{"id": 637363686, "node_id": "MDU6SXNzdWU2MzczNjM2ODY=", "number": 835, "title": "Mechanism for skipping CSRF checks on API posts", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5533512, "label": "Datasette 0.45"}, "comments": 13, "created_at": "2020-06-11T22:41:10Z", "updated_at": "2020-07-01T03:08:07Z", "closed_at": "2020-07-01T03:08:07Z", "author_association": "OWNER", "pull_request": null, "body": "While experimenting with https://github.com/simonw/datasette-auth-tokens I realized it's not currently possible to build API client programs that POST to Datasette because there's no mechanism for them to skip the CSRF checks added in #798.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/835/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 636722501, "node_id": "MDU6SXNzdWU2MzY3MjI1MDE=", "number": 832, "title": "Having view-table permission but NOT view-database should still grant access to /db/table", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5533512, "label": "Datasette 0.45"}, "comments": 12, "created_at": "2020-06-11T05:12:59Z", "updated_at": "2020-06-30T23:42:11Z", "closed_at": "2020-06-30T23:42:11Z", "author_association": "OWNER", "pull_request": null, "body": "Stumbled into this while working on `datasette-permissions-sql`. I had granted table permissions, but the permission check wasn't even executed because the user failed the previous `view-database` check.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/832/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 637342551, "node_id": "MDU6SXNzdWU2MzczNDI1NTE=", "number": 834, "title": "startup() plugin hook", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5533512, "label": "Datasette 0.45"}, "comments": 6, "created_at": "2020-06-11T21:48:14Z", "updated_at": "2020-06-28T19:38:50Z", "closed_at": "2020-06-13T17:56:12Z", "author_association": "OWNER", "pull_request": null, "body": "It might be useful to have an `startup` hook which gets passed the `datasette` object as soon as Datasette has finished initializing.\r\n\r\nMy initial use-case for this is configuration verification - checking that the `\"plugins\"` configuration block for this plugin contains valid details.\r\n\r\nI imagine there are plenty of other potential uses for this as well.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/834/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}