{"html_url": "https://github.com/simonw/datasette/issues/215#issuecomment-640121917", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/215", "id": 640121917, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDEyMTkxNw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-06T21:42:58Z", "updated_at": "2020-06-07T05:58:36Z", "author_association": "OWNER", "body": "I might use some dependency injection here, with `call_with_supported_arguments()` from https://github.com/simonw/datasette/commit/41a0cd7b6afe0397efbbf27ad822679fc574811a#diff-942305c83055fdc0ff5f4e7d6ab06b29\r\n\r\nMaybe a view function can take `request` and optionally also take `datasette`? Or `scope` or `receive` or `send`.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 314506669, "label": "Allow plugins to define additional URL routes and views"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/807#issuecomment-640135332", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/807", "id": 640135332, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDEzNTMzMg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T00:13:51Z", "updated_at": "2020-06-07T00:13:51Z", "author_association": "OWNER", "body": "These should not be shipped as the latest version on Docker Hub. They also should not become the \"stable\" release on ReadTheDocs.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 632843030, "label": "Ability to ship alpha and beta releases"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/808#issuecomment-640152036", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/808", "id": 640152036, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDE1MjAzNg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T03:38:07Z", "updated_at": "2020-06-07T03:38:07Z", "author_association": "OWNER", "body": "I'm going to need to add permissions documentation for this.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 632918799, "label": "Permission check for every view in Datasette (plus docs)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/808#issuecomment-640157216", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/808", "id": 640157216, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDE1NzIxNg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T04:58:40Z", "updated_at": "2020-06-07T04:58:40Z", "author_association": "OWNER", "body": "... and I want a unit test which confirms that all permissions are documented.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 632918799, "label": "Permission check for every view in Datasette (plus docs)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/800#issuecomment-640160487", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/800", "id": 640160487, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDE2MDQ4Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T05:34:07Z", "updated_at": "2020-06-07T05:34:07Z", "author_association": "OWNER", "body": "See #810 for work to finish this.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 631931408, "label": "Canned query permissions mechanism"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640248669", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640248669, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI0ODY2OQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T17:01:44Z", "updated_at": "2020-06-07T17:01:44Z", "author_association": "OWNER", "body": "If the allow block at the database level forbids access this needs to cascade down to the table, query and row levels as well.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/810#issuecomment-640248864", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/810", "id": 640248864, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI0ODg2NA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T17:03:15Z", "updated_at": "2020-06-07T17:03:15Z", "author_association": "OWNER", "body": "This is obsoleted by #811.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633066114, "label": "Refactor permission check for canned query"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640248972", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640248972, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI0ODk3Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T17:04:22Z", "updated_at": "2020-06-07T17:04:22Z", "author_association": "OWNER", "body": "I'll need a neat testing pattern for this.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640270178", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640270178, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI3MDE3OA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T19:48:39Z", "updated_at": "2020-06-07T19:48:39Z", "author_association": "OWNER", "body": "Testing pattern:\r\n```python\r\ndef test_canned_query_with_custom_metadata(app_client):\r\n    response = app_client.get(\"/fixtures/neighborhood_search?text=town\")\r\n    assert_permissions_checked(\r\n        app_client.ds,\r\n        [\r\n            \"view-instance\",\r\n            (\"view-database\", \"database\", \"fixtures\"),\r\n            (\"view-query\", \"query\", (\"fixtures\", \"neighborhood_search\")),\r\n        ],\r\n    )\r\n```\r\n", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640273945", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640273945, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI3Mzk0NQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T20:19:15Z", "updated_at": "2020-06-07T20:19:15Z", "author_association": "OWNER", "body": "I'm going to add a `test_permissions.py` module that checks for 403 errors against different patterns of the `actors` block at different levels in `metadata.json`.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640274171", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640274171, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI3NDE3MQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T20:21:14Z", "updated_at": "2020-06-07T20:21:14Z", "author_association": "OWNER", "body": "Next step: fix this\r\n```\r\n-            # TODO: fix this to use that permission check\r\n-            if not actor_matches_allow(\r\n-                request.scope.get(\"actor\", None), metadata.get(\"allow\")\r\n-            ):\r\n-                return Response(\"Permission denied\", status=403)\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/801#issuecomment-640277557", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/801", "id": 640277557, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI3NzU1Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T20:48:00Z", "updated_at": "2020-06-07T20:48:00Z", "author_association": "OWNER", "body": "Now that I'm expanding permission checks to everything else too (#811), not just canned queries, I think it makes sense to re-prioritize this.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 631932926, "label": "allow_by_query setting for configuring permissions with a SQL statement"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/801#issuecomment-640277775", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/801", "id": 640277775, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI3Nzc3NQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T20:49:40Z", "updated_at": "2020-06-07T20:49:40Z", "author_association": "OWNER", "body": "I'm going to pass the entire actor object as a dictionary of available named query parameters. So if the actor looks like this:\r\n```json\r\n{\r\n    \"id\": \"simonw\",\r\n    \"roles\": [\"staff\", \"developer\"]\r\n}\r\n```\r\nThen the SQL query will be called like this:\r\n\r\n```python\r\nconn.execute(sql, {\r\n  \"id\": \"simonw\",\r\n  \"roles: '[\"staff\", \"developer\"]',\r\n})\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 631932926, "label": "allow_by_query setting for configuring permissions with a SQL statement"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/395#issuecomment-640280741", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/395", "id": 640280741, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI4MDc0MQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T21:12:57Z", "updated_at": "2020-06-07T21:12:57Z", "author_association": "OWNER", "body": "This is a pattern I like:\r\n```python\r\n    with make_app_client(\r\n        template_dir=str(pathlib.Path(__file__).parent / \"test_templates\")\r\n    ) as client:\r\n        response = client.get(\"/-/metadata\")\r\n        assert response.status == 200\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 396215043, "label": "Find a cleaner pattern for fixtures with arguments"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/811#issuecomment-640287967", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/811", "id": 640287967, "node_id": "MDEyOklzc3VlQ29tbWVudDY0MDI4Nzk2Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-06-07T22:16:10Z", "updated_at": "2020-06-07T22:16:10Z", "author_association": "OWNER", "body": "The tests in test_permissions.py could check the .json variants and assert that permission checks were carried out too.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 633578769, "label": "Support \"allow\" block on root, databases and tables, not just queries"}, "performed_via_github_app": null}