github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/832#issuecomment-642412017 | https://api.github.com/repos/simonw/datasette/issues/832 | 642412017 | MDEyOklzc3VlQ29tbWVudDY0MjQxMjAxNw== | 9599 | 2020-06-11T05:13:59Z | 2020-06-11T05:13:59Z | OWNER | Relevant code: https://github.com/simonw/datasette/blob/ce4958018ede00fbdadf0c37a99889b6901bfb9b/datasette/views/table.py#L267-L272 | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 636722501 | |
https://github.com/simonw/datasette/issues/818#issuecomment-642420375 | https://api.github.com/repos/simonw/datasette/issues/818 | 642420375 | MDEyOklzc3VlQ29tbWVudDY0MjQyMDM3NQ== | 9599 | 2020-06-11T05:40:07Z | 2020-06-11T05:40:07Z | OWNER | https://github.com/simonw/datasette-permissions-sql is now released as a 0.1a here: https://pypi.org/project/datasette-permissions-sql/ | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 634917088 | |
https://github.com/simonw/datasette/issues/832#issuecomment-642741930 | https://api.github.com/repos/simonw/datasette/issues/832 | 642741930 | MDEyOklzc3VlQ29tbWVudDY0Mjc0MTkzMA== | 9599 | 2020-06-11T15:35:53Z | 2020-06-11T15:36:05Z | OWNER | May the fix here is to implement a `.check_permissions()` method which passes when the first permission passes? ```python await self.check_permissions(request, [ ("view-table", (database, table)), ("view-database", database), "view-instance", ]) ``` | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 636722501 | |
https://github.com/simonw/datasette/pull/809#issuecomment-642745518 | https://api.github.com/repos/simonw/datasette/issues/809 | 642745518 | MDEyOklzc3VlQ29tbWVudDY0Mjc0NTUxOA== | 9599 | 2020-06-11T15:38:51Z | 2020-06-11T15:38:51Z | OWNER | The way to manually test this is to publish a database to each provider and then check that the `/-/messages` debug tool works. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 632919570 | |
https://github.com/simonw/datasette/pull/809#issuecomment-642750790 | https://api.github.com/repos/simonw/datasette/issues/809 | 642750790 | MDEyOklzc3VlQ29tbWVudDY0Mjc1MDc5MA== | 9599 | 2020-06-11T15:42:23Z | 2020-06-11T15:42:23Z | OWNER | datasette publish heroku fixtures.db -n datasette-publish-secret --branch=master https://datasette-publish-secret.herokuapp.com/-/messages - Heroku works. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 632919570 | |
https://github.com/simonw/datasette/pull/809#issuecomment-642754589 | https://api.github.com/repos/simonw/datasette/issues/809 | 642754589 | MDEyOklzc3VlQ29tbWVudDY0Mjc1NDU4OQ== | 9599 | 2020-06-11T15:45:25Z | 2020-06-11T15:45:25Z | OWNER | datasette publish cloudrun fixtures.db --service datasette-publish-secret --branch=master https://datasette-publish-secret-j7hipcg4aq-uw.a.run.app/-/messages | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 632919570 | |
https://github.com/simonw/datasette/pull/809#issuecomment-642772344 | https://api.github.com/repos/simonw/datasette/issues/809 | 642772344 | MDEyOklzc3VlQ29tbWVudDY0Mjc3MjM0NA== | 9599 | 2020-06-11T16:01:15Z | 2020-06-11T16:01:15Z | OWNER | ``` datasette package fixtures.db --secret woot --branch master Sending build context to Docker daemon 260.6kB Step 1/9 : FROM python:3.8 3.8: Pulling from library/python e9afc4f90ab0: Downloading [=======> ] 7.195MB/50.39MB 989e6b19a265: Downloading [============================> ] 4.475MB/7.812MB af14b6c2f878: Downloading [===========================> ] 5.422MB/9.996MB 5573c4b30949: Waiting 11a88e764313: Waiting ee776f0e36af: Waiting 513c90a1afc3: Waiting df9b9e95bdb9: Waiting 86c9edb54464: Waiting ... datasette package fixtures.db --secret woot --branch master docker run -p 8001:8001 a155798bd842 ``` This works too. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 632919570 | |
https://github.com/simonw/datasette/issues/832#issuecomment-642795966 | https://api.github.com/repos/simonw/datasette/issues/832 | 642795966 | MDEyOklzc3VlQ29tbWVudDY0Mjc5NTk2Ng== | 9599 | 2020-06-11T16:37:21Z | 2020-06-11T16:37:21Z | OWNER | How would I document this? Probably in another section on https://datasette.readthedocs.io/en/latest/authentication.html#permissions But I'd also need to add documentation to the individual views stating what permissions are checked and in what order. I could do that on this page: https://datasette.readthedocs.io/en/latest/pages.html | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 636722501 | |
https://github.com/simonw/datasette/issues/801#issuecomment-642870553 | https://api.github.com/repos/simonw/datasette/issues/801 | 642870553 | MDEyOklzc3VlQ29tbWVudDY0Mjg3MDU1Mw== | 9599 | 2020-06-11T18:58:49Z | 2020-06-11T18:58:49Z | OWNER | I've implemented this in a plugin instead: https://github.com/simonw/datasette-permissions-sql | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 631932926 | |
https://github.com/simonw/datasette/issues/833#issuecomment-642874724 | https://api.github.com/repos/simonw/datasette/issues/833 | 642874724 | MDEyOklzc3VlQ29tbWVudDY0Mjg3NDcyNA== | 9599 | 2020-06-11T19:07:49Z | 2020-06-11T19:07:49Z | OWNER | A live demo running the `datasette-auth-github` plugin will help demonstrate this. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 637253789 | |
https://github.com/simonw/datasette/issues/833#issuecomment-642902208 | https://api.github.com/repos/simonw/datasette/issues/833 | 642902208 | MDEyOklzc3VlQ29tbWVudDY0MjkwMjIwOA== | 9599 | 2020-06-11T20:08:57Z | 2020-06-11T20:08:57Z | OWNER | I'm tempted to add a `view-instance` check before routing any URLs, but that wouldn't be compatible with the idea in #832 that having `view-table` should be enough to view a table even if you don't pass `view-instance`. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 637253789 | |
https://github.com/simonw/datasette/issues/833#issuecomment-642905424 | https://api.github.com/repos/simonw/datasette/issues/833 | 642905424 | MDEyOklzc3VlQ29tbWVudDY0MjkwNTQyNA== | 9599 | 2020-06-11T20:16:41Z | 2020-06-11T20:16:41Z | OWNER | I'll add a new test in `test_permissions.py` which locks down an instance and then loops through paths as the anonymous user making sure they aren't accessible. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 637253789 | |
https://github.com/simonw/datasette/issues/832#issuecomment-642906681 | https://api.github.com/repos/simonw/datasette/issues/832 | 642906681 | MDEyOklzc3VlQ29tbWVudDY0MjkwNjY4MQ== | 9599 | 2020-06-11T20:19:47Z | 2020-06-11T20:20:02Z | OWNER | So for the following: ``` await self.check_permissions(request, [ ("view-table", (database, table)), ("view-database", database), "view-instance", ]) ``` The logic is: if the first test returns `True`, you get access. If it returns `False` you are denied. If it says `None` then move on to the next check in the list and repeat. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 636722501 | |
https://github.com/simonw/datasette/issues/832#issuecomment-642907021 | https://api.github.com/repos/simonw/datasette/issues/832 | 642907021 | MDEyOklzc3VlQ29tbWVudDY0MjkwNzAyMQ== | 9599 | 2020-06-11T20:20:35Z | 2020-06-11T20:20:35Z | OWNER | I think the new `.check_permissions()` should be a documented utility that is available to plugins. Maybe a method on `datasette`? | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 636722501 | |
https://github.com/simonw/datasette/issues/220#issuecomment-642944645 | https://api.github.com/repos/simonw/datasette/issues/220 | 642944645 | MDEyOklzc3VlQ29tbWVudDY0Mjk0NDY0NQ== | 9599 | 2020-06-11T21:49:55Z | 2020-06-11T21:49:55Z | OWNER | I'm OK with not implementing this - I've got used to the existing mechanism, and it doesn't frustrate me enough to work on this more. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 314847571 | |
https://github.com/simonw/datasette/issues/824#issuecomment-642951150 | https://api.github.com/repos/simonw/datasette/issues/824 | 642951150 | MDEyOklzc3VlQ29tbWVudDY0Mjk1MTE1MA== | 9599 | 2020-06-11T22:00:17Z | 2020-06-11T22:00:17Z | OWNER | I got this working: https://github.com/simonw/datasette-auth-github/pull/64 Just one problem: it uses the existing `ds_actor` cookie, which means it doesn't actually exercise the `actor_from_request` plugin! It does use `register_routes` though. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 635108074 | |
https://github.com/simonw/datasette/issues/824#issuecomment-642952962 | https://api.github.com/repos/simonw/datasette/issues/824 | 642952962 | MDEyOklzc3VlQ29tbWVudDY0Mjk1Mjk2Mg== | 9599 | 2020-06-11T22:01:58Z | 2020-06-11T22:01:58Z | OWNER | Alternative idea: a plugin that handles Bearer token authentication. Uses `metadata.json` with secret plugin values to map an incoming token to an actor dictionary, which can then be mapped to permissions. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 635108074 | |
https://github.com/simonw/datasette/issues/824#issuecomment-642953605 | https://api.github.com/repos/simonw/datasette/issues/824 | 642953605 | MDEyOklzc3VlQ29tbWVudDY0Mjk1MzYwNQ== | 9599 | 2020-06-11T22:02:32Z | 2020-06-11T22:02:32Z | OWNER | `datasette-auth-tokens` can be the name. I can get a simple initial version of it running pretty quickly. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 635108074 | |
https://github.com/simonw/datasette/issues/833#issuecomment-642958225 | https://api.github.com/repos/simonw/datasette/issues/833 | 642958225 | MDEyOklzc3VlQ29tbWVudDY0Mjk1ODIyNQ== | 9599 | 2020-06-11T22:15:32Z | 2020-06-11T22:15:32Z | OWNER | https://github.com/simonw/datasette/blob/29c5ff493ad7918b8fc44ea7920b41530e56dd5d/tests/test_permissions.py#L327-L348 | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 637253789 |