issue_comments

Table actions

3 rows where "created_at" is on date 2023-08-23, issue = 1805076818 and user = 9599 sorted by updated_at descending

View and edit SQL

This data as json, CSV (advanced)

Suggested facets: created_at (date)

user 1

  • simonw · 3

issue 1

  • API tokens with view-table but not view-database/view-instance cannot access the table · 3

author_association 1

id html_url issue_url node_id user created_at updated_at ▲ author_association body reactions issue performed_via_github_app
1690705243 https://github.com/simonw/datasette/issues/2102#issuecomment-1690705243 https://api.github.com/repos/simonw/datasette/issues/2102 IC_kwDOBm6k_c5kxh1b simonw 9599 2023-08-23T22:03:54Z 2023-08-23T22:03:54Z OWNER

Idea: datasette-permissions-debug plugin which simply prints out a stacktrace for every permission check so you can see where in the code they are.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 API tokens with view-table but not view-database/view-instance cannot access the table 1805076818  
1690703764 https://github.com/simonw/datasette/issues/2102#issuecomment-1690703764 https://api.github.com/repos/simonw/datasette/issues/2102 IC_kwDOBm6k_c5kxheU simonw 9599 2023-08-23T22:02:14Z 2023-08-23T22:02:14Z OWNER

Built this new test: python @pytest.mark.asyncio async def test_view_table_token_can_access_table(perms_ds): actor = { "id": "restricted-token", "token": "dstok", # Restricted to just view-table on perms_ds_two/t1 "_r": {"r": {"perms_ds_two": {"t1": ["vt"]}}}, } cookies = {"ds_actor": perms_ds.client.actor_cookie(actor)} response = await perms_ds.client.get("/perms_ds_two/t1.json", cookies=cookies) assert response.status_code == 200 The test fails. Running it with pytest --pdb let me do this: (Pdb) from pprint import pprint (Pdb) pprint(perms_ds._permission_checks) deque([{'action': 'view-table', 'actor': {'_r': {'r': {'perms_ds_two': {'t1': ['vt']}}}, 'id': 'restricted-token', 'token': 'dstok'}, 'resource': ('perms_ds_two', 't1'), 'result': None, 'used_default': True, 'when': '2023-08-23T21:59:45.117155'}, {'action': 'view-database', 'actor': {'_r': {'r': {'perms_ds_two': {'t1': ['vt']}}}, 'id': 'restricted-token', 'token': 'dstok'}, 'resource': 'perms_ds_two', 'result': False, 'used_default': False, 'when': '2023-08-23T21:59:45.117189'}, {'action': 'view-instance', 'actor': {'_r': {'r': {'perms_ds_two': {'t1': ['vt']}}}, 'id': 'restricted-token', 'token': 'dstok'}, 'resource': None, 'result': False, 'used_default': False, 'when': '2023-08-23T21:59:45.126751'}, {'action': 'debug-menu', 'actor': {'_r': {'r': {'perms_ds_two': {'t1': ['vt']}}}, 'id': 'restricted-token', 'token': 'dstok'}, 'resource': None, 'result': False, 'used_default': False, 'when': '2023-08-23T21:59:45.126777'}], maxlen=200)

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 API tokens with view-table but not view-database/view-instance cannot access the table 1805076818  
1690693830 https://github.com/simonw/datasette/issues/2102#issuecomment-1690693830 https://api.github.com/repos/simonw/datasette/issues/2102 IC_kwDOBm6k_c5kxfDG simonw 9599 2023-08-23T21:51:52Z 2023-08-23T21:52:58Z OWNER

This is the hook in question: https://github.com/simonw/datasette/blob/bdf59eb7db42559e538a637bacfe86d39e5d17ca/datasette/hookspecs.py#L108-L110

  • True means they are allowed to access it. You only need a singleTrue from a plugin to allow it.
  • False means they are not, and just one False from a plugin will deny it (even if another one returned True I think)
  • None means that the plugin has no opinion on this question.
 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 API tokens with view-table but not view-database/view-instance cannot access the table 1805076818  

Advanced export

JSON shape: default, array, newline-delimited, object

CSV options: 

CREATE TABLE [issue_comments] (
   [html_url] TEXT,
   [issue_url] TEXT,
   [id] INTEGER PRIMARY KEY,
   [node_id] TEXT,
   [user] INTEGER REFERENCES [users]([id]),
   [created_at] TEXT,
   [updated_at] TEXT,
   [author_association] TEXT,
   [body] TEXT,
   [reactions] TEXT,
   [issue] INTEGER REFERENCES [issues]([id])
, [performed_via_github_app] TEXT);
CREATE INDEX [idx_issue_comments_issue]
                ON [issue_comments] ([issue]);
CREATE INDEX [idx_issue_comments_user]
                ON [issue_comments] ([user]);