issue_comments: 636379067

This data as json

html_url issue_url id node_id user created_at updated_at author_association body reactions issue performed_via_github_app
https://github.com/simonw/datasette/issues/699#issuecomment-636379067 https://api.github.com/repos/simonw/datasette/issues/699 636379067 MDEyOklzc3VlQ29tbWVudDYzNjM3OTA2Nw== 9599 2020-05-30T20:12:47Z 2020-05-30T20:40:42Z OWNER

I could bake some permission checks into default Datasette, which are all treated as allow by default but can then be locked down by plugins. Maybe the following:

permission_allowed(request.actor, "execute-sql", "database", "name-of-database")

Checks that current user can execute arbitrary SQL queries against a specific database (or use the ?_where= feature). Equivalent to current allow_sql setting.

permission_allowed(request.actor, "download-database", "database", "name-of-database")

Can the user download the database file? Like allow_download.

Maybe one for allow_csv_stream too.

Having a permission check (defaulting to True) on every single "view" would be useful:

  • view_index
  • view_database
  • view_table
  • view_row
  • view_query
  • view_special (for /-/versions and so on)
 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 582526961