issue_comments: 636376209

This data as json

html_url	issue_url	id	node_id	user	created_at	updated_at	author_association	body	reactions	issue	performed_via_github_app
https://github.com/simonw/datasette/issues/699#issuecomment-636376209	https://api.github.com/repos/simonw/datasette/issues/699	636376209	MDEyOklzc3VlQ29tbWVudDYzNjM3NjIwOQ==	9599	2020-05-30T19:53:28Z	2020-05-30T20:09:10Z	OWNER	I think there are two hooks here: `actor_from_request(datasette, request)` - returns `None` or a dictionary. `datasette` is a Datasette instance - useful for things like reading plugin configuration or executing queries `request` is a Request object - which means ASGI scope can be accessed as `request.scope` A non-None value means the request is authenticated in some way. The shape of that dictionary is entirely undefined. The second hook is for checking permissions. It can look something like this: `permission_allowed(actor, action, resource_type, resource_identifier)` `actor` = the dictionary that was returned by `actor_from_scope` `action` = a string representing the action to be performed, e.g. `edit-schema` `resource_type` = a string representing the type of resource being acted on, e.g. `table` `resource_identifier` = a string (or maybe tuple?) representing the specific resource, e.g. the table name I don't know if Datasette should provide default implementations of these hooks. It may be that leaving them completely up to plugins is the way to go. I think I need to prototype this quickly to start feeling for how well it might work.	{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 }	582526961