github
id | node_id | number | title | user | state | locked | assignee | milestone | comments | created_at | updated_at | closed_at | author_association | pull_request | body | repo | type | active_lock_reason | performed_via_github_app | reactions | draft | state_reason |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
637342551 | MDU6SXNzdWU2MzczNDI1NTE= | 834 | startup() plugin hook | 9599 | closed | 0 | 5533512 | 6 | 2020-06-11T21:48:14Z | 2020-06-28T19:38:50Z | 2020-06-13T17:56:12Z | OWNER | It might be useful to have an `startup` hook which gets passed the `datasette` object as soon as Datasette has finished initializing. My initial use-case for this is configuration verification - checking that the `"plugins"` configuration block for this plugin contains valid details. I imagine there are plenty of other potential uses for this as well. | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/834/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
636722501 | MDU6SXNzdWU2MzY3MjI1MDE= | 832 | Having view-table permission but NOT view-database should still grant access to /db/table | 9599 | closed | 0 | 5533512 | 12 | 2020-06-11T05:12:59Z | 2020-06-30T23:42:11Z | 2020-06-30T23:42:11Z | OWNER | Stumbled into this while working on `datasette-permissions-sql`. I had granted table permissions, but the permission check wasn't even executed because the user failed the previous `view-database` check. | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/832/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
637363686 | MDU6SXNzdWU2MzczNjM2ODY= | 835 | Mechanism for skipping CSRF checks on API posts | 9599 | closed | 0 | 5533512 | 13 | 2020-06-11T22:41:10Z | 2020-07-01T03:08:07Z | 2020-07-01T03:08:07Z | OWNER | While experimenting with https://github.com/simonw/datasette-auth-tokens I realized it's not currently possible to build API client programs that POST to Datasette because there's no mechanism for them to skip the CSRF checks added in #798. | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/835/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed |