issue_comments: 636379067

This data as json

html_url	issue_url	id	node_id	user	created_at	updated_at	author_association	body	reactions	issue	performed_via_github_app
https://github.com/simonw/datasette/issues/699#issuecomment-636379067	https://api.github.com/repos/simonw/datasette/issues/699	636379067	MDEyOklzc3VlQ29tbWVudDYzNjM3OTA2Nw==	9599	2020-05-30T20:12:47Z	2020-05-30T20:40:42Z	OWNER	I could bake some permission checks into default Datasette, which are all treated as allow by default but can then be locked down by plugins. Maybe the following: `permission_allowed(request.actor, "execute-sql", "database", "name-of-database")` Checks that current user can execute arbitrary SQL queries against a specific database (or use the `?_where=` feature). Equivalent to current allow_sql setting. `permission_allowed(request.actor, "download-database", "database", "name-of-database")` Can the user download the database file? Like allow_download. Maybe one for allow_csv_stream too. Having a permission check (defaulting to True) on every single "view" would be useful: view_index view_database view_table view_row view_query view_special (for `/-/versions` and so on)	{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 }	582526961