id,node_id,number,title,user,state,locked,assignee,milestone,comments,created_at,updated_at,closed_at,author_association,pull_request,body,repo,type,active_lock_reason,performed_via_github_app,reactions,draft,state_reason
633066114,MDU6SXNzdWU2MzMwNjYxMTQ=,810,Refactor permission check for canned query,9599,closed,0,,5512395,1,2020-06-07T05:33:05Z,2020-06-07T17:03:15Z,2020-06-07T17:03:15Z,OWNER,,"This code here (TODO is follow-on from #808).

https://github.com/simonw/datasette/blob/86dec9e8fffd6c4efec928ae9b5713748dec7e74/datasette/views/database.py#L133-L142

I can improve this with extra code in https://github.com/simonw/datasette/blob/86dec9e8fffd6c4efec928ae9b5713748dec7e74/datasette/default_permissions.py",107914493,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/810/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
631931408,MDU6SXNzdWU2MzE5MzE0MDg=,800,Canned query permissions mechanism,9599,closed,0,,5512395,14,2020-06-05T20:28:21Z,2020-06-07T16:22:53Z,2020-06-07T16:22:53Z,OWNER,,"> Idea: default is anyone can execute a query.
> 
> Or you can specify the following:
> 
> ```json
> 
> {
>     ""databases"": {
>        ""my-database"": {
>            ""queries"": {
>                ""add_twitter_handle"": {
>                    ""sql"": ""insert into twitter_handles (username) values (:username)"",
>                    ""write"": true,
>                    ""allow"": {
>                        ""id"": [""simon""],
>                        ""role"": [""staff""]
>                    }
>                }
>            }
>        }
>     }
> }
> ```
> These get matched against the actor JSON. If any of the fields in any of the keys of `""allow""` match a key on the actor, the query is allowed.
> 
> `""id"": ""*""` matches any actor with an `id` key.

_Originally posted by @simonw in https://github.com/simonw/datasette/issues/698#issuecomment-639784651_",107914493,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/800/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
632918799,MDU6SXNzdWU2MzI5MTg3OTk=,808,Permission check for every view in Datasette (plus docs),9599,closed,0,,5512395,2,2020-06-07T01:59:23Z,2020-06-07T05:30:49Z,2020-06-07T05:30:49Z,OWNER,,"Every view in Datasette should perform a permission check to see if the current user/actor is allowed to view that page.

This permission check will default to allowed, but having this check will allow plugins to lock down access selectively or even to everything in a Datasette instance.",107914493,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/808/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed