html_url,issue_url,id,node_id,user,user_label,created_at,updated_at,author_association,body,reactions,issue,issue_label,performed_via_github_app
https://github.com/simonw/datasette/issues/1958#issuecomment-1352644274,https://api.github.com/repos/simonw/datasette/issues/1958,1352644274,IC_kwDOBm6k_c5Qn7ay,11729897,davidhaley,2022-12-14T14:19:24Z,2022-12-14T14:19:24Z,NONE,"Hmm, it appears after I kill the process with `Ctrl+c`:
","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1497909798,datasette --root running in Docker doesn't reliably show the magic URL,
https://github.com/simonw/datasette/issues/1958#issuecomment-1352644270,https://api.github.com/repos/simonw/datasette/issues/1958,1352644270,IC_kwDOBm6k_c5Qn7au,11729897,davidhaley,2022-12-14T00:05:16Z,2022-12-14T00:05:16Z,NONE,"FYI @simonw, I don't see that message.
","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1497909798,datasette --root running in Docker doesn't reliably show the magic URL,
https://github.com/simonw/datasette/issues/1958#issuecomment-1352644276,https://api.github.com/repos/simonw/datasette/issues/1958,1352644276,IC_kwDOBm6k_c5Qn7a0,11729897,davidhaley,2022-12-14T14:53:53Z,2022-12-14T14:53:53Z,NONE,"I don't have much experience with Python; however, I wonder if this print statement needs `flush=True`?
https://github.com/simonw/datasette/blob/fdf7c27b5438f02153c3a7f8ad1b320e4b29e4f4/datasette/cli.py#L621","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1497909798,datasette --root running in Docker doesn't reliably show the magic URL,
https://github.com/simonw/datasette/issues/1949#issuecomment-1352340518,https://api.github.com/repos/simonw/datasette/issues/1949,1352340518,IC_kwDOBm6k_c5QmxQm,9599,simonw,2022-12-14T23:07:01Z,2022-12-14T23:07:01Z,OWNER,"Easiest fix would be to look for `accept: application/json` and/or `content-type: application/json` headers.
Not bullet-proof, so people might occasionally make JSON requests and get back an HTML error - but the documentation can tell people that they need to send those headers if they want to reliably get back JSON error messages.
I'm happy with this as a solution.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493471221,`.json` errors should be returned as JSON,
https://github.com/simonw/datasette/issues/1949#issuecomment-1352338620,https://api.github.com/repos/simonw/datasette/issues/1949,1352338620,IC_kwDOBm6k_c5Qmwy8,9599,simonw,2022-12-14T23:05:17Z,2022-12-14T23:05:17Z,OWNER,"Sniffing for a `{` is a little bit tricky though, as the post body is lazily loaded on request here:
https://github.com/simonw/datasette/blob/9ad76d279e2c3874ca5070626a25458ce129f126/datasette/utils/asgi.py#L127-L135","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493471221,`.json` errors should be returned as JSON,
https://github.com/simonw/datasette/issues/1949#issuecomment-1352335503,https://api.github.com/repos/simonw/datasette/issues/1949,1352335503,IC_kwDOBm6k_c5QmwCP,9599,simonw,2022-12-14T23:03:28Z,2022-12-14T23:03:28Z,OWNER,"This raises a more complicated issue
At some point I'm likely to want to add an HTML interface for creating tables and inserting and updating rows.
The obvious URLs for that are the same as for the JSON API: `/db/table/-/insert` and suchlike.
Those endpoints are currently POST only - and can return JSON all the time.
If they start accepting form POSTs too they'll need to be able to accept form-encoded data and return HTML instead. That's OK - they can detect incoming JSON thanks to the `content-type` header an the fact that the request body starts with `{` - but the `should_return_json` fix described above could intefere with how errors are returned if I'm not careful.
I think it can still work though: I'll only set `should_return_json = True` if the endpoint gets a POST with a body starting `{`, or a content-type JSON header.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493471221,`.json` errors should be returned as JSON,
https://github.com/simonw/datasette/issues/1949#issuecomment-1352331314,https://api.github.com/repos/simonw/datasette/issues/1949,1352331314,IC_kwDOBm6k_c5QmvAy,9599,simonw,2022-12-14T22:59:36Z,2022-12-14T22:59:36Z,OWNER,I'm going to prototype that up to see what it looks like.,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493471221,`.json` errors should be returned as JSON,
https://github.com/simonw/datasette/issues/1949#issuecomment-1352329027,https://api.github.com/repos/simonw/datasette/issues/1949,1352329027,IC_kwDOBm6k_c5QmudD,9599,simonw,2022-12-14T22:56:24Z,2022-12-14T22:57:19Z,OWNER,"Most `.json` errors DO return as JSON, thanks to this:
https://github.com/simonw/datasette/blob/c094dde3ff2bae030f261e6440d4fb082eb860a9/datasette/handle_exception.py#L19-L24
https://github.com/simonw/datasette/blob/c094dde3ff2bae030f261e6440d4fb082eb860a9/datasette/handle_exception.py#L57-L58
But that code triggers when the URL ends with `.json` - and none of the JSON write API endpoints (things like `/db/-/create` and `/db/table/-/insert`) follow that convention.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493471221,`.json` errors should be returned as JSON,
https://github.com/simonw/datasette/issues/1949#issuecomment-1352330825,https://api.github.com/repos/simonw/datasette/issues/1949,1352330825,IC_kwDOBm6k_c5Qmu5J,9599,simonw,2022-12-14T22:58:51Z,2022-12-14T22:59:27Z,OWNER,"I need a way for those JSON endpoints to communicate back to the `handle_exception` handler that they are returning JSON, so it knows to behave differently.
Since it gets the `request` object, one way could be to have view code set `request.should_return_json = True` so that the handler knows to do something different.
It's a bit of a cludge though!","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493471221,`.json` errors should be returned as JSON,
https://github.com/simonw/datasette/issues/1957#issuecomment-1352371019,https://api.github.com/repos/simonw/datasette/issues/1957,1352371019,IC_kwDOBm6k_c5Qm4tL,9599,simonw,2022-12-14T23:50:50Z,2022-12-14T23:50:50Z,OWNER,"One option: if any rows were truncated, show a button you can click to run the query again with truncation disabled - maybe with `?_truncate=off` in the URL or similar.
But... still want to truncate if the user runs a query that would return multiple MBs of HTML (assuming the other Datasette query limits don't stop that from happening).","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1497577017,Reconsider row value truncation on query page,
https://github.com/simonw/datasette/issues/1295#issuecomment-1352357322,https://api.github.com/repos/simonw/datasette/issues/1295,1352357322,IC_kwDOBm6k_c5Qm1XK,9599,simonw,2022-12-14T23:28:49Z,2022-12-14T23:28:49Z,OWNER,"Related:
- #1875","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",855296937,Errors should have links to further information,
https://github.com/simonw/datasette/issues/1949#issuecomment-1352356356,https://api.github.com/repos/simonw/datasette/issues/1949,1352356356,IC_kwDOBm6k_c5Qm1IE,9599,simonw,2022-12-14T23:27:25Z,2022-12-14T23:28:16Z,OWNER,"Also weird: errors returned by that mechanism look like this:
```json
{
""ok"": false,
""errors"": [""list of error messages""]
}
```
While errors returned by the rest of Datasette look like this: https://latest.datasette.io/fixtures/no_table.json
```json
{
""ok"": false,
""error"": ""Table not found: no_table"",
""status"": 404,
""title"": null
}
```
Related:
- #1875","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493471221,`.json` errors should be returned as JSON,
https://github.com/simonw/datasette/issues/1949#issuecomment-1352354927,https://api.github.com/repos/simonw/datasette/issues/1949,1352354927,IC_kwDOBm6k_c5Qm0xv,9599,simonw,2022-12-14T23:25:06Z,2022-12-14T23:25:14Z,OWNER,"Looks like the code I've written for permission checking on `TableCreateView` and friends doesn't use the regular `raise Forbidden` or `raise DatasetteError` mechanisms - it does its own thing here:
https://github.com/simonw/datasette/blob/9ad76d279e2c3874ca5070626a25458ce129f126/datasette/views/database.py#L580-L584
Which uses this:
https://github.com/simonw/datasette/blob/9ad76d279e2c3874ca5070626a25458ce129f126/datasette/views/base.py#L547-L548
Having two different patterns to return errors is bad, I should fix that.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493471221,`.json` errors should be returned as JSON,
https://github.com/simonw/datasette/issues/1956#issuecomment-1352075845,https://api.github.com/repos/simonw/datasette/issues/1956,1352075845,IC_kwDOBm6k_c5QlwpF,9599,simonw,2022-12-14T19:57:17Z,2022-12-14T19:58:22Z,OWNER,"I'm going to test this using calls to `ds.permission_allowed()` with an actor with `_r` block.
I can add extra tests to https://github.com/simonw/datasette/blob/1a3dcf494376e32f7cff110c86a88e5b0a3f3924/tests/test_permissions.py#L605-L616","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1497288666,Handle abbreviations properly in permission_allowed_actor_restrictions,
https://github.com/simonw/datasette/issues/1956#issuecomment-1352070655,https://api.github.com/repos/simonw/datasette/issues/1956,1352070655,IC_kwDOBm6k_c5QlvX_,9599,simonw,2022-12-14T19:54:36Z,2022-12-14T19:54:36Z,OWNER,Also this code should work with non-abbreviations too.,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1497288666,Handle abbreviations properly in permission_allowed_actor_restrictions,
https://github.com/simonw/datasette/issues/1952#issuecomment-1350415644,https://api.github.com/repos/simonw/datasette/issues/1952,1350415644,IC_kwDOBm6k_c5QfbUc,9599,simonw,2022-12-14T05:22:59Z,2022-12-14T05:22:59Z,OWNER,"Non-memory named databases shouldn't show write actions, since those won't persist.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1495716243,Improvements to /-/create-token restrictions interface,
https://github.com/simonw/datasette/issues/1947#issuecomment-1350414961,https://api.github.com/repos/simonw/datasette/issues/1947,1350414961,IC_kwDOBm6k_c5QfbJx,9599,simonw,2022-12-14T05:22:00Z,2022-12-14T05:22:00Z,OWNER,I think the next big step for this feature is for me to actually use it to build a few things.,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493390939,UI to create reduced scope tokens from the `/-/create-token` page,
https://github.com/simonw/datasette/issues/1947#issuecomment-1350414402,https://api.github.com/repos/simonw/datasette/issues/1947,1350414402,IC_kwDOBm6k_c5QfbBC,9599,simonw,2022-12-14T05:21:07Z,2022-12-14T05:21:07Z,OWNER,"It would be neat not to show write permissions against immutable databases too - and not hard from a performance perspective since it doesn't involve hundreds more permission checks.
That will need permissions to grow a flag for if they need a mutable database though, which is a bigger job.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493390939,UI to create reduced scope tokens from the `/-/create-token` page,
https://github.com/simonw/datasette/issues/1947#issuecomment-1350413555,https://api.github.com/repos/simonw/datasette/issues/1947,1350413555,IC_kwDOBm6k_c5Qfazz,9599,simonw,2022-12-14T05:19:52Z,2022-12-14T05:19:52Z,OWNER,"Maybe I should have kept `_memory` listed for instances that are running with `--crossdb` enabled?
Yeah I think I should.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493390939,UI to create reduced scope tokens from the `/-/create-token` page,
https://github.com/simonw/datasette/issues/1947#issuecomment-1350409537,https://api.github.com/repos/simonw/datasette/issues/1947,1350409537,IC_kwDOBm6k_c5QfZ1B,9599,simonw,2022-12-14T05:14:16Z,2022-12-14T05:14:16Z,OWNER,"New interface now live at https://latest.datasette.io/-/create-token
It shouldn't be showing `_memory` though.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493390939,UI to create reduced scope tokens from the `/-/create-token` page,
https://github.com/simonw/datasette/issues/1947#issuecomment-1350402667,https://api.github.com/repos/simonw/datasette/issues/1947,1350402667,IC_kwDOBm6k_c5QfYJr,9599,simonw,2022-12-14T05:05:10Z,2022-12-14T05:05:10Z,OWNER,"Tests can go here:
https://github.com/simonw/datasette/blob/d98a8effb10ce8fe04a03eae42baa8a9cb0ca3f7/tests/test_auth.py#L143-L160","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493390939,UI to create reduced scope tokens from the `/-/create-token` page,
https://github.com/simonw/datasette/issues/1947#issuecomment-1350401651,https://api.github.com/repos/simonw/datasette/issues/1947,1350401651,IC_kwDOBm6k_c5QfX5z,9599,simonw,2022-12-14T05:03:59Z,2022-12-14T05:03:59Z,OWNER,I shipped a working interface. Could still do with some extra tests.,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493390939,UI to create reduced scope tokens from the `/-/create-token` page,
https://github.com/simonw/datasette/issues/1951#issuecomment-1350231654,https://api.github.com/repos/simonw/datasette/issues/1951,1350231654,IC_kwDOBm6k_c5QeuZm,9599,simonw,2022-12-14T01:48:50Z,2022-12-14T01:48:57Z,OWNER,I like that the word `restrict` reflects the `_r` in the actor/token.,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1495431932,`datasette.create_token(...)` method for creating signed API tokens,
https://github.com/simonw/datasette/issues/1951#issuecomment-1350222701,https://api.github.com/repos/simonw/datasette/issues/1951,1350222701,IC_kwDOBm6k_c5QesNt,9599,simonw,2022-12-14T01:35:05Z,2022-12-14T01:35:22Z,OWNER,"Maybe this:
```python
datasette.create_token(""root"", expires_after=3600, restrict_all=(""view-query"", ""view-table""))
token = datasette.create_token(""root"", expires_after=3600, restrict_database={
""fixtures"": (""view-query"",)
})
token = datasette.create_token(""root"", expires_after=3600, restrict_resource={
""fixtures"": {
""facetable"": (""insert-row"", ""update-row"")
}
})
```","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1495431932,`datasette.create_token(...)` method for creating signed API tokens,
https://github.com/simonw/datasette/issues/1951#issuecomment-1350220579,https://api.github.com/repos/simonw/datasette/issues/1951,1350220579,IC_kwDOBm6k_c5Qersj,9599,simonw,2022-12-14T01:31:38Z,2022-12-14T01:31:38Z,OWNER,"The problem with `all=(..)` is it feels misleading - it's actually restricting the permissions made available to the token.
Likewise, `databases=` being a dict of restricted permissions isn't completely obvious.
And the nested `tables=` dictionary feels a bit odd too.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1495431932,`datasette.create_token(...)` method for creating signed API tokens,
https://github.com/simonw/datasette/issues/1951#issuecomment-1350218177,https://api.github.com/repos/simonw/datasette/issues/1951,1350218177,IC_kwDOBm6k_c5QerHB,9599,simonw,2022-12-14T01:27:45Z,2022-12-14T01:30:41Z,OWNER,"Some sketches:
```python
# Token for root user
token = datasette.create_token(""root"")
# Expiring in an hour
token = datasette.create_token(""root"", expires_after=3600)
```
More complicated is when you want to restrict to specific permissions:
```python
# Limited to view-query and view-table
token = datasette.create_token(""root"", expires_after=3600, all=(""view-query"", ""view-table""))
# I'm not sure about that all= name
# Limits within a specific database:
token = datasette.create_token(""root"", expires_after=3600, databases={
""fixtures"": (""view-query"",)
})
# And specific tables:
token = datasette.create_token(""root"", expires_after=3600, tables={
""fixtures"": {
""facetable"": (""insert-row"", ""update-row"")
}
})
```","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1495431932,`datasette.create_token(...)` method for creating signed API tokens,
https://github.com/simonw/datasette/issues/1947#issuecomment-1350215936,https://api.github.com/repos/simonw/datasette/issues/1947,1350215936,IC_kwDOBm6k_c5QeqkA,9599,simonw,2022-12-14T01:23:42Z,2022-12-14T01:23:42Z,OWNER,"With tilde-encoding for database and table names the HTML looks like this:
```html
```","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493390939,UI to create reduced scope tokens from the `/-/create-token` page,
https://github.com/simonw/datasette/issues/1951#issuecomment-1350217380,https://api.github.com/repos/simonw/datasette/issues/1951,1350217380,IC_kwDOBm6k_c5Qeq6k,9599,simonw,2022-12-14T01:26:22Z,2022-12-14T01:26:22Z,OWNER,"It's going to look very similar to the CLI tool, at least in terms of capabilities:
```
Usage: datasette create-token [OPTIONS] ID
Create a signed API token for the specified actor ID
Example:
datasette create-token root --secret mysecret
To allow only ""view-database-download"" for all databases:
datasette create-token root --secret mysecret \
--all view-database-download
To allow ""create-table"" against a specific database:
datasette create-token root --secret mysecret \
--database mydb create-table
To allow ""insert-row"" against a specific table:
datasette create-token root --secret myscret \
--resource mydb mytable insert-row
Restricted actions can be specified multiple times using multiple --all,
--database, and --resource options.
Add --debug to see a decoded version of the token.
```","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1495431932,`datasette.create_token(...)` method for creating signed API tokens,
https://github.com/simonw/datasette/issues/1947#issuecomment-1350148192,https://api.github.com/repos/simonw/datasette/issues/1947,1350148192,IC_kwDOBm6k_c5QeaBg,9599,simonw,2022-12-14T00:19:06Z,2022-12-14T00:19:06Z,OWNER,"Another option: I could set a time limit - say 200ms - on how long I'm willing to spend calculating permissions before displaying this form
First calculate view permissions for tables and databases (and maybe views and canned queries too).
Then see if I can check every permission that I'm going to show as a checkbox on this page. If I get that done within the time limit use that to show the options.
If I run out of time show all options and maybe include a note saying that some of them may not actually be available.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493390939,UI to create reduced scope tokens from the `/-/create-token` page,
https://github.com/simonw/datasette/issues/1947#issuecomment-1350125018,https://api.github.com/repos/simonw/datasette/issues/1947,1350125018,IC_kwDOBm6k_c5QeUXa,9599,simonw,2022-12-14T00:08:09Z,2022-12-14T00:08:09Z,OWNER,Also: don't show hidden tables.,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493390939,UI to create reduced scope tokens from the `/-/create-token` page,
https://github.com/simonw/datasette/issues/1947#issuecomment-1350124381,https://api.github.com/repos/simonw/datasette/issues/1947,1350124381,IC_kwDOBm6k_c5QeUNd,9599,simonw,2022-12-14T00:07:51Z,2022-12-14T00:07:51Z,OWNER,"Another thing to consider in the future: once Datasette can support thousands of tables (see #417) the list on this page will turn into multiple MBs of HTML, which may cause all kinds of problems - not to mention the overhead of all of those table visibility permission checks.
Hopefully by then I'll have a good fix for the permission listings problem:
- #1152
And I can apply the same mechanism here.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1493390939,UI to create reduced scope tokens from the `/-/create-token` page,
https://github.com/simonw/datasette/issues/1951#issuecomment-1350293098,https://api.github.com/repos/simonw/datasette/issues/1951,1350293098,IC_kwDOBm6k_c5Qe9Zq,9599,simonw,2022-12-14T02:43:44Z,2022-12-14T02:43:44Z,OWNER,Documentation for the new method: https://docs.datasette.io/en/latest/internals.html#create-token-actor-id-expires-after-none-restrict-all-none-restrict-database-none-restrict-resource-none,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1495431932,`datasette.create_token(...)` method for creating signed API tokens,