{"html_url": "https://github.com/simonw/datasette/issues/833#issuecomment-642958225", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/833", "id": 642958225, "node_id": "MDEyOklzc3VlQ29tbWVudDY0Mjk1ODIyNQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-11T22:15:32Z", "updated_at": "2020-06-11T22:15:32Z", "author_association": "OWNER", "body": "https://github.com/simonw/datasette/blob/29c5ff493ad7918b8fc44ea7920b41530e56dd5d/tests/test_permissions.py#L327-L348", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 637253789, "label": "/-/metadata and so on should respect view-instance permission"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/833#issuecomment-642905424", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/833", "id": 642905424, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MjkwNTQyNA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-11T20:16:41Z", "updated_at": "2020-06-11T20:16:41Z", "author_association": "OWNER", "body": "I'll add a new test in `test_permissions.py` which locks down an instance and  then loops through paths as the anonymous user making sure they aren't accessible.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 637253789, "label": "/-/metadata and so on should respect view-instance permission"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/833#issuecomment-642902208", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/833", "id": 642902208, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MjkwMjIwOA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-11T20:08:57Z", "updated_at": "2020-06-11T20:08:57Z", "author_association": "OWNER", "body": "I'm tempted to add a `view-instance` check before routing any URLs, but that wouldn't be compatible with the idea in #832 that having `view-table` should be enough to view a table even if you don't pass `view-instance`.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 637253789, "label": "/-/metadata and so on should respect view-instance permission"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/833#issuecomment-642874724", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/833", "id": 642874724, "node_id": "MDEyOklzc3VlQ29tbWVudDY0Mjg3NDcyNA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-11T19:07:49Z", "updated_at": "2020-06-11T19:07:49Z", "author_association": "OWNER", "body": "A live demo running the `datasette-auth-github` plugin will help demonstrate this.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 637253789, "label": "/-/metadata and so on should respect view-instance permission"}, "performed_via_github_app": null}