github
id | node_id | number | title | user | state | locked | assignee | milestone | comments | created_at | updated_at | closed_at | author_association | pull_request | body | repo | type | active_lock_reason | performed_via_github_app | reactions | draft | state_reason |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
633578769 | MDU6SXNzdWU2MzM1Nzg3Njk= | 811 | Support "allow" block on root, databases and tables, not just queries | 9599 | closed | 0 | 5512395 | 16 | 2020-06-07T17:01:09Z | 2020-06-08T19:34:00Z | 2020-06-08T19:32:36Z | OWNER | No reason not to expand the "allow" mechanism [described here](https://github.com/simonw/datasette/blob/86dec9e8fffd6c4efec928ae9b5713748dec7e74/docs/authentication.rst#permissions-for-canned-queries) to the root of `metadata.json` plus to databases and tables. Refs #810 and #800. ```json { "databases": { "mydatabase": { "allow": { "id": ["root"] } } } } ``` TODO: - [x] Instance level - [x] Database level - [x] Table level - [x] Query level - [x] Affects list of queries - [x] Affects list of tables on database page - [x] Affects truncated list of tables on index page - [x] Affects list of SQL views on database page - [x] Affects list of databases on index page - [x] Show 🔒 in header on index page for private instances - [x] Show 🔒 in header on private database page - [x] Show 🔒 in header on private table page - [x] Show 🔒 in header on private query page - [x] Move `assert_permissions_checked()` calls from `test_html.py` to `test_permissions.py` - [x] Update documentation | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/811/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
634783573 | MDU6SXNzdWU2MzQ3ODM1NzM= | 816 | Come up with a new example for extra_template_vars plugin | 9599 | closed | 0 | 5512395 | 2 | 2020-06-08T16:57:59Z | 2020-06-08T19:06:44Z | 2020-06-08T19:06:11Z | OWNER | This example is obsolete, it's from a time before `request.actor` and authentication as a built-in concept (#699): https://github.com/simonw/datasette/blob/0c064c5fe220b7b3d8dcf85b02b4e60452c47232/docs/plugins.rst#L696-L700 https://github.com/simonw/datasette/blob/0c064c5fe220b7b3d8dcf85b02b4e60452c47232/docs/plugins.rst#extra_template_varstemplate-database-table-view_name-request-datasette | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/816/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed |