github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/1152#issuecomment-748206874 | https://api.github.com/repos/simonw/datasette/issues/1152 | 748206874 | MDEyOklzc3VlQ29tbWVudDc0ODIwNjg3NA== | 9599 | 2020-12-18T17:03:00Z | 2020-12-22T23:58:04Z | OWNER | Another permissions thought: what if ALL Datasette permissions were default-deny, and plugins could only grant permission to things, not block permission? Right now a plugin can reply `False` to block, `True` to allow or `None` for "I have no opinion on this, ask someone else" - but even I'm confused by the interactions between block and allow and I implemented the system! If everything in Datasette was default-deny then the user could use `--public-view` as an option when starting the server to default-allow view actions. More importantly: plugins could return SQL statements that select a list of databases/tables the user is allowed access to. These could then be combined with `UNION` to create a full list of available resources. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
770598024 | |
https://github.com/simonw/datasette/issues/1152#issuecomment-747920515 | https://api.github.com/repos/simonw/datasette/issues/1152 | 747920515 | MDEyOklzc3VlQ29tbWVudDc0NzkyMDUxNQ== | 9599 | 2020-12-18T07:29:21Z | 2020-12-22T23:57:29Z | OWNER | Could I solve this using a configured canned query against the `_internal` tables with the actor's properties as inputs? | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
770598024 |