issue_comments
14 rows where "created_at" is on date 2020-05-30 and issue = 582526961 sorted by created_at
This data as json, CSV (advanced)
Suggested facets: updated_at (date)
issue 1
- Authentication (and permissions) as a core concept · 14 ✖
id | html_url | issue_url | node_id | user | created_at ▼ | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
636376209 | https://github.com/simonw/datasette/issues/699#issuecomment-636376209 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM3NjIwOQ== | simonw 9599 | 2020-05-30T19:53:28Z | 2020-05-30T20:09:10Z | OWNER | I think there are two hooks here:
A non-None value means the request is authenticated in some way. The shape of that dictionary is entirely undefined. The second hook is for checking permissions. It can look something like this:
I don't know if Datasette should provide default implementations of these hooks. It may be that leaving them completely up to plugins is the way to go. I think I need to prototype this quickly to start feeling for how well it might work. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636376893 | https://github.com/simonw/datasette/issues/699#issuecomment-636376893 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM3Njg5Mw== | simonw 9599 | 2020-05-30T19:57:54Z | 2020-05-30T20:09:05Z | OWNER |
|
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636376974 | https://github.com/simonw/datasette/issues/699#issuecomment-636376974 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM3Njk3NA== | simonw 9599 | 2020-05-30T19:58:40Z | 2020-05-30T20:08:59Z | OWNER | Maybe call that |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636377235 | https://github.com/simonw/datasette/issues/699#issuecomment-636377235 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM3NzIzNQ== | simonw 9599 | 2020-05-30T20:00:42Z | 2020-05-30T20:01:35Z | OWNER | I'm changing |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636377755 | https://github.com/simonw/datasette/issues/699#issuecomment-636377755 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM3Nzc1NQ== | simonw 9599 | 2020-05-30T20:04:23Z | 2020-05-30T20:04:23Z | OWNER | My usage of the term |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636378121 | https://github.com/simonw/datasette/issues/699#issuecomment-636378121 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM3ODEyMQ== | simonw 9599 | 2020-05-30T20:06:47Z | 2020-05-30T20:06:47Z | OWNER | In AWS IAM world the following terminology is used: https://aws.amazon.com/iam/features/manage-permissions/
|
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636378228 | https://github.com/simonw/datasette/issues/699#issuecomment-636378228 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM3ODIyOA== | simonw 9599 | 2020-05-30T20:07:25Z | 2020-05-30T20:07:25Z | OWNER | I like "actor" better than "entity" to mean "the user or API key that is authenticated for this request". I'm going to use "resource" instead of "subject" - updating the design comment again. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636379067 | https://github.com/simonw/datasette/issues/699#issuecomment-636379067 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM3OTA2Nw== | simonw 9599 | 2020-05-30T20:12:47Z | 2020-05-30T20:40:42Z | OWNER | I could bake some permission checks into default Datasette, which are all treated as allow by default but can then be locked down by plugins. Maybe the following:
Checks that current user can execute arbitrary SQL queries against a specific database (or use the
Can the user download the database file? Like allow_download. Maybe one for allow_csv_stream too. Having a permission check (defaulting to True) on every single "view" would be useful:
|
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636381732 | https://github.com/simonw/datasette/issues/699#issuecomment-636381732 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM4MTczMg== | simonw 9599 | 2020-05-30T20:32:11Z | 2020-05-30T20:39:11Z | OWNER | I started sketching this out in the authentication branch. Here's the documentation so far: https://github.com/simonw/datasette/blob/8871c20/docs/plugins.rst#actor_from_requestdatasette-request |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636388288 | https://github.com/simonw/datasette/issues/699#issuecomment-636388288 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM4ODI4OA== | simonw 9599 | 2020-05-30T21:34:50Z | 2020-05-30T21:34:50Z | OWNER | Debugging permissions is going to be important. Optional tooling that supports the following would be useful:
That last one is tricky if permissions are just strings that might be passed to |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636391331 | https://github.com/simonw/datasette/issues/699#issuecomment-636391331 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM5MTMzMQ== | simonw 9599 | 2020-05-30T22:08:21Z | 2020-05-30T22:08:21Z | OWNER | I'm going to add an awaitable utility method to the Datasette class for checking permissions:
The second two arguments will be optional. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636392850 | https://github.com/simonw/datasette/issues/699#issuecomment-636392850 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM5Mjg1MA== | simonw 9599 | 2020-05-30T22:25:19Z | 2020-05-30T22:25:19Z | OWNER | The branch is now usable! Next step: write some experimental plugins that exercise some real authentication use-cases with it. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636393204 | https://github.com/simonw/datasette/issues/699#issuecomment-636393204 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM5MzIwNA== | simonw 9599 | 2020-05-30T22:29:44Z | 2020-05-30T22:30:15Z | OWNER | Robust testing of permissions is really important. I should think about utilities I may be able to add to Datasette's unit testing tools that make it as easy as possible to confirm which permission checks were carried out on a specific HTTP request. That way I can set a good example that any Datasette plugin which makes permission checks can follow. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 | |
636395263 | https://github.com/simonw/datasette/issues/699#issuecomment-636395263 | https://api.github.com/repos/simonw/datasette/issues/699 | MDEyOklzc3VlQ29tbWVudDYzNjM5NTI2Mw== | simonw 9599 | 2020-05-30T22:54:09Z | 2020-05-30T22:54:09Z | OWNER | Idea: add a |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Authentication (and permissions) as a core concept 582526961 |
Advanced export
JSON shape: default, array, newline-delimited, object
CREATE TABLE [issue_comments] ( [html_url] TEXT, [issue_url] TEXT, [id] INTEGER PRIMARY KEY, [node_id] TEXT, [user] INTEGER REFERENCES [users]([id]), [created_at] TEXT, [updated_at] TEXT, [author_association] TEXT, [body] TEXT, [reactions] TEXT, [issue] INTEGER REFERENCES [issues]([id]) , [performed_via_github_app] TEXT); CREATE INDEX [idx_issue_comments_issue] ON [issue_comments] ([issue]); CREATE INDEX [idx_issue_comments_user] ON [issue_comments] ([user]);
user 1