0.6a0

This release expands datasette-acl from table-only permissions toward a general resource-sharing system.

• Added first-class public audience grants: everyone, authenticated, and anonymous.
• Added a General access section to the generic resource ACL page.
• Added role support via datasette_acl_roles() and the standard_roles() helper.
• Added a Principal value object for Python grant helpers.
• Expanded and documented the JSON API for reading, granting, updating, revoking, and picker autocomplete.
• Refreshed the group and resource ACL admin UI with shared acl.css.
• Made the generic resource ACL page the canonical UI for table permissions.

Public audiences

General access grants are now stored using explicit principal_type values instead of legacy wildcard actor IDs.

Supported audience principals:

• everyone
• authenticated
• anonymous

JSON API

The JSON API now supports:

• reading resource grants
• granting roles or raw actions
• updating a principal to a role
• revoking grants
• group picker data
• actor picker data
• public audience grants via principal_type

docs/json-api.md describes the updated API in detail.

Breaking change

The old table ACL page has been removed:

/<database>/<table>/-/acl

Use this instead:

/-/acl/resource/table/<database>/<table>