github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/698#issuecomment-639779403 | https://api.github.com/repos/simonw/datasette/issues/698 | 639779403 | MDEyOklzc3VlQ29tbWVudDYzOTc3OTQwMw== | 9599 | 2020-06-05T20:20:12Z | 2020-06-05T20:20:12Z | OWNER | CSRF is done. Last step: figure out a smart way to integrate this with permissions and authentication. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582517965 | |
https://github.com/simonw/datasette/issues/698#issuecomment-639784651 | https://api.github.com/repos/simonw/datasette/issues/698 | 639784651 | MDEyOklzc3VlQ29tbWVudDYzOTc4NDY1MQ== | 9599 | 2020-06-05T20:25:02Z | 2020-06-05T20:25:02Z | OWNER | Idea: default is anyone can execute a query. Or you can specify the following: ```json { "databases": { "my-database": { "queries": { "add_twitter_handle": { "sql": "insert into twitter_handles (username) values (:username)", "write": true, "allow": { "id": ["simon"], "role": ["staff"] } } } } } } ``` These get matched against the actor JSON. If any of the fields in any of the keys of `"allow"` match a key on the actor, the query is allowed. `"id": "*"` matches any actor with an `id` key. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582517965 | |
https://github.com/simonw/datasette/issues/698#issuecomment-639785878 | https://api.github.com/repos/simonw/datasette/issues/698 | 639785878 | MDEyOklzc3VlQ29tbWVudDYzOTc4NTg3OA== | 9599 | 2020-06-05T20:25:55Z | 2020-06-05T20:25:55Z | OWNER | I'd really like to support SQL query defined permissions too, mainly to set an example for how plugins could do something similar. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582517965 | |
https://github.com/simonw/datasette/issues/698#issuecomment-639787304 | https://api.github.com/repos/simonw/datasette/issues/698 | 639787304 | MDEyOklzc3VlQ29tbWVudDYzOTc4NzMwNA== | 9599 | 2020-06-05T20:26:57Z | 2020-06-05T20:26:57Z | OWNER | Idea: an `"allow_sql"` key with a SQL query that gets passed the actor JSON as `:actor` and can extract the relevant keys from it and return 1 or 0. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582517965 | |
https://github.com/simonw/datasette/issues/698#issuecomment-639788562 | https://api.github.com/repos/simonw/datasette/issues/698 | 639788562 | MDEyOklzc3VlQ29tbWVudDYzOTc4ODU2Mg== | 9599 | 2020-06-05T20:27:49Z | 2020-06-05T20:27:49Z | OWNER | There can be a detailed section explaining these different mechanisms on the authentication documentation page. I imagine they will end up applying to more than just canned queries. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582517965 |