issue_comments: 748206874

This data as json

html_url issue_url id node_id user created_at updated_at author_association body reactions issue performed_via_github_app
https://github.com/simonw/datasette/issues/1152#issuecomment-748206874 https://api.github.com/repos/simonw/datasette/issues/1152 748206874 MDEyOklzc3VlQ29tbWVudDc0ODIwNjg3NA== 9599 2020-12-18T17:03:00Z 2020-12-22T23:58:04Z OWNER

Another permissions thought: what if ALL Datasette permissions were default-deny, and plugins could only grant permission to things, not block permission?

Right now a plugin can reply False to block, True to allow or None for "I have no opinion on this, ask someone else" - but even I'm confused by the interactions between block and allow and I implemented the system!

If everything in Datasette was default-deny then the user could use --public-view as an option when starting the server to default-allow view actions.

More importantly: plugins could return SQL statements that select a list of databases/tables the user is allowed access to. These could then be combined with UNION to create a full list of available resources.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 770598024