issue_comments
41 rows where "updated_at" is on date 2022-12-13 and user = 9599 sorted by updated_at descending
This data as json, CSV (advanced)
Suggested facets: created_at (date), updated_at (date)
user 1
- simonw · 41 ✖
id | html_url | issue_url | node_id | user | created_at | updated_at ▲ | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
1350037572 | https://github.com/simonw/datasette/issues/1947#issuecomment-1350037572 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5Qd_BE | simonw 9599 | 2022-12-13T23:27:32Z | 2022-12-13T23:27:32Z | OWNER | I'm going to ignore the permissions issue for the moment - I'll allow people to select any permissions they like in any of the databases or tables that are visible to them (don't want to leak the existence of databases/tables to users who shouldn't be able to see them). I think the value of getting this working outweights any potential confusion from not using finely grained permission checks to decide if the user should be able to apply a permission or not. The tokens themselves won't be able to perform |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1350019528 | https://github.com/simonw/datasette/issues/1947#issuecomment-1350019528 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5Qd6nI | simonw 9599 | 2022-12-13T23:19:16Z | 2022-12-13T23:19:16Z | OWNER | Here's the checkbox prototype: ```diff diff --git a/datasette/templates/create_token.html b/datasette/templates/create_token.html index a94881ed..1795ebaf 100644 --- a/datasette/templates/create_token.html +++ b/datasette/templates/create_token.html @@ -2,11 +2,20 @@ {% block title %}Create an API token{% endblock %} +{% block extra_head %} +<style type="text/css"> +#restrict-permissions label { + display: inline; + width: 90%; +} +</style> +{% endblock %} + {% block content %} Create an API token- This token will allow API access with the same abilities as your current user. +This token will allow API access with the same abilities as your current user, {{ request.actor.id }} {% if errors %} {% for error in errors %} @@ -27,8 +36,39 @@ - + +
+
+
</form>
+
Restrict actions that can be performed using this token+All databases and tables+
All tables in database: {{ database }}+
Specific tables+ {% for dbt in database_with_tables %} + {% for table in dbt.tables %} +{{ dbt.database }}: {{ table }}+
{% if token %}
diff --git a/datasette/views/special.py b/datasette/views/special.py
index 30345d14..48357f87 100644
--- a/datasette/views/special.py
+++ b/datasette/views/special.py
@@ -231,12 +231,37 @@ class CreateTokenView(BaseView):
return await self.render(
["create_token.html"],
request,
- {"actor": request.actor},
+ {
+ "actor": request.actor,
+ "all_permissions": self.ds.permissions.keys(),
+ "database_permissions": [
+ key
+ for key, value in self.ds.permissions.items()
+ if value.takes_database
+ ],
+ "table_permissions": [
+ key
+ for key, value in self.ds.permissions.items()
+ if value.takes_resource
+ ],
+ "databases": [k for k in self.ds.databases.keys() if k != "_internal"],
+ "database_with_tables": [
+ {
+ "database": db.name,
+ "tables": await db.table_names(),
+ }
+ for db in self.ds.databases.values()
+ if db.name != "_internal"
+ ],
+ },
)
async def post(self, request):
self.check_permission(request)
post = await request.post_vars()
+ from pprint import pprint
+
+ pprint(post)
errors = []
duration = None
if post.get("expire_type"):
```
|
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1350013016 | https://github.com/simonw/datasette/issues/1947#issuecomment-1350013016 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5Qd5BY | simonw 9599 | 2022-12-13T23:16:24Z | 2022-12-13T23:17:17Z | OWNER | Slightly tricky thing here is that it should only show permissions that the user themselves has - on databases and tables that they have permission to access. I have a nasty feeling this may require looping through everything and running every permission check, which could get very expensive if there are plugins involved that do their own storage check to resolve a permission. It's that classic permission system problem: how to efficiently iterate through everything the user has permission to do in one go? Might be that I have to punt on that, and show the user a list of permissions to select that they might not actually have ability for. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1350008636 | https://github.com/simonw/datasette/issues/1947#issuecomment-1350008636 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5Qd388 | simonw 9599 | 2022-12-13T23:14:33Z | 2022-12-13T23:14:33Z | OWNER | Checkbox interface looks like this. It's not beautiful but it's good enough for the moment: |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1350002434 | https://github.com/simonw/datasette/issues/1947#issuecomment-1350002434 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5Qd2cC | simonw 9599 | 2022-12-13T23:11:50Z | 2022-12-13T23:11:59Z | OWNER | I think checkboxes will work well. Here's the data I get back from them (as
|
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1349975255 | https://github.com/simonw/datasette/issues/1947#issuecomment-1349975255 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5QdvzX | simonw 9599 | 2022-12-13T23:00:11Z | 2022-12-13T23:00:11Z | OWNER | My Create an API token- This token will allow API access with the same abilities as your current user. +This token will allow API access with the same abilities as your current user, {{ request.actor.id }} {% if errors %} {% for error in errors %} @@ -28,6 +28,36 @@ + +
+
+
</form>
Restrict actions that can be performed using this token+Restrict actions that can be performed using this token: +<label="all_permissions">All databases and tables:</label> +<select multiple id="all_permissions" size="{{ all_permissions|length * 4 }}"> + <optgroup label="All databases and tables"> + {% for permission in all_permissions %} + <option value="all:{{ permission }}">{{ permission }}</option> + {% endfor %} + </optgroup> + {% for database in databases %} + <optgroup label="All tables in database: {{ database }}"> + {% for permission in database_permissions %} + <option value="db:{{ database }}:{{ permission }}">{{ permission }}</option> + {% endfor %} + </optgroup> + {% endfor %} + {% for dbt in database_with_tables %} + {% for table in dbt.tables %} + <optgroup label="Table {{ dbt.database }}.{{ table }}"> + {% for permission in table_permissions %} + <option value="table:{{ dbt.database }}:{{ permission }}">{{ permission }}</option> + {% endfor %} + </optgroup> + {% endfor %} + {% endfor %} + </select> +{% if token %} diff --git a/datasette/views/special.py b/datasette/views/special.py index 30345d14..9d0fcd31 100644 --- a/datasette/views/special.py +++ b/datasette/views/special.py @@ -231,7 +231,17 @@ class CreateTokenView(BaseView): return await self.render( ["create_token.html"], request, - {"actor": request.actor}, + { + "actor": request.actor, + "all_permissions": self.ds.permissions.keys(), + "database_permissions": [key for key, value in self.ds.permissions.items() if value.takes_database], + "table_permissions": [key for key, value in self.ds.permissions.items() if value.takes_resource], + "databases": self.ds.databases.keys(), + "database_with_tables": [{ + "database": db.name, + "tables": await db.table_names(), + } for db in self.ds.databases.values()], + }, )
``` |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1349974287 | https://github.com/simonw/datasette/issues/1947#issuecomment-1349974287 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5QdvkP | simonw 9599 | 2022-12-13T22:59:44Z | 2022-12-13T22:59:44Z | OWNER | Got an option group thing working: But... it strikes me that any time you're considering a |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1349972480 | https://github.com/simonw/datasette/issues/1947#issuecomment-1349972480 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5QdvIA | simonw 9599 | 2022-12-13T22:58:51Z | 2022-12-13T22:58:51Z | OWNER | I'm experimenting with a The usability for keyboards is still pretty awful, but it's a niche enough feature that maybe that's OK for the moment?
|
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1347768549 | https://github.com/simonw/datasette/issues/1947#issuecomment-1347768549 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5QVVDl | simonw 9599 | 2022-12-13T05:25:56Z | 2022-12-13T22:29:12Z | OWNER |
|
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1347768328 | https://github.com/simonw/datasette/issues/1947#issuecomment-1347768328 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5QVVAI | simonw 9599 | 2022-12-13T05:25:31Z | 2022-12-13T22:25:46Z | OWNER | https://latest.datasette.io/-/create-token currently looks like this: As a reminder, the CLI options that this needs to provide an alternative to are: |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1349864950 | https://github.com/simonw/datasette/issues/1950#issuecomment-1349864950 | https://api.github.com/repos/simonw/datasette/issues/1950 | IC_kwDOBm6k_c5QdU32 | simonw 9599 | 2022-12-13T22:11:15Z | 2022-12-13T22:11:15Z | OWNER | Most places I use that exception at the moment set their own non-500 status error: ``` datasette % rg DatasetteError datasette/handle_exception.py 7:from .views.base import DatasetteError 33: elif isinstance(exception, DatasetteError): datasette/filters.py 2:from datasette.views.base import DatasetteError 22: raise DatasetteError("_where= is not allowed", status=403) 141: raise DatasetteError( datasette/views/table.py 34:from .base import BaseView, DataView, DatasetteError, ureg, _error 178: raise DatasetteError( 192: raise DatasetteError( 390: raise DatasetteError("Cannot use _sort and _sort_desc at the same time") 394: raise DatasetteError(f"Cannot sort table by {sort}") 400: raise DatasetteError(f"Cannot sort table by {sort_desc}") datasette/views/base.py 39:class DatasetteError(Exception): 219: raise DatasetteError(str(e), title="Invalid SQL", status=400) 222: raise DatasetteError(str(e)) 224: except DatasetteError: 382: raise DatasetteError( 402: raise DatasetteError(str(e), title="Invalid SQL", status=400) 405: raise DatasetteError(str(e)) 407: except DatasetteError: datasette/views/table2.py 28:from .base import DataView, DatasetteError, ureg 296: raise DatasetteError( 310: raise DatasetteError( 472: raise DatasetteError("Cannot use _sort and _sort_desc at the same time") 476: raise DatasetteError(f"Cannot sort table by {sort}") 482: raise DatasetteError(f"Cannot sort table by {sort_desc}") datasette/views/database.py 31:from .base import BaseView, DatasetteError, DataView, _error 188: raise DatasetteError("Invalid database", status=404) 190: raise DatasetteError("Cannot download in-memory databases", status=404) 194: raise DatasetteError("Cannot download database", status=404) ``` |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Bad ?_sort returns a 500 error, should be a 400 1495241162 | |
1349855620 | https://github.com/simonw/datasette/issues/1950#issuecomment-1349855620 | https://api.github.com/repos/simonw/datasette/issues/1950 | IC_kwDOBm6k_c5QdSmE | simonw 9599 | 2022-12-13T22:08:50Z | 2022-12-13T22:08:50Z | OWNER | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Bad ?_sort returns a 500 error, should be a 400 1495241162 | ||
1352644267 | https://github.com/simonw/datasette/issues/1958#issuecomment-1352644267 | https://api.github.com/repos/simonw/datasette/issues/1958 | IC_kwDOBm6k_c5Qn7ar | simonw 9599 | 2022-12-13T18:33:32Z | 2022-12-13T18:33:32Z | OWNER | When you run
|
{ "total_count": 1, "+1": 1, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
datasette --root running in Docker doesn't reliably show the magic URL 1497909798 | |
1347801679 | https://github.com/simonw/datasette/issues/1914#issuecomment-1347801679 | https://api.github.com/repos/simonw/datasette/issues/1914 | IC_kwDOBm6k_c5QVdJP | simonw 9599 | 2022-12-13T06:15:54Z | 2022-12-13T06:15:54Z | OWNER | Should make sure that every API that returns an object as the top level (that's almost all of them) includes |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
Finalize design of JSON for Datasette 1.0 1468689139 | |
1347775760 | https://github.com/simonw/datasette/issues/1947#issuecomment-1347775760 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5QVW0Q | simonw 9599 | 2022-12-13T05:38:47Z | 2022-12-13T05:38:47Z | OWNER | I'm going to hide the options for reducing the scope of the token inside a details/summary element. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1347770871 | https://github.com/simonw/datasette/issues/1937#issuecomment-1347770871 | https://api.github.com/repos/simonw/datasette/issues/1937 | IC_kwDOBm6k_c5QVVn3 | simonw 9599 | 2022-12-13T05:30:43Z | 2022-12-13T05:30:43Z | OWNER | Also you should need |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
/db/-/create API should require insert-rows permission to use row: or rows: option 1483320357 | |
1347767048 | https://github.com/simonw/datasette/pull/1938#issuecomment-1347767048 | https://api.github.com/repos/simonw/datasette/issues/1938 | IC_kwDOBm6k_c5QVUsI | simonw 9599 | 2022-12-13T05:23:18Z | 2022-12-13T05:23:18Z | OWNER | I landed this already: - #1636 |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
"permissions" blocks in metadata.json/yaml 1485488236 | |
1347766530 | https://github.com/simonw/datasette/issues/1948#issuecomment-1347766530 | https://api.github.com/repos/simonw/datasette/issues/1948 | IC_kwDOBm6k_c5QVUkC | simonw 9599 | 2022-12-13T05:22:19Z | 2022-12-13T05:22:19Z | OWNER | I tested:
|
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
500 error on permission debug page when testing actors with _r 1493404423 | |
1347761892 | https://github.com/simonw/datasette/issues/1855#issuecomment-1347761892 | https://api.github.com/repos/simonw/datasette/issues/1855 | IC_kwDOBm6k_c5QVTbk | simonw 9599 | 2022-12-13T05:14:25Z | 2022-12-13T05:14:25Z | OWNER | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette create-token` ability to create tokens with a reduced set of permissions 1423336089 | ||
1347760109 | https://github.com/simonw/datasette/issues/1947#issuecomment-1347760109 | https://api.github.com/repos/simonw/datasette/issues/1947 | IC_kwDOBm6k_c5QVS_t | simonw 9599 | 2022-12-13T05:12:00Z | 2022-12-13T05:12:00Z | OWNER | For the UI: I think I'm going to dump a whole bunch of form elements on the page (so you can set up to 3 of each category of limit without any JavaScript), then add JavaScript that hides all but one of the options and gives you a "add another" widget that adds multiple more. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
UI to create reduced scope tokens from the `/-/create-token` page 1493390939 | |
1347759522 | https://github.com/simonw/datasette/issues/1855#issuecomment-1347759522 | https://api.github.com/repos/simonw/datasette/issues/1855 | IC_kwDOBm6k_c5QVS2i | simonw 9599 | 2022-12-13T05:11:43Z | 2022-12-13T05:11:43Z | OWNER | Decided to do the |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette create-token` ability to create tokens with a reduced set of permissions 1423336089 | |
1347733217 | https://github.com/simonw/datasette/issues/1946#issuecomment-1347733217 | https://api.github.com/repos/simonw/datasette/issues/1946 | IC_kwDOBm6k_c5QVMbh | simonw 9599 | 2022-12-13T04:28:45Z | 2022-12-13T04:28:45Z | OWNER | Demo of the new feature:
|
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette --get` mechanism for sending tokens 1493339206 | |
1347732039 | https://github.com/simonw/datasette/issues/1946#issuecomment-1347732039 | https://api.github.com/repos/simonw/datasette/issues/1946 | IC_kwDOBm6k_c5QVMJH | simonw 9599 | 2022-12-13T04:26:20Z | 2022-12-13T04:26:20Z | OWNER | Two options:
I like the second option more, simply because there are currently no other headers that affect how Datasette works. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette --get` mechanism for sending tokens 1493339206 | |
1347731288 | https://github.com/simonw/datasette/issues/1855#issuecomment-1347731288 | https://api.github.com/repos/simonw/datasette/issues/1855 | IC_kwDOBm6k_c5QVL9Y | simonw 9599 | 2022-12-13T04:24:50Z | 2022-12-13T04:24:50Z | OWNER | For the tests for |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette create-token` ability to create tokens with a reduced set of permissions 1423336089 | |
1347726302 | https://github.com/simonw/datasette/issues/1855#issuecomment-1347726302 | https://api.github.com/repos/simonw/datasette/issues/1855 | IC_kwDOBm6k_c5QVKve | simonw 9599 | 2022-12-13T04:16:26Z | 2022-12-13T04:16:26Z | OWNER | I'm going to move this code into |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette create-token` ability to create tokens with a reduced set of permissions 1423336089 | |
1347707683 | https://github.com/simonw/datasette/issues/1855#issuecomment-1347707683 | https://api.github.com/repos/simonw/datasette/issues/1855 | IC_kwDOBm6k_c5QVGMj | simonw 9599 | 2022-12-13T03:55:35Z | 2022-12-13T04:15:27Z | OWNER | Help looks like this: ``` Usage: datasette create-token [OPTIONS] ID Create a signed API token for the specified actor ID Example:
To only allow create-table:
Or to only allow insert-row against a specific table:
Restricted actions can be specified multiple times using multiple --all, --database, and --resource options. Add --debug to see a decoded version of the token. Options: --secret TEXT Secret used for signing the API tokens [required] -e, --expires-after INTEGER Token should expire after this many seconds -a, --all ACTION Restrict token to this action -d, --database DB ACTION Restrict token to this action on this database -r, --resource DB RESOURCE ACTION Restrict token to this action on this database resource (a table, SQL view or named query) --debug Show decoded token --plugins-dir DIRECTORY Path to directory containing custom plugins --help Show this message and exit. ``` |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette create-token` ability to create tokens with a reduced set of permissions 1423336089 | |
1347695728 | https://github.com/simonw/datasette/issues/1855#issuecomment-1347695728 | https://api.github.com/repos/simonw/datasette/issues/1855 | IC_kwDOBm6k_c5QVDRw | simonw 9599 | 2022-12-13T03:30:09Z | 2022-12-13T03:30:09Z | OWNER | I just noticed this in the existing code: Hard-coding those action names should not be necessary any more, especially now we have |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette create-token` ability to create tokens with a reduced set of permissions 1423336089 | |
1347694871 | https://github.com/simonw/datasette/issues/1855#issuecomment-1347694871 | https://api.github.com/repos/simonw/datasette/issues/1855 | IC_kwDOBm6k_c5QVDEX | simonw 9599 | 2022-12-13T03:28:15Z | 2022-12-13T03:28:15Z | OWNER | Initial prototype of the
|
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette create-token` ability to create tokens with a reduced set of permissions 1423336089 | |
1347693620 | https://github.com/simonw/datasette/issues/1855#issuecomment-1347693620 | https://api.github.com/repos/simonw/datasette/issues/1855 | IC_kwDOBm6k_c5QVCw0 | simonw 9599 | 2022-12-13T03:25:41Z | 2022-12-13T03:25:41Z | OWNER | I'm going to rename "t" in the magic format to "r" for resource. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette create-token` ability to create tokens with a reduced set of permissions 1423336089 | |
1347675456 | https://github.com/simonw/datasette/issues/1855#issuecomment-1347675456 | https://api.github.com/repos/simonw/datasette/issues/1855 | IC_kwDOBm6k_c5QU-VA | simonw 9599 | 2022-12-13T02:57:46Z | 2022-12-13T02:57:46Z | OWNER | I was going to have the CLI command throw an error if you attempt to use a permission that isn't registered with Datasette, but then I remembered that one of the uses for the CLI tool is to create signed tokens that will work against other Datasette instances (via the So I might have it output warnings instead. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette create-token` ability to create tokens with a reduced set of permissions 1423336089 | |
1313148519 | https://github.com/simonw/datasette/issues/1855#issuecomment-1313148519 | https://api.github.com/repos/simonw/datasette/issues/1855 | IC_kwDOBm6k_c5ORQ5n | simonw 9599 | 2022-11-14T06:13:43Z | 2022-12-13T02:46:51Z | OWNER | The Right now that command looks like this: ``` % datasette create-token --help Usage: datasette create-token [OPTIONS] ID Create a signed API token for the specified actor ID Options:
--secret TEXT Secret used for signing the API tokens
[required]
-e, --expires-after INTEGER Token should expire after this many seconds
--debug Show decoded token
--help Show this message and exit.
Decoded: {
"a": "root",
"token": "dstok",
"t": 1668406213,
"d": 445
}
Syntax for adding "insert row" for everything, "update row" for all in the "data" database and "delete row" just for the docs / titles table:
UPDATE: I have decided to use the term So |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette create-token` ability to create tokens with a reduced set of permissions 1423336089 | |
1347669087 | https://github.com/simonw/datasette/issues/1855#issuecomment-1347669087 | https://api.github.com/repos/simonw/datasette/issues/1855 | IC_kwDOBm6k_c5QU8xf | simonw 9599 | 2022-12-13T02:45:15Z | 2022-12-13T02:45:15Z | OWNER | The hardest piece here is the UI. I'm going to implement the CLI command first. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`datasette create-token` ability to create tokens with a reduced set of permissions 1423336089 | |
1347655074 | https://github.com/simonw/datasette/issues/1636#issuecomment-1347655074 | https://api.github.com/repos/simonw/datasette/issues/1636 | IC_kwDOBm6k_c5QU5Wi | simonw 9599 | 2022-12-13T02:21:04Z | 2022-12-13T02:21:23Z | OWNER | The thing I'm stuck on at the moment is how to implement it such that an Maybe the algorithm when
So everything is keyed off the incoming |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
"permissions" propery in metadata for configuring arbitrary permissions 1138008042 | |
1347648326 | https://github.com/simonw/datasette/issues/1636#issuecomment-1347648326 | https://api.github.com/repos/simonw/datasette/issues/1636 | IC_kwDOBm6k_c5QU3tG | simonw 9599 | 2022-12-13T02:10:02Z | 2022-12-13T02:10:02Z | OWNER | The implementation for this will go here: https://github.com/simonw/datasette/blob/8bf06a76b51bc9ace7cf72cf0cca8f1da7704ea7/datasette/default_permissions.py#L81-L83 Here's the start of the tests (currently marked as |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
"permissions" propery in metadata for configuring arbitrary permissions 1138008042 | |
1347647298 | https://github.com/simonw/datasette/issues/1636#issuecomment-1347647298 | https://api.github.com/repos/simonw/datasette/issues/1636 | IC_kwDOBm6k_c5QU3dC | simonw 9599 | 2022-12-13T02:08:46Z | 2022-12-13T02:08:46Z | OWNER | A bunch of the work for this just landed - in particular the new scheme is now documented (even though it doesn't work yet): https://docs.datasette.io/en/latest/authentication.html#other-permissions-in-metadata |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
"permissions" propery in metadata for configuring arbitrary permissions 1138008042 | |
1347646516 | https://github.com/simonw/datasette/issues/1939#issuecomment-1347646516 | https://api.github.com/repos/simonw/datasette/issues/1939 | IC_kwDOBm6k_c5QU3Q0 | simonw 9599 | 2022-12-13T02:07:50Z | 2022-12-13T02:07:50Z | OWNER | Documentation for the new hook: https://docs.datasette.io/en/latest/plugin_hooks.html#register-permissions-datasette |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
register_permissions(datasette) plugin hook 1485757511 | |
1347645615 | https://github.com/simonw/datasette/issues/1943#issuecomment-1347645615 | https://api.github.com/repos/simonw/datasette/issues/1943 | IC_kwDOBm6k_c5QU3Cv | simonw 9599 | 2022-12-13T02:06:47Z | 2022-12-13T02:06:47Z | OWNER | This URL is already used for the https://latest.datasette.io/-/permissions tool - but it could include a block on that page that tells you what permissions are available. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
`/-/permissions` should list available permissions 1490576818 | |
1347640542 | https://github.com/simonw/datasette/pull/1940#issuecomment-1347640542 | https://api.github.com/repos/simonw/datasette/issues/1940 | IC_kwDOBm6k_c5QU1ze | simonw 9599 | 2022-12-13T02:02:10Z | 2022-12-13T02:02:10Z | OWNER | This PR ended up bundling part of the implementation of: - #1636 I'm going to be bad an NOT untangle that from this before I merge it. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
register_permissions() plugin hook 1486011362 | |
1347634128 | https://github.com/simonw/datasette/pull/1940#issuecomment-1347634128 | https://api.github.com/repos/simonw/datasette/issues/1940 | IC_kwDOBm6k_c5QU0PQ | simonw 9599 | 2022-12-13T01:51:56Z | 2022-12-13T01:51:56Z | OWNER | Actually one last thing: I said that the error would only occur if the permissions differed in some way. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
register_permissions() plugin hook 1486011362 | |
1347620733 | https://github.com/simonw/datasette/pull/1940#issuecomment-1347620733 | https://api.github.com/repos/simonw/datasette/issues/1940 | IC_kwDOBm6k_c5QUw99 | simonw 9599 | 2022-12-13T01:33:06Z | 2022-12-13T01:33:06Z | OWNER | It's this change which triggers the failures: ```diff diff --git a/datasette/app.py b/datasette/app.py index 760063d5..defa9688 100644 --- a/datasette/app.py +++ b/datasette/app.py @@ -707,9 +707,12 @@ class Datasette: ) return crumbs
|
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
register_permissions() plugin hook 1486011362 | |
1347616055 | https://github.com/simonw/datasette/pull/1940#issuecomment-1347616055 | https://api.github.com/repos/simonw/datasette/issues/1940 | IC_kwDOBm6k_c5QUv03 | simonw 9599 | 2022-12-13T01:27:03Z | 2022-12-13T01:27:03Z | OWNER | I'm going to revert that last commit, see if I can get the tests running again and then apply the changes a line at a time to figure out which ones broke things. |
{ "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
register_permissions() plugin hook 1486011362 |
Advanced export
JSON shape: default, array, newline-delimited, object
CREATE TABLE [issue_comments] ( [html_url] TEXT, [issue_url] TEXT, [id] INTEGER PRIMARY KEY, [node_id] TEXT, [user] INTEGER REFERENCES [users]([id]), [created_at] TEXT, [updated_at] TEXT, [author_association] TEXT, [body] TEXT, [reactions] TEXT, [issue] INTEGER REFERENCES [issues]([id]) , [performed_via_github_app] TEXT); CREATE INDEX [idx_issue_comments_issue] ON [issue_comments] ([issue]); CREATE INDEX [idx_issue_comments_user] ON [issue_comments] ([user]);
issue 13