{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640287967", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640287967, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI4Nzk2Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T22:16:10Z", "updated_at": "2020-06-07T22:16:10Z", "author_association": "OWNER", "body": "The tests in test_permissions.py could check the .json variants and assert that permission checks were carried out too.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640274171", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640274171, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI3NDE3MQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T20:21:14Z", "updated_at": "2020-06-07T20:21:14Z", "author_association": "OWNER", "body": "Next step: fix this\r\n```\r\n-            # TODO: fix this to use that permission check\r\n-            if not actor_matches_allow(\r\n-                request.scope.get(\"actor\", None), metadata.get(\"allow\")\r\n-            ):\r\n-                return Response(\"Permission denied\", status=403)\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640273945", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640273945, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI3Mzk0NQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T20:19:15Z", "updated_at": "2020-06-07T20:19:15Z", "author_association": "OWNER", "body": "I'm going to add a `test_permissions.py` module that checks for 403 errors against different patterns of the `actors` block at different levels in `metadata.json`.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640270178", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640270178, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI3MDE3OA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T19:48:39Z", "updated_at": "2020-06-07T19:48:39Z", "author_association": "OWNER", "body": "Testing pattern:\r\n```python\r\ndef test_canned_query_with_custom_metadata(app_client):\r\n    response = app_client.get(\"/fixtures/neighborhood_search?text=town\")\r\n    assert_permissions_checked(\r\n        app_client.ds,\r\n        [\r\n            \"view-instance\",\r\n            (\"view-database\", \"database\", \"fixtures\"),\r\n            (\"view-query\", \"query\", (\"fixtures\", \"neighborhood_search\")),\r\n        ],\r\n    )\r\n```\r\n", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640248972", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640248972, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI0ODk3Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T17:04:22Z", "updated_at": "2020-06-07T17:04:22Z", "author_association": "OWNER", "body": "I'll need a neat testing pattern for this.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640248669", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640248669, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI0ODY2OQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T17:01:44Z", "updated_at": "2020-06-07T17:01:44Z", "author_association": "OWNER", "body": "If the allow block at the database level forbids access this needs to cascade down to the table, query and row levels as well.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}