github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/699#issuecomment-636510761 | https://api.github.com/repos/simonw/datasette/issues/699 | 636510761 | MDEyOklzc3VlQ29tbWVudDYzNjUxMDc2MQ== | 9599 | 2020-05-31T18:38:30Z | 2020-05-31T18:38:30Z | OWNER | I quite like `root` - it supports the idea that best practice is to NOT do things as the root account, but to use a plugin to set up separate accounts for different purposes. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582526961 | |
https://github.com/simonw/datasette/issues/699#issuecomment-636510647 | https://api.github.com/repos/simonw/datasette/issues/699 | 636510647 | MDEyOklzc3VlQ29tbWVudDYzNjUxMDY0Nw== | 9599 | 2020-05-31T18:37:39Z | 2020-05-31T18:37:39Z | OWNER | Maybe the default single account should be called something other than `admin`? The problem with `admin` is that it sounds like more of a role - in larger installations one can expect multiple admins. `root` may be better since there's clearly only one root account. Bit of a technical term though. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582526961 | |
https://github.com/simonw/datasette/issues/699#issuecomment-636510398 | https://api.github.com/repos/simonw/datasette/issues/699 | 636510398 | MDEyOklzc3VlQ29tbWVudDYzNjUxMDM5OA== | 9599 | 2020-05-31T18:35:57Z | 2020-05-31T18:36:05Z | OWNER | Again I will use exploratory prototyping to inform a decision on the minimum subset design for the `actor` dictionary. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582526961 | |
https://github.com/simonw/datasette/issues/699#issuecomment-636510303 | https://api.github.com/repos/simonw/datasette/issues/699 | 636510303 | MDEyOklzc3VlQ29tbWVudDYzNjUxMDMwMw== | 9599 | 2020-05-31T18:35:17Z | 2020-05-31T18:35:17Z | OWNER | Keeping the structure of the actor dictionary completely undefined doesn't make sense if Datasette is going to ship with a default authentication mechanism for admin users. I'm going to define a small set of required keys for the actor dictionary, and enforce them in code. But which keys? I feel I need a unique key representing the identity of the actor, plus a key that can be displayed in the "You are logged in as X" navigation. Maybe these are the same key? So the single required key could be `id`. Problem is: is that a string or an integer? Some use-cases may call for an integer, which matches to how SQLite auto incrementing primary keys work. `admin` is a string. Maybe `id` is required, `name` is optional - but if `name` is present then the "You are logged in as..." uses that in preference to `id`. `id` has to be a string, and if you want to store integer IDs in your database you need to remember to convert them to a string in your `actor_from_request` implementation. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582526961 | |
https://github.com/simonw/datasette/issues/699#issuecomment-636498913 | https://api.github.com/repos/simonw/datasette/issues/699 | 636498913 | MDEyOklzc3VlQ29tbWVudDYzNjQ5ODkxMw== | 9599 | 2020-05-31T17:04:50Z | 2020-05-31T17:06:40Z | OWNER | This also means some writable canned queries can allow writes from unauthenticated users (for stuff like feedback forms), while others can require an authenticated user - all with core Datasette without any plugins needed. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582526961 | |
https://github.com/simonw/datasette/issues/699#issuecomment-636499075 | https://api.github.com/repos/simonw/datasette/issues/699 | 636499075 | MDEyOklzc3VlQ29tbWVudDYzNjQ5OTA3NQ== | 9599 | 2020-05-31T17:06:09Z | 2020-05-31T17:06:09Z | OWNER | I believe that this plugin hook design is flexible enough that role-based permissions could be built on top of it as a separate plugin. Would be good to check that with a proof of concept though. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582526961 | |
https://github.com/simonw/datasette/issues/699#issuecomment-636498770 | https://api.github.com/repos/simonw/datasette/issues/699 | 636498770 | MDEyOklzc3VlQ29tbWVudDYzNjQ5ODc3MA== | 9599 | 2020-05-31T17:03:38Z | 2020-05-31T17:03:38Z | OWNER | I'm going to draw the line here: default Datasette supports authentication but only for a single user account ("admin"). Plugins can then add support for multiple user accounts, social auth, SSO etc. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582526961 | |
https://github.com/simonw/datasette/issues/699#issuecomment-636495124 | https://api.github.com/repos/simonw/datasette/issues/699 | 636495124 | MDEyOklzc3VlQ29tbWVudDYzNjQ5NTEyNA== | 9599 | 2020-05-31T16:36:08Z | 2020-05-31T16:36:08Z | OWNER | HTTP Basic auth would be a good default option. No need to build a custom login UI for it. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582526961 | |
https://github.com/simonw/datasette/issues/699#issuecomment-636495005 | https://api.github.com/repos/simonw/datasette/issues/699 | 636495005 | MDEyOklzc3VlQ29tbWVudDYzNjQ5NTAwNQ== | 9599 | 2020-05-31T16:35:10Z | 2020-05-31T16:35:26Z | OWNER | I think I want to keep full username/password authentication against a database table as a plugin. I'll experiment with Jupyter-style URLs as a starting point. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582526961 | |
https://github.com/simonw/datasette/issues/699#issuecomment-636494374 | https://api.github.com/repos/simonw/datasette/issues/699 | 636494374 | MDEyOklzc3VlQ29tbWVudDYzNjQ5NDM3NA== | 9599 | 2020-05-31T16:29:48Z | 2020-05-31T16:29:48Z | OWNER | If Datasette were to support authentication out-of-the-box, without plugins (which makes more sense with writable canned queries, #698) what would that look like? Some options: - Jupyter notebook style: output a magic URL on the console with a one-time token to authenticate the user as an "admin" - Really simple password authentication - via an environment variable perhaps? - SQL based authentication: I was going to do this as a plugin, but maybe it should be default? A way of configuring a SQL query which can be used to authenticate a user based on their username and password. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
582526961 |