issue_comments: 636379067
This data as json
| html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
|---|---|---|---|---|---|---|---|---|---|---|---|
| https://github.com/simonw/datasette/issues/699#issuecomment-636379067 | https://api.github.com/repos/simonw/datasette/issues/699 | 636379067 | MDEyOklzc3VlQ29tbWVudDYzNjM3OTA2Nw== | 9599 | 2020-05-30T20:12:47Z | 2020-05-30T20:40:42Z | OWNER | I could bake some permission checks into default Datasette, which are all treated as allow by default but can then be locked down by plugins. Maybe the following: permission_allowed(request.actor, "execute-sql", "database", "name-of-database") Checks that current user can execute arbitrary SQL queries against a specific database (or use the `?_where=` feature). Equivalent to current [allow_sql](https://datasette.readthedocs.io/en/0.43/config.html#allow-sql) setting. permission_allowed(request.actor, "download-database", "database", "name-of-database") Can the user download the database file? Like [allow_download](https://datasette.readthedocs.io/en/0.43/config.html#allow-download). Maybe one for [allow_csv_stream](https://datasette.readthedocs.io/en/0.43/config.html#allow-csv-stream) too. Having a permission check (defaulting to True) on every single "view" would be useful: - view_index - view_database - view_table - view_row - view_query - view_special (for `/-/versions` and so on) | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 582526961 |