github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/1636#issuecomment-1334759315 | https://api.github.com/repos/simonw/datasette/issues/1636 | 1334759315 | IC_kwDOBm6k_c5Pjs-T | 9599 | 2022-12-02T04:46:32Z | 2022-12-02T04:46:32Z | OWNER | Thankfully all of the logic for this already lives in just one place: https://github.com/simonw/datasette/blob/d7e5e3c9f98d194fdfb12f1ecc60ed5b3afbc464/datasette/default_permissions.py#L23-L59 | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1138008042 | |
https://github.com/simonw/datasette/issues/1636#issuecomment-1334758766 | https://api.github.com/repos/simonw/datasette/issues/1636 | 1334758766 | IC_kwDOBm6k_c5Pjs1u | 9599 | 2022-12-02T04:45:16Z | 2022-12-02T04:45:16Z | OWNER | Also, this is another thing which should live in `config.yml` rather than being crammed into `metadata.yml` - but I can fix that when I address: - #493 | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1138008042 | |
https://github.com/simonw/datasette/issues/1636#issuecomment-1334757597 | https://api.github.com/repos/simonw/datasette/issues/1636 | 1334757597 | IC_kwDOBm6k_c5Pjsjd | 9599 | 2022-12-02T04:42:35Z | 2022-12-02T04:42:35Z | OWNER | Should I call this key `permissions` or something else? Some options: - `permissions` - `perms` - shorter to type - `allow` - I like the word, but might be confusing to change its meaning since we use it already | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1138008042 | |
https://github.com/simonw/datasette/issues/1636#issuecomment-1334673179 | https://api.github.com/repos/simonw/datasette/issues/1636 | 1334673179 | IC_kwDOBm6k_c5PjX8b | 9599 | 2022-12-02T02:07:20Z | 2022-12-02T04:27:07Z | OWNER | So the new mechanism needs to extend that to handle all of the other permissions as well. The simplest design I can think of is this (here illustrated using YAML): ```yaml # instance-level permissions - give every logged in user the debug menu: permissions: debug-menu: id: * databases: content: # Allow bob to create-table in the content database permissions: create-table: id: bob ``` | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1138008042 | |
https://github.com/simonw/datasette/issues/1636#issuecomment-1334666806 | https://api.github.com/repos/simonw/datasette/issues/1636 | 1334666806 | IC_kwDOBm6k_c5PjWY2 | 9599 | 2022-12-02T01:58:40Z | 2022-12-02T02:00:53Z | OWNER | Current design: ```json { "databases": { "private": { "allow": { "id": "*" } } } } ``` This can be applied at the instance, database, table or query level within the nested JSON. https://docs.datasette.io/en/stable/authentication.html#controlling-access-to-specific-databases It's actually controlling the following permissions: - `view-instance` - `view-database` - `view-table` - `view-query` There's also a special case for allowing SQL queries,at the instance and database level: ```json { "databases": { "mydatabase": { "allow_sql": { "id": "root" } } } } ``` | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1138008042 |