMDA4OA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-08T19:26:15Z", "updated_at": "2020-06-08T19:26:15Z", "author_association": "OWNER", "body": "This needs to affect the `?_where=` parameter on table pages as well.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 634139848, "label": "Mechanism for specifying allow_sql permission in metadata.json"}, "performed_via_github_app": null}