issue_comments

Table actions

2 rows where issue = 1423336089, "updated_at" is on date 2022-10-27 and user = 9599 sorted by updated_at descending

View and edit SQL

This data as json, CSV (advanced)

Suggested facets: created_at (date), updated_at (date)

user 1

  • simonw · 2

issue 1

  • `datasette create-token` ability to create tokens with a reduced set of permissions · 2

author_association 1

id html_url issue_url node_id user created_at updated_at ▲ author_association body reactions issue performed_via_github_app
1292962813 https://github.com/simonw/datasette/issues/1855#issuecomment-1292962813 https://api.github.com/repos/simonw/datasette/issues/1855 IC_kwDOBm6k_c5NEQv9 simonw 9599 2022-10-27T04:31:40Z 2022-10-27T04:31:40Z OWNER

My hunch on this is that anyone with that level of complex permissions requirements needs to be using a custom authentication plugin which includes much more concrete token rules, rather than the default signed stateless token implementation that ships with Datasette core.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 `datasette create-token` ability to create tokens with a reduced set of permissions 1423336089  
1292959886 https://github.com/simonw/datasette/issues/1855#issuecomment-1292959886 https://api.github.com/repos/simonw/datasette/issues/1855 IC_kwDOBm6k_c5NEQCO simonw 9599 2022-10-27T04:30:07Z 2022-10-27T04:30:07Z OWNER

Here's an interesting edge-case to consider: what if a user creates themselves a token for a specific table, then deletes that table, and waits for another user to create a table of the same name... and then uses their previously created token to write to the table that someone else created?

Not sure if this is a threat I need to actively consider, but it's worth thinking a little bit about the implications of such a thing - since there will be APIs that allow users to create tables, and there may be cases where people want to have a concept of users "owning" specific tables.

This is probably something that could be left for plugins to solve, but it still needs to be understood and potentially documented.

There may even be a world in which tracking the timestamp at which a table was created becomes useful - because that could then be baked into API tokens, such that a token created BEFORE the table was created does not grant access to that table.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 `datasette create-token` ability to create tokens with a reduced set of permissions 1423336089  

Advanced export

JSON shape: default, array, newline-delimited, object

CSV options: 

CREATE TABLE [issue_comments] (
   [html_url] TEXT,
   [issue_url] TEXT,
   [id] INTEGER PRIMARY KEY,
   [node_id] TEXT,
   [user] INTEGER REFERENCES [users]([id]),
   [created_at] TEXT,
   [updated_at] TEXT,
   [author_association] TEXT,
   [body] TEXT,
   [reactions] TEXT,
   [issue] INTEGER REFERENCES [issues]([id])
, [performed_via_github_app] TEXT);
CREATE INDEX [idx_issue_comments_issue]
                ON [issue_comments] ([issue]);
CREATE INDEX [idx_issue_comments_user]
                ON [issue_comments] ([user]);