id,node_id,number,title,user,user_label,state,locked,assignee,assignee_label,milestone,milestone_label,comments,created_at,updated_at,closed_at,author_association,pull_request,body,repo,repo_label,type,active_lock_reason,performed_via_github_app,reactions,draft,state_reason
647103735,MDU6SXNzdWU2NDcxMDM3MzU=,875,"""Logged in as: XXX - logout"" navigation item",9599,simonw,closed,0,,,5533512,Datasette 0.45,3,2020-06-29T04:31:14Z,2020-07-02T00:13:24Z,2020-06-29T18:43:50Z,OWNER,,_Originally posted by @simonw in https://github.com/simonw/datasette/issues/840#issuecomment-650895874_,107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/875/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
646992096,MDU6SXNzdWU2NDY5OTIwOTY=,872,Release non-alpha plugins when 0.45 is out,9599,simonw,closed,0,,,5533512,Datasette 0.45,0,2020-06-28T19:42:01Z,2020-07-01T23:48:51Z,2020-07-01T23:48:51Z,OWNER,,"I have several plugins currently marked as alphas because they depend on `0.45a3`. When 0.45 is released I can ship new versions of these plugins that are full releases, not alphas - and switch them to depending on 0.45 (as opposed to the alpha):

- [x] https://github.com/simonw/datasette-init
- [x] https://github.com/simonw/datasette-glitch
- [x] https://github.com/simonw/datasette-saved-queries
- [x] https://github.com/simonw/datasette-write",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/872/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
649373451,MDU6SXNzdWU2NDkzNzM0NTE=,885,Blog entry about the release,9599,simonw,closed,0,,,5533512,Datasette 0.45,1,2020-07-01T22:44:37Z,2020-07-01T22:44:48Z,2020-07-01T22:44:47Z,OWNER,,,107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/885/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
648673556,MDU6SXNzdWU2NDg2NzM1NTY=,882,Release notes for 0.45,9599,simonw,closed,0,,,5533512,Datasette 0.45,2,2020-07-01T05:00:17Z,2020-07-01T21:48:08Z,2020-07-01T21:48:08Z,OWNER,,"These are mostly done thanks to the alphas, but I went to have more paragraphs of prose and less bullet points.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/882/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
649329013,MDU6SXNzdWU2NDkzMjkwMTM=,884,"Only show ""log out"" button if user is authenticated using a ds_actor cookie",9599,simonw,closed,0,,,5533512,Datasette 0.45,0,2020-07-01T21:21:28Z,2020-07-01T21:26:07Z,2020-07-01T21:26:06Z,OWNER,,"Right now the ""Log out"" button in the navigation will show up even if the user was authenticated by a plugin using a mechanism other than the `ds_actor` cookie. It should only show if the logged-in user has that cookie.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/884/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
634112607,MDU6SXNzdWU2MzQxMTI2MDc=,812,Ability to customize what happens when a view permission fails,9599,simonw,closed,0,,,5533512,Datasette 0.45,3,2020-06-08T04:26:14Z,2020-07-01T04:17:46Z,2020-07-01T04:17:45Z,OWNER,,"Currently view permission failures raise a `Forbidden` error which is transformed into a 403.

It would be good if this page could offer a way forward - maybe just by linking to (or redirecting to) a login screen. This behaviour will vary based on authentication plugins, so a new plugin hook is probably the best way to do this.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/812/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
637363686,MDU6SXNzdWU2MzczNjM2ODY=,835,Mechanism for skipping CSRF checks on API posts,9599,simonw,closed,0,,,5533512,Datasette 0.45,13,2020-06-11T22:41:10Z,2020-07-01T03:08:07Z,2020-07-01T03:08:07Z,OWNER,,While experimenting with https://github.com/simonw/datasette-auth-tokens I realized it's not currently possible to build API client programs that POST to Datasette because there's no mechanism for them to skip the CSRF checks added in #798.,107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/835/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
647879783,MDU6SXNzdWU2NDc4Nzk3ODM=,876,Add log out link to the pattern portfolio,9599,simonw,closed,0,,,5533512,Datasette 0.45,1,2020-06-30T05:42:15Z,2020-06-30T23:50:04Z,2020-06-30T23:47:31Z,OWNER,,Follows #875,107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/876/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
648569227,MDU6SXNzdWU2NDg1NjkyMjc=,879,Database page documentation still talks about hashes in URLs,9599,simonw,closed,0,,,5533512,Datasette 0.45,1,2020-06-30T23:43:17Z,2020-06-30T23:48:06Z,2020-06-30T23:45:42Z,OWNER,,"https://datasette.readthedocs.io/en/0.44/pages.html

> Note that these URLs end in a 7 character hash. This hash is derived from the contents of the database, and ensures that each URL is immutable: the data returned from a URL containing the hash will always be the same, since if the contents of the database file changes by even a single byte a new hash will be generated.

This isn't accurate any more - that's not default behaviour, and it may be removed entirely in #647.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/879/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
636722501,MDU6SXNzdWU2MzY3MjI1MDE=,832,Having view-table permission but NOT view-database should still grant access to /db/table,9599,simonw,closed,0,,,5533512,Datasette 0.45,12,2020-06-11T05:12:59Z,2020-06-30T23:42:11Z,2020-06-30T23:42:11Z,OWNER,,"Stumbled into this while working on `datasette-permissions-sql`. I had granted table permissions, but the permission check wasn't even executed because the user failed the previous `view-database` check.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/832/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
637966833,MDU6SXNzdWU2Mzc5NjY4MzM=,840,Log out mechanism for clearing ds_actor cookie,9599,simonw,closed,0,,,5533512,Datasette 0.45,4,2020-06-12T19:41:51Z,2020-06-29T04:31:43Z,2020-06-29T04:31:43Z,OWNER,,"Need a cookie clearing mechanism and a way to show that you are logged in.

`datasette-auth-github` had a solution for this that can be pulled into core.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/840/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
647095808,MDU6SXNzdWU2NDcwOTU4MDg=,874,/favicon.ico 500 error,9599,simonw,closed,0,,,5533512,Datasette 0.45,0,2020-06-29T04:04:22Z,2020-06-29T04:27:18Z,2020-06-29T04:27:18Z,OWNER,,"```
Traceback (most recent call last):
  File ""...datasette/datasette/app.py"", line 969, in route_path
    response = await view(request, send)
TypeError: favicon() missing 1 required positional argument: 'send'
```",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/874/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
644309017,MDU6SXNzdWU2NDQzMDkwMTc=,864,datasette.add_message() doesn't work inside plugins,9599,simonw,closed,0,,,5533512,Datasette 0.45,6,2020-06-24T04:30:06Z,2020-06-29T00:51:01Z,2020-06-29T00:51:01Z,OWNER,,"Similar problem to #863 - calling `datasette.add_message()` in a view registered using the `register_routes()` plugin hook doesn't work, because the code that writes accumulated messages to the `ds_messages` signed cookie lives in the `BaseView` class here:

https://github.com/simonw/datasette/blob/28bb1c51897f3956861755e345e18b8e0b1423ac/datasette/views/base.py#L94-L97",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/864/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
646840273,MDU6SXNzdWU2NDY4NDAyNzM=,871,Rename the _timestamp magic parameters to _now,9599,simonw,closed,0,,,5533512,Datasette 0.45,1,2020-06-28T04:49:08Z,2020-06-28T19:49:49Z,2020-06-28T19:49:49Z,OWNER,,I like the shorter name better. Follows on from #842.,107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/871/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
637342551,MDU6SXNzdWU2MzczNDI1NTE=,834,startup() plugin hook,9599,simonw,closed,0,,,5533512,Datasette 0.45,6,2020-06-11T21:48:14Z,2020-06-28T19:38:50Z,2020-06-13T17:56:12Z,OWNER,,"It might be useful to have an `startup` hook which gets passed the `datasette` object as soon as Datasette has finished initializing.

My initial use-case for this is configuration verification - checking that the `""plugins""` configuration block for this plugin contains valid details.

I imagine there are plenty of other potential uses for this as well.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/834/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
638212085,MDU6SXNzdWU2MzgyMTIwODU=,842,Magic parameters for canned queries,9599,simonw,closed,0,,,5533512,Datasette 0.45,18,2020-06-13T18:50:08Z,2020-06-28T03:30:31Z,2020-06-28T02:58:18Z,OWNER,,"Now that writable canned queries (#698) have landed, it would be neat if they supported ""magic"" parameters - parameters that are automatically populated with:

- the current actor ID / other actor properties
- the current date and time
- the user's IP or user-agent

And maybe other things potentially added by plugins.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/842/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
646734280,MDExOlB1bGxSZXF1ZXN0NDQwOTQ2ODE3,869,Magic parameters for canned queries,9599,simonw,closed,0,,,5533512,Datasette 0.45,1,2020-06-27T18:37:21Z,2020-06-28T02:58:18Z,2020-06-28T02:58:17Z,OWNER,simonw/datasette/pulls/869,"Implementation for #842

TODO:

- [x] Add tests for built-in magic parameters
- [x] Magic parameters should not show up as blank form fields on the query page
- [x] Update documentation for new `_request_X` (now called `_header_X`) implementation where X is a key from the ASGI scope
- [x] Make sure these only work for canned queries, not for arbitrary SQL queries (security issue)
- [x] Add test for the `register_magic_parameters` plugin hook
- [x] Add documentation for the `register_magic_parameters` plugin hook
",107914493,datasette,pull,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/869/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",0,
645975649,MDU6SXNzdWU2NDU5NzU2NDk=,867,register_routes() should support non-async view functions too,9599,simonw,closed,0,,,5533512,Datasette 0.45,1,2020-06-26T03:11:25Z,2020-06-27T18:30:41Z,2020-06-27T18:30:40Z,OWNER,,"I was looking at this: https://github.com/simonw/datasette-block-robots/blob/main/datasette_block_robots/__init__.py
```python
from datasette import hookimpl
from datasette.utils.asgi import Response


async def robots_txt():
    return Response.text(""User-agent: *\nDisallow: /"")


@hookimpl
def register_routes():
    return [
        (r""^/robots\.txt$"", robots_txt),
    ]
```
And I realized that if `register_routes()` could support non-async view functions it could be reduced to this:
```python
@hookimpl
def register_routes():
    return [
        (r""^/robots\.txt$"", lambda: Response.text(""User-agent: *\nDisallow: /"")),
    ]
```",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/867/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
640943441,MDU6SXNzdWU2NDA5NDM0NDE=,853,Ensure register_routes() works for POST,9599,simonw,closed,0,,,5533512,Datasette 0.45,1,2020-06-18T06:24:55Z,2020-06-24T04:30:30Z,2020-06-18T16:22:02Z,OWNER,,https://twitter.com/amjithr/status/1273496759684050944,107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/853/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
644283211,MDU6SXNzdWU2NDQyODMyMTE=,863,{{ csrftoken() }} doesn't work with datasette.render_template(),9599,simonw,closed,0,,,5533512,Datasette 0.45,0,2020-06-24T03:11:49Z,2020-06-24T04:30:30Z,2020-06-24T03:24:01Z,OWNER,,"The documentation here suggests that it will work:

https://github.com/simonw/datasette/blob/eed116ac0599c7d21b7129af94d58ce03a923e4e/docs/internals.rst#L540-L546

But right now the `csrftoken` variable is set in BaseView.render, which means it's not visible to plugins that try to render templates using `datasette.render_template`:

https://github.com/simonw/datasette/blob/799c5d53570d773203527f19530cf772dc2eeb24/datasette/views/base.py#L99-L106",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/863/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
572896293,MDU6SXNzdWU1NzI4OTYyOTM=,687,Expand plugins documentation to multiple pages,9599,simonw,closed,0,,,5533512,Datasette 0.45,11,2020-02-28T17:26:21Z,2020-06-22T03:55:20Z,2020-06-22T03:53:54Z,OWNER,,"I think the plugins docs need to extend beyond a single page now. I want to add a whole section on writing tests for plugins, showing how `httpx` can be used as seen in https://github.com/simonw/datasette-atom/issues/3 and suchlike.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/687/reactions"", ""total_count"": 1, ""+1"": 1, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
642127307,MDU6SXNzdWU2NDIxMjczMDc=,855,Add instructions for using cookiecutter plugin template to plugin docs,9599,simonw,closed,0,,,5533512,Datasette 0.45,2,2020-06-19T17:33:25Z,2020-06-22T02:51:38Z,2020-06-22T02:51:38Z,OWNER,,Once I ship the `datasette-plugin` template: https://github.com/simonw/datasette-plugin/issues/1,107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/855/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
640917326,MDU6SXNzdWU2NDA5MTczMjY=,852,canned_queries() plugin hook,9599,simonw,closed,0,,,5533512,Datasette 0.45,9,2020-06-18T05:24:35Z,2020-06-20T03:08:40Z,2020-06-20T03:08:40Z,OWNER,,"Canned queries are currently baked into `metadata.json` which is read once on startup.

Allowing users to interactively create new canned queries - even if just through a plugin - would make a lot of sense.

Is this a new plugin hook or some other mechanism? Lots to think about here.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/852/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
632843030,MDU6SXNzdWU2MzI4NDMwMzA=,807,Ability to ship alpha and beta releases,9599,simonw,closed,0,,,5533512,Datasette 0.45,18,2020-06-07T00:12:55Z,2020-06-18T21:41:16Z,2020-06-18T21:41:16Z,OWNER,,I'd like to be able to ship alphas and betas to PyPI so in-development plugins can depend on them and help test unreleased plugin hooks.,107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/807/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
641460179,MDU6SXNzdWU2NDE0NjAxNzk=,854,"Respect default scope[""actor""] if one exists",9599,simonw,closed,0,,,5533512,Datasette 0.45,0,2020-06-18T18:25:08Z,2020-06-18T18:39:22Z,2020-06-18T18:39:22Z,OWNER,,"ASGI wrapper plugins that themselves set the `actor` scope variable should be respected (though `actor_from_request` plugins should still execute and get the chance to replace that initial `actor` value).

Relevant code: https://github.com/simonw/datasette/blob/09a3479a5402df96489ed6cab6cc9fd674bf3433/datasette/app.py#L910-L921",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/854/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed