github
id | node_id | number | title | user | state | locked | assignee | milestone | comments | created_at | updated_at | closed_at | author_association | pull_request | body | repo | type | active_lock_reason | performed_via_github_app | reactions | draft | state_reason |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1485757511 | I_kwDOBm6k_c5YjtxH | 1939 | register_permissions(datasette) plugin hook | 9599 | closed | 0 | 8711695 | 20 | 2022-12-09T01:33:25Z | 2022-12-13T02:07:50Z | 2022-12-13T02:05:56Z | OWNER | A plugin hook that adds more named permissions to the list which is initially populated here: https://github.com/simonw/datasette/blob/e539c1c024bc62d88df91d9107cbe37e7f0fe55f/datasette/permissions.py#L1-L19 Originally imagined this hook in this comment: - https://github.com/simonw/datasette/issues/1881#issuecomment-1301639370 I need this for a few reasons: - https://github.com/simonw/datasette/issues/1636 - Needs it in order to validate that permissions defined in `metadata.json` are set in the right place (don't set an instance permissions at table level for example) - https://github.com/simonw/datasette/issues/1855 - Needs it to be able to register additional abbreviations for use in signed cookies - And for validation when you use `datasette create-token` and pass in extra permissions - The https://latest.datasette.io/-/permissions debug interface needs it to add extra debug options to the `<select>` | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/1939/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
1486011362 | PR_kwDOBm6k_c5E3XqB | 1940 | register_permissions() plugin hook | 9599 | closed | 0 | 8711695 | 6 | 2022-12-09T05:09:28Z | 2022-12-13T02:05:55Z | 2022-12-13T02:05:54Z | OWNER | simonw/datasette/pulls/1940 | Refs #1939 From this comment: https://github.com/simonw/datasette/issues/1939#issuecomment-1343872168 - [x] Unit test for the registration plugin hook itself - [x] Use them in `check_permission_actions_are_documented` test in `conftest.py` - [x] Add description field to `Permissions` (and update tests and docs) - [x] Documentation for `datasette.permissions` dictionary - [x] If no `default=` provided in call to `permission_allowed()` then use default from `datasette.permissions` list - [x] Remove `default=` from a bunch of places - [x] Throw an error if two permissions are registered with the same name or abbreviation (but other attributes differ) - [x] Update authentication and permissions documentation to explain that permissions are now registered and have a registered default <!-- readthedocs-preview datasette start --> ---- :books: Documentation preview :books:: https://datasette--1940.org.readthedocs.build/en/1940/ <!-- readthedocs-preview datasette end --> | 107914493 | pull | { "url": "https://api.github.com/repos/simonw/datasette/issues/1940/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
0 | ||||
1486036269 | I_kwDOBm6k_c5Ykx0t | 1941 | Mechanism for supporting key rotation for DATASETTE_SECRET | 9599 | open | 0 | 1 | 2022-12-09T05:24:53Z | 2022-12-09T05:25:20Z | OWNER | Currently if you change `DATASETTE_SECRET` all existing signed tokens - both cookies and API tokens and potentially other things too - will instantly expire. Adding support for key rotation would allow keys to be rotated on a semi-regular basis without logging everyone out / invalidating every API token instantly. Can model this on how Django does it: https://github.com/django/django/commit/0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7 | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/1941/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |