issue_comments

Table actions

6 rows where issue = 1421552095 and "updated_at" is on date 2022-10-25 sorted by updated_at descending

View and edit SQL

This data as json, CSV (advanced)

Suggested facets: created_at (date), updated_at (date)

user 1

issue 1

  • Default API token authentication mechanism · 6

author_association 1

id html_url issue_url node_id user created_at updated_at ▲ author_association body reactions issue performed_via_github_app
1291243333 https://github.com/simonw/datasette/issues/1852#issuecomment-1291243333 https://api.github.com/repos/simonw/datasette/issues/1852 IC_kwDOBm6k_c5M9s9F simonw 9599 2022-10-25T23:25:13Z 2022-10-25T23:25:13Z OWNER

A /-/debug-token page that can take a token and decode it to show you how long until it expires, what actor it represents and the permissions it has will be useful as well.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 Default API token authentication mechanism 1421552095  
1291234262 https://github.com/simonw/datasette/issues/1852#issuecomment-1291234262 https://api.github.com/repos/simonw/datasette/issues/1852 IC_kwDOBm6k_c5M9qvW simonw 9599 2022-10-25T23:11:23Z 2022-10-25T23:11:23Z OWNER

I'm going to build an initial /-/create-token interface which just bakes a token with the current actor in it and an optional expiry timestamp. I'll try the limited permissions thing later.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 Default API token authentication mechanism 1421552095  
1291233652 https://github.com/simonw/datasette/issues/1852#issuecomment-1291233652 https://api.github.com/repos/simonw/datasette/issues/1852 IC_kwDOBm6k_c5M9ql0 simonw 9599 2022-10-25T23:10:20Z 2022-10-25T23:10:44Z OWNER

In which case the token would need to duplicate the current actor and then add extra constraints. So maybe the token design looks like this: json { "a": { "copy_of": "actor_creating_token"}, "p": { "t": "... the thing designed earlier, with those permissions in it" }, "e": "integer timestamp when token expires" }

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 Default API token authentication mechanism 1421552095  
1291232589 https://github.com/simonw/datasette/issues/1852#issuecomment-1291232589 https://api.github.com/repos/simonw/datasette/issues/1852 IC_kwDOBm6k_c5M9qVN simonw 9599 2022-10-25T23:08:37Z 2022-10-25T23:08:37Z OWNER

... so maybe there's a way to create a token that inherits the exact permissions of the actor that created the token? That could even be a default mode for tokens, with an option to then further restrict permissions if desired.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 Default API token authentication mechanism 1421552095  
1291231651 https://github.com/simonw/datasette/issues/1852#issuecomment-1291231651 https://api.github.com/repos/simonw/datasette/issues/1852 IC_kwDOBm6k_c5M9qGj simonw 9599 2022-10-25T23:07:17Z 2022-10-25T23:07:17Z OWNER

Interesting challenge: what permissions should users be allowed to grant to tokens?

Clearly a user should not be able to create a token with a permission that the user themselves does not have.

And should there be a permission that allows people to create tokens? I think so.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 Default API token authentication mechanism 1421552095  
1291227942 https://github.com/simonw/datasette/issues/1852#issuecomment-1291227942 https://api.github.com/repos/simonw/datasette/issues/1852 IC_kwDOBm6k_c5M9pMm simonw 9599 2022-10-25T23:01:18Z 2022-10-25T23:01:18Z OWNER

Datasette currently defaults to having everything public-readable by default, unless a permission plugin changes that default.

In thinking more about this API mechanism, I realized that it might be good to have a mode where Datasette doesn't default to public everything. Maybe datasette --private to start it like that?

Might even be an opportunity to get rid of the current slightly confusing mechanism where permission checks can announce that they should default to true:

https://github.com/simonw/datasette/blob/c7dd76c26257ded5bcdfd0570e12412531b8b88f/datasette/views/database.py#L152-L154

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 Default API token authentication mechanism 1421552095  

Advanced export

JSON shape: default, array, newline-delimited, object

CSV options: 

CREATE TABLE [issue_comments] (
   [html_url] TEXT,
   [issue_url] TEXT,
   [id] INTEGER PRIMARY KEY,
   [node_id] TEXT,
   [user] INTEGER REFERENCES [users]([id]),
   [created_at] TEXT,
   [updated_at] TEXT,
   [author_association] TEXT,
   [body] TEXT,
   [reactions] TEXT,
   [issue] INTEGER REFERENCES [issues]([id])
, [performed_via_github_app] TEXT);
CREATE INDEX [idx_issue_comments_issue]
                ON [issue_comments] ([issue]);
CREATE INDEX [idx_issue_comments_user]
                ON [issue_comments] ([user]);