issue_comments
12 rows where issue = 636722501
This data as json, CSV (advanced)
Suggested facets: created_at (date), updated_at (date)
| id ▼ | html_url | issue_url | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 642412017 | https://github.com/simonw/datasette/issues/832#issuecomment-642412017 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY0MjQxMjAxNw== | simonw 9599 | 2020-06-11T05:13:59Z | 2020-06-11T05:13:59Z | OWNER | Relevant code: https://github.com/simonw/datasette/blob/ce4958018ede00fbdadf0c37a99889b6901bfb9b/datasette/views/table.py#L267-L272 | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 | |
| 642741930 | https://github.com/simonw/datasette/issues/832#issuecomment-642741930 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY0Mjc0MTkzMA== | simonw 9599 | 2020-06-11T15:35:53Z | 2020-06-11T15:36:05Z | OWNER | May the fix here is to implement a `.check_permissions()` method which passes when the first permission passes? ```python await self.check_permissions(request, [ ("view-table", (database, table)), ("view-database", database), "view-instance", ]) ``` | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 | |
| 642795966 | https://github.com/simonw/datasette/issues/832#issuecomment-642795966 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY0Mjc5NTk2Ng== | simonw 9599 | 2020-06-11T16:37:21Z | 2020-06-11T16:37:21Z | OWNER | How would I document this? Probably in another section on https://datasette.readthedocs.io/en/latest/authentication.html#permissions But I'd also need to add documentation to the individual views stating what permissions are checked and in what order. I could do that on this page: https://datasette.readthedocs.io/en/latest/pages.html | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 | |
| 642906681 | https://github.com/simonw/datasette/issues/832#issuecomment-642906681 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY0MjkwNjY4MQ== | simonw 9599 | 2020-06-11T20:19:47Z | 2020-06-11T20:20:02Z | OWNER | So for the following: ``` await self.check_permissions(request, [ ("view-table", (database, table)), ("view-database", database), "view-instance", ]) ``` The logic is: if the first test returns `True`, you get access. If it returns `False` you are denied. If it says `None` then move on to the next check in the list and repeat. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 | |
| 642907021 | https://github.com/simonw/datasette/issues/832#issuecomment-642907021 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY0MjkwNzAyMQ== | simonw 9599 | 2020-06-11T20:20:35Z | 2020-06-11T20:20:35Z | OWNER | I think the new `.check_permissions()` should be a documented utility that is available to plugins. Maybe a method on `datasette`? | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 | |
| 651992737 | https://github.com/simonw/datasette/issues/832#issuecomment-651992737 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY1MTk5MjczNw== | simonw 9599 | 2020-06-30T19:19:33Z | 2020-06-30T19:20:02Z | OWNER | I already have this method on Datasette: ```python async def permission_allowed(self, actor, action, resource=None, default=False): ``` What would be a good method name that complements that and indicates "check a list of permissions in order"? Should it even run against the request or should you have to hand it `request.actor`? | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 | |
| 651993537 | https://github.com/simonw/datasette/issues/832#issuecomment-651993537 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY1MTk5MzUzNw== | simonw 9599 | 2020-06-30T19:21:15Z | 2020-06-30T19:21:15Z | OWNER | I could rename `permission_allowed()` to `check_permission()` and have a complementary `check_permissions()` method. This is a breaking change but we're pre-1.0 so I think that's OK. I could even set up a temporary `permission_allowed()` alias which prints a deprecation warning to the console, then remove that at 1.0. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 | |
| 651993977 | https://github.com/simonw/datasette/issues/832#issuecomment-651993977 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY1MTk5Mzk3Nw== | simonw 9599 | 2020-06-30T19:22:06Z | 2020-06-30T19:22:06Z | OWNER | `permission_allowed` is already the name of the pugin hook. It's actually a bit confusing that it's also the name of a method on `datasette.`. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 | |
| 651994978 | https://github.com/simonw/datasette/issues/832#issuecomment-651994978 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY1MTk5NDk3OA== | simonw 9599 | 2020-06-30T19:24:12Z | 2020-06-30T19:24:12Z | OWNER | Hah... but check_permission` is a method on `BaseView`. Here are the various permission methods at the moment: https://github.com/simonw/datasette/blob/6c2634583627bfab750c115cb13850252821d637/datasette/default_permissions.py#L5-L14 And on BaseView: https://github.com/simonw/datasette/blob/a8a5f813722f72703a7aae41135ccc40635cc02f/datasette/views/base.py#L65-L70 | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 | |
| 651995453 | https://github.com/simonw/datasette/issues/832#issuecomment-651995453 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY1MTk5NTQ1Mw== | simonw 9599 | 2020-06-30T19:25:13Z | 2020-06-30T19:25:26Z | OWNER | I'm going to put the new `check_permissions()` method on `BaseView` as well. If I want that method to be available to plugins I can do so by turning that `BaseView` class into a documented API that plugins are encouraged to use themselves. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 | |
| 651999516 | https://github.com/simonw/datasette/issues/832#issuecomment-651999516 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY1MTk5OTUxNg== | simonw 9599 | 2020-06-30T19:33:49Z | 2020-06-30T21:34:59Z | OWNER | Tests needed for this: - If a user has view table but NOT view database / view instance, can they view the table page? - If a user has view canned query but NOT view database / view instance, can they view the canned query page? - If a user has view database but NOT view instance, can they view the database page? | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 | |
| 652103895 | https://github.com/simonw/datasette/issues/832#issuecomment-652103895 | https://api.github.com/repos/simonw/datasette/issues/832 | MDEyOklzc3VlQ29tbWVudDY1MjEwMzg5NQ== | simonw 9599 | 2020-06-30T23:41:22Z | 2020-06-30T23:41:22Z | OWNER | I don't think this needs any additional documentation - the new behaviour matches how the permissions are documented here: https://datasette.readthedocs.io/en/0.44/authentication.html#built-in-permissions | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Having view-table permission but NOT view-database should still grant access to /db/table 636722501 |
Advanced export
JSON shape: default, array, newline-delimited, object
CREATE TABLE [issue_comments] (
[html_url] TEXT,
[issue_url] TEXT,
[id] INTEGER PRIMARY KEY,
[node_id] TEXT,
[user] INTEGER REFERENCES [users]([id]),
[created_at] TEXT,
[updated_at] TEXT,
[author_association] TEXT,
[body] TEXT,
[reactions] TEXT,
[issue] INTEGER REFERENCES [issues]([id])
, [performed_via_github_app] TEXT);
CREATE INDEX [idx_issue_comments_issue]
ON [issue_comments] ([issue]);
CREATE INDEX [idx_issue_comments_user]
ON [issue_comments] ([user]);