github
id | node_id | number | title | user | state | locked | assignee | milestone | comments | created_at | updated_at | closed_at | author_association | pull_request | body | repo | type | active_lock_reason | performed_via_github_app | reactions | draft | state_reason |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
628089318 | MDU6SXNzdWU2MjgwODkzMTg= | 787 | "datasette publish" should bake in a random --secret | 9599 | closed | 0 | 5512395 | 1 | 2020-06-01T01:15:26Z | 2020-06-11T16:02:05Z | 2020-06-11T16:02:05Z | OWNER | To allow signed cookies etc to work reliably (see #785) all of the `datasette publish` commands should generate a random secret on publish and bake it into the configuration - probably by setting the `DATASETTE_SECRET` environment variable. - [ ] Cloud Run - [ ] Heroku - [ ] https://github.com/simonw/datasette-publish-now - [ ] https://github.com/simonw/datasette-publish-fly | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/787/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
636614868 | MDU6SXNzdWU2MzY2MTQ4Njg= | 831 | It would be more intuitive if "allow": none meant "no-one can do this" | 9599 | closed | 0 | 5512395 | 1 | 2020-06-10T23:43:56Z | 2020-06-10T23:57:25Z | 2020-06-10T23:50:55Z | OWNER | Now that I'm starting to write alternative plugins to control permissions - see #818 - I think I need an easy way to tell Datasette "no-one has permission to do X unless a plugin says otherwise". One relatively intuitive way to do that could be like this: ```json { "databases": { "fixtures": { "allow": null } } } ``` Right now I think that opens up permissions to everyone, which isn't as obvious. | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/831/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
635696400 | MDU6SXNzdWU2MzU2OTY0MDA= | 827 | Document CSRF protection (for plugins) | 9599 | closed | 0 | 5512395 | 1 | 2020-06-09T19:19:10Z | 2020-06-09T19:38:30Z | 2020-06-09T19:35:13Z | OWNER | Plugin authors need to know that if they want to POST a form they should include this: ```html+jinja <input type="hidden" name="csrftoken" value="{{ csrftoken() }}"> ``` | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/827/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
633066114 | MDU6SXNzdWU2MzMwNjYxMTQ= | 810 | Refactor permission check for canned query | 9599 | closed | 0 | 5512395 | 1 | 2020-06-07T05:33:05Z | 2020-06-07T17:03:15Z | 2020-06-07T17:03:15Z | OWNER | This code here (TODO is follow-on from #808). https://github.com/simonw/datasette/blob/86dec9e8fffd6c4efec928ae9b5713748dec7e74/datasette/views/database.py#L133-L142 I can improve this with extra code in https://github.com/simonw/datasette/blob/86dec9e8fffd6c4efec928ae9b5713748dec7e74/datasette/default_permissions.py | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/810/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed |