{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-599696286", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 599696286, "node_id": "MDEyOklzc3VlQ29tbWVudDU5OTY5NjI4Ng==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-03-16T18:32:59Z", "updated_at": "2020-03-16T18:33:33Z", "author_association": "OWNER", "body": "```json\r\n{\r\n    \"databases\": {\r\n       \"my-database\": {\r\n           \"queries\": {\r\n               \"add_twitter_handle\": {\r\n                   \"sql\": \"insert into twitter_handles (username) values (:username)\",\r\n                   \"write\": true\r\n               }\r\n           }\r\n       }\r\n    }\r\n}\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-599697164", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 599697164, "node_id": "MDEyOklzc3VlQ29tbWVudDU5OTY5NzE2NA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-03-16T18:35:04Z", "updated_at": "2020-03-16T18:35:27Z", "author_association": "OWNER", "body": "By default this will extract the `:params` using the existing regular expression - which can occasionally break if there is a rogue `:` in the rest of the query.\r\n\r\nTo address this: allow an extra optional `\"params\": [\"username\"]` field in metadata which, if available, is used instead of the regular expression extraction.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-599701145", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 599701145, "node_id": "MDEyOklzc3VlQ29tbWVudDU5OTcwMTE0NQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-03-16T18:44:19Z", "updated_at": "2020-03-16T18:44:40Z", "author_association": "OWNER", "body": "This is going to need CSRF protection - see https://github.com/simonw/asgi-csrf", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-599703452", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 599703452, "node_id": "MDEyOklzc3VlQ29tbWVudDU5OTcwMzQ1Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-03-16T18:49:31Z", "updated_at": "2020-03-16T18:49:31Z", "author_association": "OWNER", "body": "Also relevant: this will benefit from an authentication/permissions layer: #699", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-599704264", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 599704264, "node_id": "MDEyOklzc3VlQ29tbWVudDU5OTcwNDI2NA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-03-16T18:51:27Z", "updated_at": "2020-03-17T02:44:44Z", "author_association": "OWNER", "body": "This is also going to need me to handle POST form submissions which means I need to be able to parse the form body. I guess that will go in [datasette/utils/asgi.py](https://github.com/simonw/datasette/blob/master/datasette/utils/asgi.py).", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-599704655", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 599704655, "node_id": "MDEyOklzc3VlQ29tbWVudDU5OTcwNDY1NQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-03-16T18:52:23Z", "updated_at": "2020-03-16T18:52:23Z", "author_association": "OWNER", "body": "I have code for form parsing in `asgi-csrf`: https://github.com/simonw/asgi-csrf/blob/3fc164a9258ebfa616d4e724fcb102b117277c6e/asgi_csrf.py#L91-L109", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-599706260", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 599706260, "node_id": "MDEyOklzc3VlQ29tbWVudDU5OTcwNjI2MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-03-16T18:56:00Z", "updated_at": "2020-03-16T18:56:00Z", "author_association": "OWNER", "body": "It would be useful if this feature supported different types of input - at the most basic level `<input type=\"text\">` v.s. `<textarea>`, but numbers, `<select>` etc would be useful too. This can be added later as additional `metadata.json` settings.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-599856081", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 599856081, "node_id": "MDEyOklzc3VlQ29tbWVudDU5OTg1NjA4MQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-03-17T03:14:20Z", "updated_at": "2020-03-17T03:14:20Z", "author_association": "OWNER", "body": "This is going to require a pretty full rewrite of the existing canned query logic, which currently shares a codepath with the code that lets you submit a SQL query:\r\n\r\nhttps://github.com/simonw/datasette/blob/298a899e792ebd0cd82a5f01b613c31f19082e51/datasette/views/base.py#L464-L563", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-640108942", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 640108942, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDEwODk0Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-06T19:43:48Z", "updated_at": "2020-06-06T19:43:48Z", "author_association": "OWNER", "body": "Landed - documentation is here: https://datasette.readthedocs.io/en/latest/sql_queries.html#writable-canned-queries\r\n\r\nSee also https://datasette.readthedocs.io/en/latest/authentication.html#permissions-for-canned-queries", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-602140071", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 602140071, "node_id": "MDEyOklzc3VlQ29tbWVudDYwMjE0MDA3MQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-03-22T02:53:48Z", "updated_at": "2020-03-22T02:53:48Z", "author_association": "OWNER", "body": "This feature should include the ability to set a custom redirect URL for after the query has been executed - that way it can be used to build things like \"delete this row\" which redirect back to the correct table.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-608087223", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 608087223, "node_id": "MDEyOklzc3VlQ29tbWVudDYwODA4NzIyMw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-04-02T21:02:25Z", "updated_at": "2020-04-02T21:02:25Z", "author_association": "OWNER", "body": "YAML for metadata is relevant to this: #713", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-608125928", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 608125928, "node_id": "MDEyOklzc3VlQ29tbWVudDYwODEyNTkyOA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-04-02T22:32:41Z", "updated_at": "2020-04-02T22:33:10Z", "author_association": "OWNER", "body": "I really want the option to use a `<textarea>` for a specific value.\r\n\r\nIdea: metadata syntax like this:\r\n\r\n```json\r\n{\r\n    \"databases\": {\r\n       \"my-database\": {\r\n           \"queries\": {\r\n               \"add_twitter_handle\": {\r\n                   \"sql\": \"insert into twitter_handles (username) values (:username)\",\r\n                   \"write\": true,\r\n                   \"params\": {\r\n                       \"username\": {\r\n                            \"widget\": \"textarea\"\r\n                       }\r\n                   }\r\n               }\r\n           }\r\n       }\r\n    }\r\n}\r\n```\r\nI can ship with some default widgets and provide a plugin hook for registering extra widgets.\r\n\r\nThis opens up some really exciting possibilities for things like map widgets that let you draw polygons.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-621041812", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 621041812, "node_id": "MDEyOklzc3VlQ29tbWVudDYyMTA0MTgxMg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-04-29T07:42:48Z", "updated_at": "2020-04-29T07:42:48Z", "author_association": "OWNER", "body": "Need to figure out what the `.json` mode for this looks like - and if there's a `.csv` mode (I think not).", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-621036032", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 621036032, "node_id": "MDEyOklzc3VlQ29tbWVudDYyMTAzNjAzMg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-04-29T07:29:52Z", "updated_at": "2020-04-29T07:29:52Z", "author_association": "OWNER", "body": "What should happen when a query has been successfully executed?\r\n\r\nThat depends on the query. Some queries may wish to redirect to another page. Other queries might want to show a custom message.\r\n\r\nThere should at least be a default message saying the query has been executed.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-621037724", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 621037724, "node_id": "MDEyOklzc3VlQ29tbWVudDYyMTAzNzcyNA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-04-29T07:34:02Z", "updated_at": "2020-04-29T07:34:02Z", "author_association": "OWNER", "body": "Concept for displaying a success message:\r\n\r\n<img width=\"662\" alt=\"fixtures__compound_three_primary_keys__1_001_rows\" src=\"https://user-images.githubusercontent.com/9599/80571201-0a1b4f00-89b1-11ea-8688-2e3e4304e475.png\">\r\nCSS:\r\n\r\n```css\r\n.success {\r\n    padding: 1em;\r\n    border: 1px solid green;\r\n    background-color: #c7fbc7;\r\n}", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-636569917", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 636569917, "node_id": "MDEyOklzc3VlQ29tbWVudDYzNjU2OTkxNw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-01T01:39:44Z", "updated_at": "2020-06-01T01:39:44Z", "author_association": "OWNER", "body": "Idea for the authentication piece: I'll have the canned query code execute the following:\r\n\r\n```python\r\nif await datasette.permission_allowed(\r\n    request.scope.get(\"actor\"),  \"execute_query\", \"canned_query\", query_name, default=True\r\n):\r\n```\r\nThen I'll add a default plugin to Datasette which implements that plugin hook, looks at the Datasette metadata for that query, and says \"No\" if the following (and `request.scope[\"actor\"]` is empty):\r\n\r\n```json\r\n{\r\n    \"databases\": {\r\n       \"my-database\": {\r\n           \"queries\": {\r\n               \"add_twitter_handle\": {\r\n                   \"sql\": \"insert into twitter_handles (username) values (:username)\",\r\n                   \"write\": true,\r\n                   \"requires_actor\": true\r\n               }\r\n           }\r\n       }\r\n    }\r\n}\r\n```\r\nI think I'll support this too:\r\n\r\n```json\r\n                   \"allowed_actors\": [\"root\"]\r\n```\r\nSo you can configure queries to only be available to specific `{\"id\": xxx}` actors.\r\n\r\nThis will be the first time the new `permission_allowed` mechanism from #699 will be exercised in Datasette core.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-636617140", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 636617140, "node_id": "MDEyOklzc3VlQ29tbWVudDYzNjYxNzE0MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-01T05:14:39Z", "updated_at": "2020-06-01T05:14:39Z", "author_association": "OWNER", "body": "Here's the new `default_permissions.py` file I can add this permission check to: https://github.com/simonw/datasette/blob/dfdbdf378aba9afb66666f66b78df2f2069d2595/datasette/default_permissions.py#L1-L7", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-637879242", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 637879242, "node_id": "MDEyOklzc3VlQ29tbWVudDYzNzg3OTI0Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-03T00:10:30Z", "updated_at": "2020-06-03T00:10:30Z", "author_association": "OWNER", "body": "Started a fresh pull request for this in #796 - the one in #703 got a bit untidy.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-637934813", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 637934813, "node_id": "MDEyOklzc3VlQ29tbWVudDYzNzkzNDgxMw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-03T03:45:07Z", "updated_at": "2020-06-03T03:45:07Z", "author_association": "OWNER", "body": "Some extra thoughts now that this is mostly working:\r\n\r\n- \"Edit this row\" is such an obvious use-case. Could I automatically support row editing where every column except the primary key can be updated?\r\n- It would be useful to be able to link to a query in a way that pre-populates various form fields. The \"edit\" interface could then be a link that pre-populates the form with all of the existing values.\r\n- Can the redirect URL be configured to include values from the form submission? So you could e.g. add a blog post with a unique slug and then redirect to that URL?", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-638183337", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 638183337, "node_id": "MDEyOklzc3VlQ29tbWVudDYzODE4MzMzNw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-03T13:05:03Z", "updated_at": "2020-06-03T13:05:03Z", "author_association": "OWNER", "body": "One challenge with this feature is that it confuses the messaging about what Datasette does somewhat.\r\n\r\nPrior to shipping this, Datasette's core value proposition is as a way to publish read-only data.\r\n\r\nThat changed a little [in 0.37 in February](https://datasette.readthedocs.io/en/stable/changelog.html#v0-37) when plugins gained the supported ability to execute writes, but there was no way of doing that without a plugin.\r\n\r\nWith this feature, Datasette becomes a read-write database solution.\r\n\r\nI should update the documentation to help explain this. Essentially the message is that Datasette can be used in one of two \"modes\" - it can be used just for sharing/publishing data, or you can use it to collect and manage data, most likely still in collaboration with plugins for things like authentication.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-638266171", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 638266171, "node_id": "MDEyOklzc3VlQ29tbWVudDYzODI2NjE3MQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-03T15:18:49Z", "updated_at": "2020-06-03T15:18:49Z", "author_association": "OWNER", "body": "Landed the work so far from #796! Here's the documentation: https://datasette.readthedocs.io/en/latest/sql_queries.html#writable-canned-queries", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-639779403", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 639779403, "node_id": "MDEyOklzc3VlQ29tbWVudDYzOTc3OTQwMw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-05T20:20:12Z", "updated_at": "2020-06-05T20:20:12Z", "author_association": "OWNER", "body": "CSRF is done. Last step: figure out a smart way to integrate this with permissions and authentication.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-639784651", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 639784651, "node_id": "MDEyOklzc3VlQ29tbWVudDYzOTc4NDY1MQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-05T20:25:02Z", "updated_at": "2020-06-05T20:25:02Z", "author_association": "OWNER", "body": "Idea: default is anyone can execute a query.\r\n\r\nOr you can specify the following:\r\n\r\n```json\r\n\r\n{\r\n    \"databases\": {\r\n       \"my-database\": {\r\n           \"queries\": {\r\n               \"add_twitter_handle\": {\r\n                   \"sql\": \"insert into twitter_handles (username) values (:username)\",\r\n                   \"write\": true,\r\n                   \"allow\": {\r\n                       \"id\": [\"simon\"],\r\n                       \"role\": [\"staff\"]\r\n                   }\r\n               }\r\n           }\r\n       }\r\n    }\r\n}\r\n```\r\nThese get matched against the actor JSON. If any of the fields in any of the keys of `\"allow\"` match a key on the actor, the query is allowed.\r\n\r\n`\"id\": \"*\"` matches any actor with an `id` key.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-639785878", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 639785878, "node_id": "MDEyOklzc3VlQ29tbWVudDYzOTc4NTg3OA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-05T20:25:55Z", "updated_at": "2020-06-05T20:25:55Z", "author_association": "OWNER", "body": "I'd really like to support SQL query defined permissions too, mainly to set an example for how plugins could do something similar.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-639787304", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 639787304, "node_id": "MDEyOklzc3VlQ29tbWVudDYzOTc4NzMwNA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-05T20:26:57Z", "updated_at": "2020-06-05T20:26:57Z", "author_association": "OWNER", "body": "Idea: an `\"allow_sql\"` key with a SQL query that gets passed the actor JSON as `:actor` and can extract the relevant keys from it and return 1 or 0.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/698#issuecomment-639788562", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/698", "id": 639788562, "node_id": "MDEyOklzc3VlQ29tbWVudDYzOTc4ODU2Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-05T20:27:49Z", "updated_at": "2020-06-05T20:27:49Z", "author_association": "OWNER", "body": "There can be a detailed section explaining these different mechanisms on the authentication documentation page.\r\n\r\nI imagine they will end up applying to more than just canned queries.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 582517965, "label": "Ability for a canned query to write to the database"}, "performed_via_github_app": null}