{"html_url": "https://github.com/simonw/datasette/issues/1406#issuecomment-890259755", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1406", "id": 890259755, "node_id": "IC_kwDOBm6k_c41EEkr", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T00:04:54Z", "updated_at": "2021-07-31T00:04:54Z", "author_association": "OWNER", "body": "STILL failing. I'm going to try removing all instances of `isolated_filesystem()` in favour of a different pattern using pytest temporary files, then see if I can get that to work without the serial hack. ", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 956303470, "label": "Tests failing with FileNotFoundError in runner.isolated_filesystem"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1406#issuecomment-890390198", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1406", "id": 890390198, "node_id": "IC_kwDOBm6k_c41Eka2", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T18:55:33Z", "updated_at": "2021-07-31T18:55:33Z", "author_association": "OWNER", "body": "To clarify: the core problem here is that an error is thrown any time you call `os.getcwd()` but the directory you are currently in has been deleted.\r\n\r\n`runner.isolated_filesystem()` assumes that the current directory in has not been deleted. But the various temporary directory utilities in `pytest` work by creating directories and then deleting them.\r\n\r\nMaybe there's a larger problem here that I play a bit fast and loose with `os.chdir()` in both the test suite and in various lines of code in Datasette itself (in particular in the publish commands)?", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 956303470, "label": "Tests failing with FileNotFoundError in runner.isolated_filesystem"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1406#issuecomment-890390342", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1406", "id": 890390342, "node_id": "IC_kwDOBm6k_c41EkdG", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T18:56:35Z", "updated_at": "2021-07-31T18:56:35Z", "author_association": "OWNER", "body": "But... I've lost enough time to this already, and removing `runner.isolated_filesystem()` has the tests passing again. So I'm not going to work on this any more.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 956303470, "label": "Tests failing with FileNotFoundError in runner.isolated_filesystem"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1407#issuecomment-890388200", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1407", "id": 890388200, "node_id": "IC_kwDOBm6k_c41Ej7o", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T18:38:41Z", "updated_at": "2021-07-31T18:38:41Z", "author_association": "OWNER", "body": "The `path` variable there looked like this:\r\n\r\n`/private/var/folders/wr/hn3206rs1yzgq3r49bz8nvnh0000gn/T/pytest-of-simon/pytest-696/popen-gw0/uds0/datasette.sock`\r\n\r\nI think what's happening here is that `pytest-xdist` causes `tmp_path_factory.mktemp(\"uds\")` to create significantly longer paths, which in this case is breaking some limit.\r\n\r\nSo for this code to work with `pytest-xdist` I need to make sure the random path to `datasette.sock` is shorter.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957298475, "label": "OSError: AF_UNIX path too long in ds_unix_domain_socket_server"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1407#issuecomment-890388656", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1407", "id": 890388656, "node_id": "IC_kwDOBm6k_c41EkCw", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T18:42:41Z", "updated_at": "2021-07-31T18:42:41Z", "author_association": "OWNER", "body": "I'll try `tempfile.gettempdir()` - on macOS it returns something like `'/var/folders/wr/hn3206rs1yzgq3r49bz8nvnh0000gn/T'` which is still long but hopefully not too long.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957298475, "label": "OSError: AF_UNIX path too long in ds_unix_domain_socket_server"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1408#issuecomment-890390495", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1408", "id": 890390495, "node_id": "IC_kwDOBm6k_c41Ekff", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T18:57:39Z", "updated_at": "2021-07-31T18:57:39Z", "author_association": "OWNER", "body": "Opening this issue as an optional follow-up to the work I did in #1406.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957302085, "label": "Review places in codebase that use os.chdir(), in particularly relating to tests"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1408#issuecomment-890390845", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1408", "id": 890390845, "node_id": "IC_kwDOBm6k_c41Ekk9", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T19:00:32Z", "updated_at": "2021-07-31T19:00:32Z", "author_association": "OWNER", "body": "When I revisit this I can also look at dropping the `@pytest.mark.serial` hack, and maybe the `restore_working_directory()` fixture hack too:\r\n\r\nhttps://github.com/simonw/datasette/blob/ff253f5242e4b0b5d85d29d38b8461feb5ea997a/pytest.ini#L9-L10\r\n\r\nhttps://github.com/simonw/datasette/blob/ff253f5242e4b0b5d85d29d38b8461feb5ea997a/tests/conftest.py#L62-L75", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957302085, "label": "Review places in codebase that use os.chdir(), in particularly relating to tests"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1409#issuecomment-890397124", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1409", "id": 890397124, "node_id": "IC_kwDOBm6k_c41EmHE", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T19:51:10Z", "updated_at": "2021-07-31T19:51:10Z", "author_association": "OWNER", "body": "I think I may like `disable_sql` better. Some options:\r\n\r\n- `--setting allow_sql off` (consistent with `allow_facet` and `allow_download` and `allow_csv_stream` - all which default to `on` already)\r\n- `--setting disable_sql on`\r\n- `--setting disable_custom_sql on`\r\n\r\nThe existence of three `allow_*` settings does make a strong argument for staying consistent with that.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957310278, "label": "`default_allow_sql` setting (a re-imagining of the old `allow_sql` setting)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1409#issuecomment-890397169", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1409", "id": 890397169, "node_id": "IC_kwDOBm6k_c41EmHx", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T19:51:35Z", "updated_at": "2021-07-31T19:51:35Z", "author_association": "OWNER", "body": "I'm going to stick with `--setting allow_sql off`.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957310278, "label": "`default_allow_sql` setting (a re-imagining of the old `allow_sql` setting)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1409#issuecomment-890397261", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1409", "id": 890397261, "node_id": "IC_kwDOBm6k_c41EmJN", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T19:52:25Z", "updated_at": "2021-07-31T19:52:25Z", "author_association": "OWNER", "body": "I think I can make this modification by teaching the default permissions code here to take the `allow_sql` setting into account: https://github.com/simonw/datasette/blob/ff253f5242e4b0b5d85d29d38b8461feb5ea997a/datasette/default_permissions.py#L38-L45", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957310278, "label": "`default_allow_sql` setting (a re-imagining of the old `allow_sql` setting)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1409#issuecomment-890397652", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1409", "id": 890397652, "node_id": "IC_kwDOBm6k_c41EmPU", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T19:56:48Z", "updated_at": "2021-07-31T19:56:48Z", "author_association": "OWNER", "body": "The other option would be to use the setting to pick the `default=` argument when calling `self.ds.permission_allowed( request.actor, \"execute-sql\", resource=database, default=True)`.\r\n\r\nThe problem with that is that there are actually a few different places which perform that check, so changing all of them raises the risk of missing one in the future:\r\n\r\nhttps://github.com/simonw/datasette/blob/a6c8e7fa4cffdeff84e9e755dcff4788fd6154b8/datasette/views/table.py#L436-L444\r\n\r\nhttps://github.com/simonw/datasette/blob/a6c8e7fa4cffdeff84e9e755dcff4788fd6154b8/datasette/views/table.py#L964-L966\r\n\r\nhttps://github.com/simonw/datasette/blob/d23a2671386187f61872b9f6b58e0f80ac61f8fe/datasette/views/database.py#L220-L221\r\n\r\nhttps://github.com/simonw/datasette/blob/d23a2671386187f61872b9f6b58e0f80ac61f8fe/datasette/views/database.py#L343-L345\r\n\r\nhttps://github.com/simonw/datasette/blob/d23a2671386187f61872b9f6b58e0f80ac61f8fe/datasette/views/database.py#L134-L136\r\n", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957310278, "label": "`default_allow_sql` setting (a re-imagining of the old `allow_sql` setting)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1409#issuecomment-890397753", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1409", "id": 890397753, "node_id": "IC_kwDOBm6k_c41EmQ5", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T19:57:56Z", "updated_at": "2021-07-31T19:57:56Z", "author_association": "OWNER", "body": "I think the correct solution is for the default permissions logic to take the `allow_sql` setting into account, and to return `False` if that setting is set to `off` AND the current actor fails the `actor_matches_allow` checks.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957310278, "label": "`default_allow_sql` setting (a re-imagining of the old `allow_sql` setting)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1409#issuecomment-890399806", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1409", "id": 890399806, "node_id": "IC_kwDOBm6k_c41Emw-", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T20:18:46Z", "updated_at": "2021-07-31T20:18:46Z", "author_association": "OWNER", "body": "My rationale for removing it: https://github.com/simonw/datasette/issues/813#issuecomment-640916290\r\n\r\n> Naming problem: Datasette already has a config option with this name:\r\n>\r\n>     $ datasette serve data.db --config allow_sql:1\r\n>\r\n> https://datasette.readthedocs.io/en/stable/config.html#allow-sql\r\n>\r\n> It's confusing to have two things called `allow_sql` that do slightly different things.\r\n>\r\n> I could retire the `--config allow_sql:0` option entirely, since the new `metadata.json` mechanism can be used to achieve the exact same thing.\r\n> \r\n> I'm going to do that.\r\n\r\nThis is true. The `\"allow_sql\"` permissions block in `metadata.json` does indeed have a name that is easily confused with `--setting allow_sql off`.\r\n\r\nSo I definitely need to pick a different name from the setting. `--setting default_allow_sql off` is a good option here.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957310278, "label": "`default_allow_sql` setting (a re-imagining of the old `allow_sql` setting)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1409#issuecomment-890400059", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1409", "id": 890400059, "node_id": "IC_kwDOBm6k_c41Em07", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T20:21:51Z", "updated_at": "2021-07-31T20:21:51Z", "author_association": "OWNER", "body": "One of these two options:\r\n\r\n- `--setting default_allow_sql off`\r\n- `--setting allow_sql_default off`\r\n\r\nExisting settings from https://docs.datasette.io/en/0.58.1/settings.html with similar names that I need to be consistent with:\r\n\r\n- `default_page_size`\r\n- `allow_facet`\r\n- `default_facet_size`\r\n- `allow_download`\r\n- `default_cache_ttl`\r\n- `default_cache_ttl_hashed`\r\n- `allow_csv_stream`\r\n", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957310278, "label": "`default_allow_sql` setting (a re-imagining of the old `allow_sql` setting)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1409#issuecomment-890400121", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1409", "id": 890400121, "node_id": "IC_kwDOBm6k_c41Em15", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T20:22:21Z", "updated_at": "2021-07-31T20:23:34Z", "author_association": "OWNER", "body": "I think `default_allow_sql` is more consistent with the current naming conventions, because both `allow` and `default` are used as prefixes at the moment but neither of them are ever used as a suffix.\r\n\r\nPlus `default_allow_sql off` makes sense to me but `allow_default_sql off` does not - what is \"default SQL\"?", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957310278, "label": "`default_allow_sql` setting (a re-imagining of the old `allow_sql` setting)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1409#issuecomment-890400425", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1409", "id": 890400425, "node_id": "IC_kwDOBm6k_c41Em6p", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-07-31T20:25:16Z", "updated_at": "2021-07-31T20:26:25Z", "author_association": "OWNER", "body": "If I was prone to over-thinking (which I am) I'd note that `allow_facet` and `allow_download` and `allow_csv_stream` are all settings that do NOT have an equivalent in the newer permissions system, which is itself a little weird and inconsistent.\r\n\r\nSo maybe there's a future task where I introduce those as both permissions and metadata `\"allow_x\"` blocks, then rename the settings themselves to be called `default_allow_facet` and `default_allow_download` and `default_allow_csv_stream`.\r\n\r\nIf I was going to do that I should get it in before Datasette 1.0.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 957310278, "label": "`default_allow_sql` setting (a re-imagining of the old `allow_sql` setting)"}, "performed_via_github_app": null}