github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/832#issuecomment-652103895 | https://api.github.com/repos/simonw/datasette/issues/832 | 652103895 | MDEyOklzc3VlQ29tbWVudDY1MjEwMzg5NQ== | 9599 | 2020-06-30T23:41:22Z | 2020-06-30T23:41:22Z | OWNER | I don't think this needs any additional documentation - the new behaviour matches how the permissions are documented here: https://datasette.readthedocs.io/en/0.44/authentication.html#built-in-permissions | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
636722501 | |
https://github.com/simonw/datasette/issues/832#issuecomment-651999516 | https://api.github.com/repos/simonw/datasette/issues/832 | 651999516 | MDEyOklzc3VlQ29tbWVudDY1MTk5OTUxNg== | 9599 | 2020-06-30T19:33:49Z | 2020-06-30T21:34:59Z | OWNER | Tests needed for this: - If a user has view table but NOT view database / view instance, can they view the table page? - If a user has view canned query but NOT view database / view instance, can they view the canned query page? - If a user has view database but NOT view instance, can they view the database page? | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
636722501 | |
https://github.com/simonw/datasette/issues/832#issuecomment-651995453 | https://api.github.com/repos/simonw/datasette/issues/832 | 651995453 | MDEyOklzc3VlQ29tbWVudDY1MTk5NTQ1Mw== | 9599 | 2020-06-30T19:25:13Z | 2020-06-30T19:25:26Z | OWNER | I'm going to put the new `check_permissions()` method on `BaseView` as well. If I want that method to be available to plugins I can do so by turning that `BaseView` class into a documented API that plugins are encouraged to use themselves. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
636722501 | |
https://github.com/simonw/datasette/issues/832#issuecomment-651994978 | https://api.github.com/repos/simonw/datasette/issues/832 | 651994978 | MDEyOklzc3VlQ29tbWVudDY1MTk5NDk3OA== | 9599 | 2020-06-30T19:24:12Z | 2020-06-30T19:24:12Z | OWNER | Hah... but check_permission` is a method on `BaseView`. Here are the various permission methods at the moment: https://github.com/simonw/datasette/blob/6c2634583627bfab750c115cb13850252821d637/datasette/default_permissions.py#L5-L14 And on BaseView: https://github.com/simonw/datasette/blob/a8a5f813722f72703a7aae41135ccc40635cc02f/datasette/views/base.py#L65-L70 | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
636722501 | |
https://github.com/simonw/datasette/issues/832#issuecomment-651993977 | https://api.github.com/repos/simonw/datasette/issues/832 | 651993977 | MDEyOklzc3VlQ29tbWVudDY1MTk5Mzk3Nw== | 9599 | 2020-06-30T19:22:06Z | 2020-06-30T19:22:06Z | OWNER | `permission_allowed` is already the name of the pugin hook. It's actually a bit confusing that it's also the name of a method on `datasette.`. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
636722501 | |
https://github.com/simonw/datasette/issues/832#issuecomment-651993537 | https://api.github.com/repos/simonw/datasette/issues/832 | 651993537 | MDEyOklzc3VlQ29tbWVudDY1MTk5MzUzNw== | 9599 | 2020-06-30T19:21:15Z | 2020-06-30T19:21:15Z | OWNER | I could rename `permission_allowed()` to `check_permission()` and have a complementary `check_permissions()` method. This is a breaking change but we're pre-1.0 so I think that's OK. I could even set up a temporary `permission_allowed()` alias which prints a deprecation warning to the console, then remove that at 1.0. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
636722501 | |
https://github.com/simonw/datasette/issues/832#issuecomment-651992737 | https://api.github.com/repos/simonw/datasette/issues/832 | 651992737 | MDEyOklzc3VlQ29tbWVudDY1MTk5MjczNw== | 9599 | 2020-06-30T19:19:33Z | 2020-06-30T19:20:02Z | OWNER | I already have this method on Datasette: ```python async def permission_allowed(self, actor, action, resource=None, default=False): ``` What would be a good method name that complements that and indicates "check a list of permissions in order"? Should it even run against the request or should you have to hand it `request.actor`? | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
636722501 |