html_url,id,node_id,tag_name,target_commitish,name,draft,author,prerelease,created_at,published_at,body,repo,reactions
https://github.com/simonw/datasette/releases/tag/1.0a2,86103928,RE_kwDOBm6k_c4FIdd4,1.0a2,main,1.0a2,0,9599,1,2022-12-15T02:02:42Z,2022-12-15T02:03:59Z,"The third Datasette 1.0 alpha release adds upsert support to the JSON API, plus the ability to specify finely grained permissions when creating an API token.

See [Datasette 1.0a2: Upserts and finely grained permissions](https://simonwillison.net/2022/Dec/15/datasette-1a2/) for an extended, annotated version of these release notes.

- New `/db/table/-/upsert` API, [documented here](https://docs.datasette.io/en/latest/json_api.html#tableupsertview). upsert is an update-or-insert: existing rows will have specified keys updated, but if no row matches the incoming primary key a brand new row will be inserted instead. ([#1878](https://github.com/simonw/datasette/issues/1878))
- New [register_permissions(datasette)](https://docs.datasette.io/en/latest/plugin_hooks.html#plugin-register-permissions) plugin hook. Plugins can now register named permissions, which will then be listed in various interfaces that show available permissions. ([#1940](https://github.com/simonw/datasette/issues/1940))
- The `/db/-/create` API for [creating a table](https://docs.datasette.io/en/latest/json_api.html#tablecreateview) now accepts `""ignore"": true` and `""replace"": true` options when called with the `""rows""` property that creates a new table based on an example set of rows. This means the API can be called multiple times with different rows, setting rules for what should happen if a primary key collides with an existing row. ([#1927](https://github.com/simonw/datasette/issues/1927))
- Arbitrary permissions can now be configured at the instance, database and resource (table, SQL view or canned query) level in Datasette's [Metadata](https://docs.datasette.io/en/latest/metadata.html#metadata) JSON and YAML files. The new `""permissions""` key can be used to specify which actors should have which permissions. See [Other permissions in metadata](https://docs.datasette.io/en/latest/authentication.html#authentication-permissions-other) for details. ([#1636](https://github.com/simonw/datasette/issues/1636))
- The `/-/create-token` page can now be used to create API tokens which are restricted to just a subset of actions, including against specific databases or resources. See [API Tokens](https://docs.datasette.io/en/latest/authentication.html#createtokenview) for details. ([#1947](https://github.com/simonw/datasette/issues/1947))
- Likewise, the [datasette create-token](https://docs.datasette.io/en/latest/internals.html#create-token-actor-id-expires-after-none-restrict-all-none-restrict-database-none-restrict-resource-none) CLI command can now create tokens with [a subset of permissions](https://docs.datasette.io/en/latest/authentication.html#authentication-cli-create-token-restrict). ([#1855](https://github.com/simonw/datasette/issues/1855))
- New datasette.create_token() API method <datasette_create_token>` for programmatically creating signed API tokens. ([#1951](https://github.com/simonw/datasette/issues/1951))
- `/db/-/create` API now requires actor to have `insert-row` permission in order to use the `""row""` or `""rows""` properties. ([#1937](https://github.com/simonw/datasette/issues/1937))",107914493,