{"html_url": "https://github.com/simonw/datasette/issues/801#issuecomment-642870553", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/801", "id": 642870553, "node_id": "MDEyOklzc3VlQ29tbWVudDY0Mjg3MDU1Mw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-11T18:58:49Z", "updated_at": "2020-06-11T18:58:49Z", "author_association": "OWNER", "body": "I've implemented this in a plugin instead: https://github.com/simonw/datasette-permissions-sql", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 631932926, "label": "allow_by_query setting for configuring permissions with a SQL statement"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/801#issuecomment-640905609", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/801", "id": 640905609, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDkwNTYwOQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-08T21:48:44Z", "updated_at": "2020-06-08T21:48:44Z", "author_association": "OWNER", "body": "Dropping this out of Datasette 0.44 again - I have enough other stuff to finish, this can wait.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 631932926, "label": "allow_by_query setting for configuring permissions with a SQL statement"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/801#issuecomment-640339828", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/801", "id": 640339828, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDMzOTgyOA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-08T03:18:47Z", "updated_at": "2020-06-08T03:18:47Z", "author_association": "OWNER", "body": "Example. This will only allow users to access the `fixtures` database if the logged-in actor's ID value appears for a record in the `users` table which has `admin` = 1.\r\n```json\r\n{\r\n    \"databases\": {\r\n        \"fixtures\": {\r\n            \"allow_by_query\": \"select * from users where id = :id and admin = 1\"\r\n        }\r\n    }\r\n}\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 631932926, "label": "allow_by_query setting for configuring permissions with a SQL statement"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/801#issuecomment-640339117", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/801", "id": 640339117, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDMzOTExNw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-08T03:16:16Z", "updated_at": "2020-06-08T03:16:16Z", "author_association": "OWNER", "body": "I'm going to call this key `\"allow_by_query\"` - I think I need `allow_sql` for something else (for configuring if users are allowed to execute arbitrary SQL queries).", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 631932926, "label": "allow_by_query setting for configuring permissions with a SQL statement"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/801#issuecomment-640277775", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/801", "id": 640277775, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI3Nzc3NQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T20:49:40Z", "updated_at": "2020-06-07T20:49:40Z", "author_association": "OWNER", "body": "I'm going to pass the entire actor object as a dictionary of available named query parameters. So if the actor looks like this:\r\n```json\r\n{\r\n    \"id\": \"simonw\",\r\n    \"roles\": [\"staff\", \"developer\"]\r\n}\r\n```\r\nThen the SQL query will be called like this:\r\n\r\n```python\r\nconn.execute(sql, {\r\n  \"id\": \"simonw\",\r\n  \"roles: '[\"staff\", \"developer\"]',\r\n})\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 631932926, "label": "allow_by_query setting for configuring permissions with a SQL statement"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/801#issuecomment-640277557", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/801", "id": 640277557, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI3NzU1Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T20:48:00Z", "updated_at": "2020-06-07T20:48:00Z", "author_association": "OWNER", "body": "Now that I'm expanding permission checks to everything else too (#811), not just canned queries, I think it makes sense to re-prioritize this.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 631932926, "label": "allow_by_query setting for configuring permissions with a SQL statement"}, "performed_via_github_app": null}