issue_comments: 636569917
This data as json
| html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
|---|---|---|---|---|---|---|---|---|---|---|---|
| https://github.com/simonw/datasette/issues/698#issuecomment-636569917 | https://api.github.com/repos/simonw/datasette/issues/698 | 636569917 | MDEyOklzc3VlQ29tbWVudDYzNjU2OTkxNw== | 9599 | 2020-06-01T01:39:44Z | 2020-06-01T01:39:44Z | OWNER | Idea for the authentication piece: I'll have the canned query code execute the following: ```python if await datasette.permission_allowed( request.scope.get("actor"), "execute_query", "canned_query", query_name, default=True ): ``` Then I'll add a default plugin to Datasette which implements that plugin hook, looks at the Datasette metadata for that query, and says "No" if the following (and `request.scope["actor"]` is empty): ```json { "databases": { "my-database": { "queries": { "add_twitter_handle": { "sql": "insert into twitter_handles (username) values (:username)", "write": true, "requires_actor": true } } } } } ``` I think I'll support this too: ```json "allowed_actors": ["root"] ``` So you can configure queries to only be available to specific `{"id": xxx}` actors. This will be the first time the new `permission_allowed` mechanism from #699 will be exercised in Datasette core. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 582517965 |