home / github / issues

Menu
  • Search all tables
  • GraphQL API

issues: 1423336089

This data as json

id node_id number title user state locked assignee milestone comments created_at updated_at closed_at author_association pull_request body repo type active_lock_reason performed_via_github_app reactions draft state_reason
1423336089 I_kwDOBm6k_c5U1mKZ 1855 `datasette create-token` ability to create tokens with a reduced set of permissions 9599 closed 0   8711695 19 2022-10-26T02:20:52Z 2022-12-14T01:24:49Z 2022-12-13T05:20:24Z OWNER  

Initial design ideas: https://github.com/simonw/datasette/issues/1852#issuecomment-1289733483

Token design concept:

json { "t": { "a": ["ir", "ur", "dr"], "d": { "fixtures": ["ir", "ur", "dr"] }, "t": { "fixtures": { "searchable": ["ir"] } } } }

That JSON would be minified and signed.

Minified version of the above looks like this (101 characters):

{"t":{"a":["ir","ur","dr"],"d":{"fixtures":["ir","ur","dr"]},"t":{"fixtures":{"searchable":["ir"]}}}}

The "t" key shows this is a token that as a default API key.

"a" means "all" - these are permissions that have been granted on all tables and databases.

"d" means "databases" - this is a way to set permissions for all tables in a specific database.

"t" means "tables" - this lets you set permissions at a finely grained table level.

Then the permissions themselves are two character codes which are shortened versions - so:

  • ir = insert-row
  • ur = update-row
  • dr = delete-row

Remaining tasks

  • [x] Add these options to the datasette create-token command
  • [x] Tests for datasette create-token options
  • [x] Documentation for those options at https://docs.datasette.io/en/latest/authentication.html#datasette-create-token
  • [x] A way to handle permissions that don't have known abbreviations (permissions added by plugins). Probably need to solve the plugin permission registration problem as part of that
  • [x] Stop hard-coding names of actions in the permission_allowed_actor_restrictions function
107914493 issue    
{
    "url": "https://api.github.com/repos/simonw/datasette/issues/1855/reactions",
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
  completed

Links from other tables

  • 2 rows from issues_id in issues_labels
  • 19 rows from issue in issue_comments
Powered by Datasette · Queries took 0.968ms · About: github-to-sqlite