issue_comments: 1350019528

This data as json

html_url issue_url id node_id user created_at updated_at author_association body reactions issue performed_via_github_app
https://github.com/simonw/datasette/issues/1947#issuecomment-1350019528 https://api.github.com/repos/simonw/datasette/issues/1947 1350019528 IC_kwDOBm6k_c5Qd6nI 9599 2022-12-13T23:19:16Z 2022-12-13T23:19:16Z OWNER

Here's the checkbox prototype: ```diff diff --git a/datasette/templates/create_token.html b/datasette/templates/create_token.html index a94881ed..1795ebaf 100644 --- a/datasette/templates/create_token.html +++ b/datasette/templates/create_token.html @@ -2,11 +2,20 @@

{% block title %}Create an API token{% endblock %}

+{% block extra_head %} +<style type="text/css"> +#restrict-permissions label { + display: inline; + width: 90%; +} +</style> +{% endblock %} + {% block content %}

Create an API token

-

This token will allow API access with the same abilities as your current user.

+

This token will allow API access with the same abilities as your current user, {{ request.actor.id }}

{% if errors %} {% for error in errors %} @@ -27,8 +36,39 @@ - + +

+ Restrict actions that can be performed using this token +

All databases and tables

+
    + {% for permission in all_permissions %} +
  • <label> {{ permission }}</label>
    • + {% endfor %} +
+ + {% for database in databases %} +

All tables in database: {{ database }}

+
    + {% for permission in database_permissions %} +
  • <label> {{ permission }}</label>
    • + {% endfor %} +
+ {% endfor %} +

Specific tables

+ {% for dbt in database_with_tables %} + {% for table in dbt.tables %} +

{{ dbt.database }}: {{ table }}

+
    + {% for permission in table_permissions %} +
  • <label> {{ permission }}</label>
    • + {% endfor %} +
+ {% endfor %} + {% endfor %} +
+ </form> +

{% if token %}

diff --git a/datasette/views/special.py b/datasette/views/special.py index 30345d14..48357f87 100644 --- a/datasette/views/special.py +++ b/datasette/views/special.py @@ -231,12 +231,37 @@ class CreateTokenView(BaseView): return await self.render( ["create_token.html"], request, - {"actor": request.actor}, + { + "actor": request.actor, + "all_permissions": self.ds.permissions.keys(), + "database_permissions": [ + key + for key, value in self.ds.permissions.items() + if value.takes_database + ], + "table_permissions": [ + key + for key, value in self.ds.permissions.items() + if value.takes_resource + ], + "databases": [k for k in self.ds.databases.keys() if k != "_internal"], + "database_with_tables": [ + { + "database": db.name, + "tables": await db.table_names(), + } + for db in self.ds.databases.values() + if db.name != "_internal" + ], + }, ) async def post(self, request): self.check_permission(request) post = await request.post_vars() + from pprint import pprint + + pprint(post) errors = [] duration = None if post.get("expire_type"): ``` 

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 1493390939