github
id | node_id | number | title | user | state | locked | assignee | milestone | comments | created_at | updated_at | closed_at | author_association | pull_request | body | repo | type | active_lock_reason | performed_via_github_app | reactions | draft | state_reason |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1423336089 | I_kwDOBm6k_c5U1mKZ | 1855 | `datasette create-token` ability to create tokens with a reduced set of permissions | 9599 | closed | 0 | 8711695 | 19 | 2022-10-26T02:20:52Z | 2022-12-14T01:24:49Z | 2022-12-13T05:20:24Z | OWNER | Initial design ideas: https://github.com/simonw/datasette/issues/1852#issuecomment-1289733483 > Token design concept: > > ```json > { > "t": { > "a": ["ir", "ur", "dr"], > "d": { > "fixtures": ["ir", "ur", "dr"] > }, > "t": { > "fixtures": { > "searchable": ["ir"] > } > } > } > } > ``` > > That JSON would be minified and signed. > > Minified version of the above looks like this (101 characters): > > `{"t":{"a":["ir","ur","dr"],"d":{"fixtures":["ir","ur","dr"]},"t":{"fixtures":{"searchable":["ir"]}}}}` > > The `"t"` key shows this is a token that as a default API key. > > `"a"` means "all" - these are permissions that have been granted on all tables and databases. > > `"d"` means "databases" - this is a way to set permissions for all tables in a specific database. > > `"t"` means "tables" - this lets you set permissions at a finely grained table level. > > Then the permissions themselves are two character codes which are shortened versions - so: > > * `ir` = `insert-row` > * `ur` = `update-row` > * `dr` = `delete-row` ## Remaining tasks - [x] Add these options to the `datasette create-token` command - [x] Tests for `datasette create-token` options - [x] Documentation for those options at https://docs.datasette.io/en/latest/authentication.html#datasette-create-token - [x] A way to handle permissions that don't have known abbreviations (permissions added by plugins). Probably need to solve the plugin permission registration problem as part of that - [x] Stop hard-coding names of actions in the `permission_allowed_actor_restrictions` function | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/1855/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
1495241162 | I_kwDOBm6k_c5ZH5HK | 1950 | Bad ?_sort returns a 500 error, should be a 400 | 9599 | closed | 0 | 2 | 2022-12-13T22:08:16Z | 2022-12-13T22:23:22Z | 2022-12-13T22:23:22Z | OWNER | https://latest.datasette.io/fixtures/facetable?_sort=bad <img width="453" alt="image" src="https://user-images.githubusercontent.com/9599/207454481-2ba2e2bd-7400-47a6-b8a1-f898a2d364d8.png"> | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/1950/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | ||||||
1491840863 | PR_kwDOBm6k_c5FMKSG | 1944 | Bump black from 22.10.0 to 22.12.0 | 49699333 | closed | 0 | 0 | 2022-12-12T13:05:11Z | 2022-12-13T05:23:31Z | 2022-12-13T05:23:30Z | CONTRIBUTOR | simonw/datasette/pulls/1944 | Bumps [black](https://github.com/psf/black) from 22.10.0 to 22.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/black/releases">black's releases</a>.</em></p> <blockquote> <h2>22.12.0</h2> <h3>Preview style</h3> <!-- raw HTML omitted --> <ul> <li>Enforce empty lines before classes and functions with sticky leading comments (<a href="https://github-redirect.dependabot.com/psf/black/issues/3302">#3302</a>)</li> <li>Reformat empty and whitespace-only files as either an empty file (if no newline is present) or as a single newline character (if a newline is present) (<a href="https://github-redirect.dependabot.com/psf/black/issues/3348">#3348</a>)</li> <li>Implicitly concatenated strings used as function args are now wrapped inside parentheses (<a href="https://github-redirect.dependabot.com/psf/black/issues/3307">#3307</a>)</li> <li>Correctly handle trailing commas that are inside a line's leading non-nested parens (<a href="https://github-redirect.dependabot.com/psf/black/issues/3370">#3370</a>)</li> </ul> <h3>Configuration</h3> <!-- raw HTML omitted --> <ul> <li>Fix incorrectly applied <code>.gitignore</code> rules by considering the <code>.gitignore</code> location and the relative path to the target file (<a href="https://github-redirect.dependabot.com/psf/black/issues/3338">#3338</a>)</li> <li>Fix incorrectly ignoring <code>.gitignore</code> presence when more than one source directory is specified (<a href="https://github-redirect.dependabot.com/psf/black/issues/3336">#3336</a>)</li> </ul> <h3>Parser</h3> <!-- raw HTML omitted --> <ul> <li>Parsing support has been added for walruses inside generator expression that are passed as function args (for example, <code>any(match := my_re.match(text) for text in texts)</code>) (<a href="https://github-redirect.dependabot.com/psf/black/issues/3327">#3327</a>).</li> </ul> <h3>Integrations</h3> <!-- raw HTML omitted --> <ul> <li>Vim plugin: Optionally allow using the system installation of Black via <code>let g:black_useā¦ | 107914493 | pull | { "url": "https://api.github.com/repos/simonw/datasette/issues/1944/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
0 | |||||
1485488236 | PR_kwDOBm6k_c5E1iJG | 1938 | "permissions" blocks in metadata.json/yaml | 9599 | closed | 0 | 8711695 | 3 | 2022-12-08T22:07:36Z | 2022-12-13T05:23:18Z | 2022-12-13T05:23:18Z | OWNER | simonw/datasette/pulls/1938 | Refs #1636 - [x] Documentation - [ ] Implementation - [ ] Validate metadata to check there are no nonsensical permissions (like `debug-menu` set at the table level) - [ ] Tests <!-- readthedocs-preview datasette start --> ---- :books: Documentation preview :books:: https://datasette--1938.org.readthedocs.build/en/1938/ <!-- readthedocs-preview datasette end --> | 107914493 | pull | { "url": "https://api.github.com/repos/simonw/datasette/issues/1938/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
0 | ||||
1493339206 | I_kwDOBm6k_c5ZAoxG | 1946 | `datasette --get` mechanism for sending tokens | 9599 | closed | 0 | 8711695 | 2 | 2022-12-13T04:25:05Z | 2022-12-13T04:36:57Z | 2022-12-13T04:36:57Z | OWNER | > For the tests for `datasette create-token` it would be useful if `datasette --get` had a mechanism for sending an `Authorization: Bearer X` header. _Originally posted by @simonw in https://github.com/simonw/datasette/issues/1855#issuecomment-1347731288_ | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/1946/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
1493306655 | I_kwDOBm6k_c5ZAg0f | 1945 | `view-instance` should not be checked for /-/actor.json | 9599 | closed | 0 | 8711695 | 0 | 2022-12-13T04:01:46Z | 2022-12-13T04:11:56Z | 2022-12-13T04:11:56Z | OWNER | Spotted this while testing: - #1855 ``` export TOKEN=$(datasette create-token root --secret s -a foo) curl -H "Authorization: Bearer $TOKEN" http://localhost:8002/-/actor.json ``` Returned a Forbidden error (and not in JSON either). | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/1945/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
1138008042 | I_kwDOBm6k_c5D1J_q | 1636 | "permissions" propery in metadata for configuring arbitrary permissions | 9599 | closed | 0 | 8711695 | 14 | 2022-02-15T00:25:59Z | 2022-12-13T02:40:50Z | 2022-12-13T02:40:50Z | OWNER | The `"allow"` block mechanism can already be used to configure various default permissions. When adding permissions to `datasette-tiddlywiki` I realized it would be good to be able to configure arbitrary permissions such as `edit-tiddlywiki` there too. | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/1636/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
1485757511 | I_kwDOBm6k_c5YjtxH | 1939 | register_permissions(datasette) plugin hook | 9599 | closed | 0 | 8711695 | 20 | 2022-12-09T01:33:25Z | 2022-12-13T02:07:50Z | 2022-12-13T02:05:56Z | OWNER | A plugin hook that adds more named permissions to the list which is initially populated here: https://github.com/simonw/datasette/blob/e539c1c024bc62d88df91d9107cbe37e7f0fe55f/datasette/permissions.py#L1-L19 Originally imagined this hook in this comment: - https://github.com/simonw/datasette/issues/1881#issuecomment-1301639370 I need this for a few reasons: - https://github.com/simonw/datasette/issues/1636 - Needs it in order to validate that permissions defined in `metadata.json` are set in the right place (don't set an instance permissions at table level for example) - https://github.com/simonw/datasette/issues/1855 - Needs it to be able to register additional abbreviations for use in signed cookies - And for validation when you use `datasette create-token` and pass in extra permissions - The https://latest.datasette.io/-/permissions debug interface needs it to add extra debug options to the `<select>` | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/1939/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
1486011362 | PR_kwDOBm6k_c5E3XqB | 1940 | register_permissions() plugin hook | 9599 | closed | 0 | 8711695 | 6 | 2022-12-09T05:09:28Z | 2022-12-13T02:05:55Z | 2022-12-13T02:05:54Z | OWNER | simonw/datasette/pulls/1940 | Refs #1939 From this comment: https://github.com/simonw/datasette/issues/1939#issuecomment-1343872168 - [x] Unit test for the registration plugin hook itself - [x] Use them in `check_permission_actions_are_documented` test in `conftest.py` - [x] Add description field to `Permissions` (and update tests and docs) - [x] Documentation for `datasette.permissions` dictionary - [x] If no `default=` provided in call to `permission_allowed()` then use default from `datasette.permissions` list - [x] Remove `default=` from a bunch of places - [x] Throw an error if two permissions are registered with the same name or abbreviation (but other attributes differ) - [x] Update authentication and permissions documentation to explain that permissions are now registered and have a registered default <!-- readthedocs-preview datasette start --> ---- :books: Documentation preview :books:: https://datasette--1940.org.readthedocs.build/en/1940/ <!-- readthedocs-preview datasette end --> | 107914493 | pull | { "url": "https://api.github.com/repos/simonw/datasette/issues/1940/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
0 |