issue_comments: 1349975255
This data as json
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/1947#issuecomment-1349975255 | https://api.github.com/repos/simonw/datasette/issues/1947 | 1349975255 | IC_kwDOBm6k_c5QdvzX | 9599 | 2022-12-13T23:00:11Z | 2022-12-13T23:00:11Z | OWNER | My `<select multiple>` prototype: ```diff diff --git a/datasette/templates/create_token.html b/datasette/templates/create_token.html index a94881ed..5bd641cc 100644 --- a/datasette/templates/create_token.html +++ b/datasette/templates/create_token.html @@ -6,7 +6,7 @@ <h1>Create an API token</h1> -<p>This token will allow API access with the same abilities as your current user.</p> +<p>This token will allow API access with the same abilities as your current user, <strong>{{ request.actor.id }}</strong></p> {% if errors %} {% for error in errors %} @@ -28,6 +28,36 @@ <input type="hidden" name="csrftoken" value="{{ csrftoken() }}"> <input type="submit" value="Create token"> </div> + + <details style="margin-top: 1em" open> + <summary style="cursor: pointer;">Restrict actions that can be performed using this token</summary> + <p style="margin-top: 1em">Restrict actions that can be performed using this token:</p> + <p><label="all_permissions">All databases and tables:</label></p> + <p><select multiple id="all_permissions" size="{{ all_permissions|length * 4 }}"> + <optgroup label="All databases and tables"> + {% for permission in all_permissions %} + <option value="all:{{ permission }}">{{ permission }}</option> + {% endfor %} + </optgroup> + {% for database in databases %} + <optgroup label="All tables in database: {{ database }}"> + {% for permission in database_permissions %} + <option value="db:{{ database }}:{{ permission }}">{{ permission }}</option> + {% endfor %} + </optgroup> + {% endfor %} + {% for dbt in database_with_tables %} + {% for table in dbt.tables %} + <optgroup label="Table {{ dbt.database }}.{{ table }}"> + {% for permission in table_permissions %} + <option value="table:{{ dbt.database }}:{{ permission }}">{{ permission }}</option> + {% endfor %} + </optgroup> + {% endfor %} + {% endfor %} + </select></p> + </details> + </form> {% if token %} diff --git a/datasette/views/special.py b/datasette/views/special.py index 30345d14..9d0fcd31 100644 --- a/datasette/views/special.py +++ b/datasette/views/special.py @@ -231,7 +231,17 @@ class CreateTokenView(BaseView): return await self.render( ["create_token.html"], request, - {"actor": request.actor}, + { + "actor": request.actor, + "all_permissions": self.ds.permissions.keys(), + "database_permissions": [key for key, value in self.ds.permissions.items() if value.takes_database], + "table_permissions": [key for key, value in self.ds.permissions.items() if value.takes_resource], + "databases": self.ds.databases.keys(), + "database_with_tables": [{ + "database": db.name, + "tables": await db.table_names(), + } for db in self.ds.databases.values()], + }, ) async def post(self, request): ``` | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 1493390939 |