github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/1852#issuecomment-1291243333 | https://api.github.com/repos/simonw/datasette/issues/1852 | 1291243333 | IC_kwDOBm6k_c5M9s9F | 9599 | 2022-10-25T23:25:13Z | 2022-10-25T23:25:13Z | OWNER | A `/-/debug-token` page that can take a token and decode it to show you how long until it expires, what actor it represents and the permissions it has will be useful as well. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1421552095 | |
https://github.com/simonw/datasette/issues/1852#issuecomment-1291234262 | https://api.github.com/repos/simonw/datasette/issues/1852 | 1291234262 | IC_kwDOBm6k_c5M9qvW | 9599 | 2022-10-25T23:11:23Z | 2022-10-25T23:11:23Z | OWNER | I'm going to build an initial `/-/create-token` interface which just bakes a token with the current actor in it and an optional expiry timestamp. I'll try the limited permissions thing later. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1421552095 | |
https://github.com/simonw/datasette/issues/1852#issuecomment-1291233652 | https://api.github.com/repos/simonw/datasette/issues/1852 | 1291233652 | IC_kwDOBm6k_c5M9ql0 | 9599 | 2022-10-25T23:10:20Z | 2022-10-25T23:10:44Z | OWNER | In which case the token would need to duplicate the current `actor` and then add extra constraints. So maybe the token design looks like this: ```json { "a": { "copy_of": "actor_creating_token"}, "p": { "t": "... the thing designed earlier, with those permissions in it" }, "e": "integer timestamp when token expires" } ``` | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1421552095 | |
https://github.com/simonw/datasette/issues/1852#issuecomment-1291232589 | https://api.github.com/repos/simonw/datasette/issues/1852 | 1291232589 | IC_kwDOBm6k_c5M9qVN | 9599 | 2022-10-25T23:08:37Z | 2022-10-25T23:08:37Z | OWNER | ... so maybe there's a way to create a token that inherits the exact permissions of the actor that created the token? That could even be a default mode for tokens, with an option to then further restrict permissions if desired. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1421552095 | |
https://github.com/simonw/datasette/issues/1852#issuecomment-1291231651 | https://api.github.com/repos/simonw/datasette/issues/1852 | 1291231651 | IC_kwDOBm6k_c5M9qGj | 9599 | 2022-10-25T23:07:17Z | 2022-10-25T23:07:17Z | OWNER | Interesting challenge: what permissions should users be allowed to grant to tokens? Clearly a user should not be able to create a token with a permission that the user themselves does not have. And should there be a permission that allows people to create tokens? I think so. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1421552095 | |
https://github.com/simonw/datasette/issues/1852#issuecomment-1291227942 | https://api.github.com/repos/simonw/datasette/issues/1852 | 1291227942 | IC_kwDOBm6k_c5M9pMm | 9599 | 2022-10-25T23:01:18Z | 2022-10-25T23:01:18Z | OWNER | Datasette currently defaults to having everything public-readable by default, unless a permission plugin changes that default. In thinking more about this API mechanism, I realized that it might be good to have a mode where Datasette _doesn't_ default to public everything. Maybe `datasette --private` to start it like that? Might even be an opportunity to get rid of the current slightly confusing mechanism where permission checks can announce that they should default to true: https://github.com/simonw/datasette/blob/c7dd76c26257ded5bcdfd0570e12412531b8b88f/datasette/views/database.py#L152-L154 | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1421552095 |