issue_comments

26 rows where issue = 582517965 sorted by updated_at descending

View and edit SQL

Suggested facets: created_at (date), updated_at (date)

user

issue

  • Ability for a canned query to write to the database · 26

author_association

id html_url issue_url node_id user created_at updated_at ▲ author_association body reactions issue
640108942 https://github.com/simonw/datasette/issues/698#issuecomment-640108942 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDY0MDEwODk0Mg== simonw 9599 2020-06-06T19:43:48Z 2020-06-06T19:43:48Z OWNER

Landed - documentation is here: https://datasette.readthedocs.io/en/latest/sql_queries.html#writable-canned-queries

See also https://datasette.readthedocs.io/en/latest/authentication.html#permissions-for-canned-queries

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
639788562 https://github.com/simonw/datasette/issues/698#issuecomment-639788562 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYzOTc4ODU2Mg== simonw 9599 2020-06-05T20:27:49Z 2020-06-05T20:27:49Z OWNER

There can be a detailed section explaining these different mechanisms on the authentication documentation page.

I imagine they will end up applying to more than just canned queries.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
639787304 https://github.com/simonw/datasette/issues/698#issuecomment-639787304 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYzOTc4NzMwNA== simonw 9599 2020-06-05T20:26:57Z 2020-06-05T20:26:57Z OWNER

Idea: an "allow_sql" key with a SQL query that gets passed the actor JSON as :actor and can extract the relevant keys from it and return 1 or 0.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
639785878 https://github.com/simonw/datasette/issues/698#issuecomment-639785878 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYzOTc4NTg3OA== simonw 9599 2020-06-05T20:25:55Z 2020-06-05T20:25:55Z OWNER

I'd really like to support SQL query defined permissions too, mainly to set an example for how plugins could do something similar.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
639784651 https://github.com/simonw/datasette/issues/698#issuecomment-639784651 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYzOTc4NDY1MQ== simonw 9599 2020-06-05T20:25:02Z 2020-06-05T20:25:02Z OWNER

Idea: default is anyone can execute a query.

Or you can specify the following:

{
    "databases": {
       "my-database": {
           "queries": {
               "add_twitter_handle": {
                   "sql": "insert into twitter_handles (username) values (:username)",
                   "write": true,
                   "allow": {
                       "id": ["simon"],
                       "role": ["staff"]
                   }
               }
           }
       }
    }
}

These get matched against the actor JSON. If any of the fields in any of the keys of "allow" match a key on the actor, the query is allowed.

"id": "*" matches any actor with an id key.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
639779403 https://github.com/simonw/datasette/issues/698#issuecomment-639779403 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYzOTc3OTQwMw== simonw 9599 2020-06-05T20:20:12Z 2020-06-05T20:20:12Z OWNER

CSRF is done. Last step: figure out a smart way to integrate this with permissions and authentication.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
638266171 https://github.com/simonw/datasette/issues/698#issuecomment-638266171 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYzODI2NjE3MQ== simonw 9599 2020-06-03T15:18:49Z 2020-06-03T15:18:49Z OWNER

Landed the work so far from #796! Here's the documentation: https://datasette.readthedocs.io/en/latest/sql_queries.html#writable-canned-queries

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
638183337 https://github.com/simonw/datasette/issues/698#issuecomment-638183337 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYzODE4MzMzNw== simonw 9599 2020-06-03T13:05:03Z 2020-06-03T13:05:03Z OWNER

One challenge with this feature is that it confuses the messaging about what Datasette does somewhat.

Prior to shipping this, Datasette's core value proposition is as a way to publish read-only data.

That changed a little in 0.37 in February when plugins gained the supported ability to execute writes, but there was no way of doing that without a plugin.

With this feature, Datasette becomes a read-write database solution.

I should update the documentation to help explain this. Essentially the message is that Datasette can be used in one of two "modes" - it can be used just for sharing/publishing data, or you can use it to collect and manage data, most likely still in collaboration with plugins for things like authentication.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
637934813 https://github.com/simonw/datasette/issues/698#issuecomment-637934813 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYzNzkzNDgxMw== simonw 9599 2020-06-03T03:45:07Z 2020-06-03T03:45:07Z OWNER

Some extra thoughts now that this is mostly working:

  • "Edit this row" is such an obvious use-case. Could I automatically support row editing where every column except the primary key can be updated?
  • It would be useful to be able to link to a query in a way that pre-populates various form fields. The "edit" interface could then be a link that pre-populates the form with all of the existing values.
  • Can the redirect URL be configured to include values from the form submission? So you could e.g. add a blog post with a unique slug and then redirect to that URL?
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
637879242 https://github.com/simonw/datasette/issues/698#issuecomment-637879242 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYzNzg3OTI0Mg== simonw 9599 2020-06-03T00:10:30Z 2020-06-03T00:10:30Z OWNER

Started a fresh pull request for this in #796 - the one in #703 got a bit untidy.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
636617140 https://github.com/simonw/datasette/issues/698#issuecomment-636617140 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYzNjYxNzE0MA== simonw 9599 2020-06-01T05:14:39Z 2020-06-01T05:14:39Z OWNER

Here's the new default_permissions.py file I can add this permission check to: https://github.com/simonw/datasette/blob/dfdbdf378aba9afb66666f66b78df2f2069d2595/datasette/default_permissions.py#L1-L7

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
636569917 https://github.com/simonw/datasette/issues/698#issuecomment-636569917 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYzNjU2OTkxNw== simonw 9599 2020-06-01T01:39:44Z 2020-06-01T01:39:44Z OWNER

Idea for the authentication piece: I'll have the canned query code execute the following:

if await datasette.permission_allowed(
    request.scope.get("actor"),  "execute_query", "canned_query", query_name, default=True
):

Then I'll add a default plugin to Datasette which implements that plugin hook, looks at the Datasette metadata for that query, and says "No" if the following (and request.scope["actor"] is empty):

{
    "databases": {
       "my-database": {
           "queries": {
               "add_twitter_handle": {
                   "sql": "insert into twitter_handles (username) values (:username)",
                   "write": true,
                   "requires_actor": true
               }
           }
       }
    }
}

I think I'll support this too:

                   "allowed_actors": ["root"]

So you can configure queries to only be available to specific {"id": xxx} actors.

This will be the first time the new permission_allowed mechanism from #699 will be exercised in Datasette core.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
621041812 https://github.com/simonw/datasette/issues/698#issuecomment-621041812 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYyMTA0MTgxMg== simonw 9599 2020-04-29T07:42:48Z 2020-04-29T07:42:48Z OWNER

Need to figure out what the .json mode for this looks like - and if there's a .csv mode (I think not).

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
621037724 https://github.com/simonw/datasette/issues/698#issuecomment-621037724 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYyMTAzNzcyNA== simonw 9599 2020-04-29T07:34:02Z 2020-04-29T07:34:02Z OWNER

Concept for displaying a success message:


CSS:

```css
.success {
padding: 1em;
border: 1px solid green;
background-color: #c7fbc7;
}

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
621036032 https://github.com/simonw/datasette/issues/698#issuecomment-621036032 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYyMTAzNjAzMg== simonw 9599 2020-04-29T07:29:52Z 2020-04-29T07:29:52Z OWNER

What should happen when a query has been successfully executed?

That depends on the query. Some queries may wish to redirect to another page. Other queries might want to show a custom message.

There should at least be a default message saying the query has been executed.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
608125928 https://github.com/simonw/datasette/issues/698#issuecomment-608125928 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYwODEyNTkyOA== simonw 9599 2020-04-02T22:32:41Z 2020-04-02T22:33:10Z OWNER

I really want the option to use a <textarea> for a specific value.

Idea: metadata syntax like this:

{
    "databases": {
       "my-database": {
           "queries": {
               "add_twitter_handle": {
                   "sql": "insert into twitter_handles (username) values (:username)",
                   "write": true,
                   "params": {
                       "username": {
                            "widget": "textarea"
                       }
                   }
               }
           }
       }
    }
}

I can ship with some default widgets and provide a plugin hook for registering extra widgets.

This opens up some really exciting possibilities for things like map widgets that let you draw polygons.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
608087223 https://github.com/simonw/datasette/issues/698#issuecomment-608087223 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYwODA4NzIyMw== simonw 9599 2020-04-02T21:02:25Z 2020-04-02T21:02:25Z OWNER

YAML for metadata is relevant to this: #713

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
602140071 https://github.com/simonw/datasette/issues/698#issuecomment-602140071 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDYwMjE0MDA3MQ== simonw 9599 2020-03-22T02:53:48Z 2020-03-22T02:53:48Z OWNER

This feature should include the ability to set a custom redirect URL for after the query has been executed - that way it can be used to build things like "delete this row" which redirect back to the correct table.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
599856081 https://github.com/simonw/datasette/issues/698#issuecomment-599856081 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDU5OTg1NjA4MQ== simonw 9599 2020-03-17T03:14:20Z 2020-03-17T03:14:20Z OWNER

This is going to require a pretty full rewrite of the existing canned query logic, which currently shares a codepath with the code that lets you submit a SQL query:

https://github.com/simonw/datasette/blob/298a899e792ebd0cd82a5f01b613c31f19082e51/datasette/views/base.py#L464-L563

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
599704264 https://github.com/simonw/datasette/issues/698#issuecomment-599704264 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDU5OTcwNDI2NA== simonw 9599 2020-03-16T18:51:27Z 2020-03-17T02:44:44Z OWNER

This is also going to need me to handle POST form submissions which means I need to be able to parse the form body. I guess that will go in datasette/utils/asgi.py.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
599706260 https://github.com/simonw/datasette/issues/698#issuecomment-599706260 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDU5OTcwNjI2MA== simonw 9599 2020-03-16T18:56:00Z 2020-03-16T18:56:00Z OWNER

It would be useful if this feature supported different types of input - at the most basic level <input type="text"> v.s. <textarea>, but numbers, <select> etc would be useful too. This can be added later as additional metadata.json settings.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
599704655 https://github.com/simonw/datasette/issues/698#issuecomment-599704655 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDU5OTcwNDY1NQ== simonw 9599 2020-03-16T18:52:23Z 2020-03-16T18:52:23Z OWNER

I have code for form parsing in asgi-csrf: https://github.com/simonw/asgi-csrf/blob/3fc164a9258ebfa616d4e724fcb102b117277c6e/asgi_csrf.py#L91-L109

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
599703452 https://github.com/simonw/datasette/issues/698#issuecomment-599703452 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDU5OTcwMzQ1Mg== simonw 9599 2020-03-16T18:49:31Z 2020-03-16T18:49:31Z OWNER

Also relevant: this will benefit from an authentication/permissions layer: #699

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
599701145 https://github.com/simonw/datasette/issues/698#issuecomment-599701145 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDU5OTcwMTE0NQ== simonw 9599 2020-03-16T18:44:19Z 2020-03-16T18:44:40Z OWNER

This is going to need CSRF protection - see https://github.com/simonw/asgi-csrf

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
599697164 https://github.com/simonw/datasette/issues/698#issuecomment-599697164 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDU5OTY5NzE2NA== simonw 9599 2020-03-16T18:35:04Z 2020-03-16T18:35:27Z OWNER

By default this will extract the :params using the existing regular expression - which can occasionally break if there is a rogue : in the rest of the query.

To address this: allow an extra optional "params": ["username"] field in metadata which, if available, is used instead of the regular expression extraction.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965
599696286 https://github.com/simonw/datasette/issues/698#issuecomment-599696286 https://api.github.com/repos/simonw/datasette/issues/698 MDEyOklzc3VlQ29tbWVudDU5OTY5NjI4Ng== simonw 9599 2020-03-16T18:32:59Z 2020-03-16T18:33:33Z OWNER
{
    "databases": {
       "my-database": {
           "queries": {
               "add_twitter_handle": {
                   "sql": "insert into twitter_handles (username) values (:username)",
                   "write": true
               }
           }
       }
    }
}
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
Ability for a canned query to write to the database 582517965

Advanced export

JSON shape: default, array, newline-delimited, object

CSV options:

CREATE TABLE [issue_comments] (
   [html_url] TEXT,
   [issue_url] TEXT,
   [id] INTEGER PRIMARY KEY,
   [node_id] TEXT,
   [user] INTEGER REFERENCES [users]([id]),
   [created_at] TEXT,
   [updated_at] TEXT,
   [author_association] TEXT,
   [body] TEXT,
   [reactions] TEXT,
   [issue] INTEGER REFERENCES [issues]([id])
);
CREATE INDEX [idx_issue_comments_issue]
                ON [issue_comments] ([issue]);
CREATE INDEX [idx_issue_comments_user]
                ON [issue_comments] ([user]);
Powered by Datasette · Query took 41.81ms · About: github-to-sqlite