github
id | node_id | number | title | user | state | locked | assignee | milestone | comments | created_at | updated_at | closed_at | author_association | pull_request | body | repo | type | active_lock_reason | performed_via_github_app | reactions | draft | state_reason |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
631932926 | MDU6SXNzdWU2MzE5MzI5MjY= | 801 | allow_by_query setting for configuring permissions with a SQL statement | 9599 | closed | 0 | 3268330 | 6 | 2020-06-05T20:30:19Z | 2020-06-11T18:58:56Z | 2020-06-11T18:58:49Z | OWNER | > Idea: an `"allow_sql"` key with a SQL query that gets passed the actor JSON as `:actor` and can extract the relevant keys from it and return 1 or 0. _Originally posted by @simonw in https://github.com/simonw/datasette/issues/698#issuecomment-639787304_ See also #800 | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/801/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
631931408 | MDU6SXNzdWU2MzE5MzE0MDg= | 800 | Canned query permissions mechanism | 9599 | closed | 0 | 5512395 | 14 | 2020-06-05T20:28:21Z | 2020-06-07T16:22:53Z | 2020-06-07T16:22:53Z | OWNER | > Idea: default is anyone can execute a query. > > Or you can specify the following: > > ```json > > { > "databases": { > "my-database": { > "queries": { > "add_twitter_handle": { > "sql": "insert into twitter_handles (username) values (:username)", > "write": true, > "allow": { > "id": ["simon"], > "role": ["staff"] > } > } > } > } > } > } > ``` > These get matched against the actor JSON. If any of the fields in any of the keys of `"allow"` match a key on the actor, the query is allowed. > > `"id": "*"` matches any actor with an `id` key. _Originally posted by @simonw in https://github.com/simonw/datasette/issues/698#issuecomment-639784651_ | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/800/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
631300342 | MDExOlB1bGxSZXF1ZXN0NDI4MjEyNDIx | 798 | CSRF protection | 9599 | closed | 0 | 5512395 | 5 | 2020-06-05T04:22:35Z | 2020-06-06T00:43:41Z | 2020-06-05T19:05:58Z | OWNER | simonw/datasette/pulls/798 | Refs #793 | 107914493 | pull | { "url": "https://api.github.com/repos/simonw/datasette/issues/798/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
0 | ||||
632056825 | MDU6SXNzdWU2MzIwNTY4MjU= | 802 | "datasette plugins" command is broken | 9599 | closed | 0 | 1 | 2020-06-05T23:33:01Z | 2020-06-05T23:46:43Z | 2020-06-05T23:46:43Z | OWNER | I broke it in https://github.com/simonw/datasette/commit/a7137dfe069e5fceca56f78631baebd4a6a19967 - and it turns out there was no test coverage so I didn't realize it was broken. | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/802/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | ||||||
631789422 | MDU6SXNzdWU2MzE3ODk0MjI= | 799 | TestResponse needs to handle multiple set-cookie headers | 9599 | closed | 0 | 2 | 2020-06-05T17:39:52Z | 2020-06-05T18:34:10Z | 2020-06-05T18:34:10Z | OWNER | Seeing this test failure on #798: ``` _______________________ test_auth_token _______________________ app_client = <tests.fixtures.TestClient object at 0x11285c910> def test_auth_token(app_client): "The /-/auth-token endpoint sets the correct cookie" assert app_client.ds._root_token is not None path = "/-/auth-token?token={}".format(app_client.ds._root_token) response = app_client.get(path, allow_redirects=False,) assert 302 == response.status assert "/" == response.headers["Location"] > assert {"id": "root"} == app_client.ds.unsign(response.cookies["ds_actor"], "actor") E KeyError: 'ds_actor' datasette/tests/test_auth.py:12: KeyError ``` It looks like that's happening because the ASGI middleware is adding another set-cookie header - but those two set-cookie headers are combined into one when the TestResponse is constructed: https://github.com/simonw/datasette/blob/0c064c5fe220b7b3d8dcf85b02b4e60452c47232/tests/fixtures.py#L113-L127 | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/799/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed |