Skip to content

Commit

Permalink
Use Datasette 1.0a9 permissions, refs #55
Browse files Browse the repository at this point in the history
  • Loading branch information
@simonw
simonw committed Feb 16, 2024
1 parent bf1d10a commit 995744b
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 38 deletions.
8 changes: 5 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@

Datasette plugin for modifying table schemas

> :warning: The latest alpha release depends on Datasette 1.09a. Use [version 0.7.1](https://github.com/simonw/datasette-edit-schema/blob/0.7.1/README.md) with older releases of Datasette.
## Features

* Add new columns to a table
Expand Down Expand Up @@ -48,9 +50,9 @@ These permission checks will call the `permission_allowed()` plugin hook with th

You can instead use more finely-grained permissions.

- `edit-schema-create-table` allows users to create a new table. The `resource` will be the name of the database.
- `edit-schema-alter-table` allows users to alter the schema of a table. The `resource` will be a tuple of `(database_name, table_name)`.
- `edit-schema-drop-table` allows users to drop a table. The `resource` will be a tuple of `(database_name, table_name)`. This permission will not work on its own, you need to grant the user `edit-schema-alter-table` as well.
- `create-table` allows users to create a new table. The `resource` will be the name of the database.
- `drop-table` allows users to drop a table. The `resource` will be a tuple of `(database_name, table_name)`.
- `alter-table` allows users to alter a table. The `resource` will be a tuple of `(database_name, table_name)`.

## Screenshot

Expand Down
17 changes: 8 additions & 9 deletions datasette_edit_schema/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,9 @@ async def can_create_table(datasette, actor, database):
actor, "edit-schema", resource=database, default=False
):
return True
# Or maybe they have edit-schema-create-table
# Or maybe they have create-table
if await datasette.permission_allowed(
actor, "edit-schema-create-table", resource=database, default=False
actor, "create-table", resource=database, default=False
):
return True
return False
Expand All @@ -73,9 +73,8 @@ async def can_alter_table(datasette, actor, database, table):
actor, "edit-schema", resource=database, default=False
):
return True
# Or maybe they have edit-schema-alter-table
if await datasette.permission_allowed(
actor, "edit-schema-alter-table", resource=(database, table), default=False
actor, "alter-table", resource=(database, table), default=False
):
return True
return False
Expand All @@ -86,9 +85,9 @@ async def can_drop_table(datasette, actor, database, table):
actor, "edit-schema", resource=database, default=False
):
return True
# Or maybe they have edit-schema-drop-table
# Or maybe they have drop-table
if await datasette.permission_allowed(
actor, "edit-schema-drop-table", resource=(database, table), default=False
actor, "drop-table", resource=(database, table), default=False
):
return True
return False
Expand Down Expand Up @@ -222,7 +221,7 @@ def get_columns(conn):
async def edit_schema_create_table(request, datasette):
database_name = request.url_vars["database"]
if not await can_create_table(datasette, request.actor, database_name):
raise Forbidden("Permission denied for edit-schema-create-table")
raise Forbidden("Permission denied for create-table")
try:
db = datasette.get_database(database_name)
except KeyError:
Expand Down Expand Up @@ -309,7 +308,7 @@ async def edit_schema_table(request, datasette):
database_name = request.url_vars["database"]

if not await can_alter_table(datasette, request.actor, database_name, table):
raise Forbidden("Permission denied for edit-schema-alter-table")
raise Forbidden("Permission denied for alter-table")

try:
database = [db for db in databases if db.name == database_name][0]
Expand Down Expand Up @@ -592,7 +591,7 @@ def get_columns_and_schema_and_fks_and_pks_and_indexes(conn):

async def drop_table(request, datasette, database, table):
if not await can_drop_table(datasette, request.actor, database.name, table):
raise Forbidden("Permission denied for edit-schema-drop-table")
raise Forbidden("Permission denied for drop-table")

def do_drop_table(conn):
db = sqlite_utils.Database(conn)
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ def get_long_description():
packages=["datasette_edit_schema"],
entry_points={"datasette": ["edit_schema = datasette_edit_schema"]},
install_requires=[
"datasette>=0.63",
"datasette>=1.0a9",
"sqlite-utils>=3.35",
],
extras_require={"test": ["pytest", "pytest-asyncio", "beautifulsoup4", "html5lib"]},
Expand Down
36 changes: 11 additions & 25 deletions tests/test_edit_schema.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ async def test_csrf_required(db_path):
(
(None, False),
("user_with_edit_schema", True),
("user_with_alter_table", True),
("user_with_create_table", False),
("user_with_no_perms", False),
),
Expand All @@ -55,15 +54,9 @@ async def test_table_actions(permission_plugin, ds, actor_id, should_allow):
database="data",
resource=None,
),
Rule(
actor_id="user_with_alter_table",
action="edit-schema-alter-table",
database="data",
resource="creatures",
),
Rule(
actor_id="user_with_create_table",
action="edit-schema-create-table",
action="create-table",
database="data",
resource=None,
),
Expand Down Expand Up @@ -105,8 +98,7 @@ async def test_post_without_operation_raises_error(db_path):
(None, False),
("user_with_edit_schema", True),
("user_with_just_create_table", False),
("user_with_just_alter_table", False),
("user_with_alter_table_and_drop_table", True),
("user_with_alter_and_drop_table", True),
),
)
async def test_drop_table(permission_plugin, db_path, actor_id, should_allow):
Expand All @@ -119,29 +111,23 @@ async def test_drop_table(permission_plugin, db_path, actor_id, should_allow):
resource=None,
),
Rule(
actor_id="user_with_alter_table_and_drop_table",
action="edit-schema-drop-table",
actor_id="user_with_alter_and_drop_table",
action="drop-table",
database="data",
resource="creatures",
),
Rule(
actor_id="user_with_alter_table_and_drop_table",
action="edit-schema-alter-table",
actor_id="user_with_alter_and_drop_table",
action="alter-table",
database="data",
resource="creatures",
),
Rule(
actor_id="user_with_just_create_table",
action="edit-schema-create-table",
action="create-table",
database="data",
resource=None,
),
Rule(
actor_id="user_with_just_alter_table",
action="edit-schema-alter-table",
database="data",
resource="creatures",
),
]
db = sqlite_utils.Database(db_path)
assert "creatures" in db.table_names()
Expand Down Expand Up @@ -470,7 +456,7 @@ async def test_permission_edit_schema(db_path, path):
[
Rule(
actor_id="user",
action="edit-schema-create-table",
action="create-table",
database="data",
resource=None,
),
Expand All @@ -481,7 +467,7 @@ async def test_permission_edit_schema(db_path, path):
[
Rule(
actor_id="user2",
action="edit-schema-create-table",
action="create-table",
database="data",
resource=None,
),
Expand Down Expand Up @@ -544,7 +530,7 @@ async def test_permission_create_table(permission_plugin, ds, rules_allow, shoul
[
Rule(
actor_id="user",
action="edit-schema-alter-table",
action="alter-table",
database="data",
resource="museums",
),
Expand All @@ -555,7 +541,7 @@ async def test_permission_create_table(permission_plugin, ds, rules_allow, shoul
[
Rule(
actor_id="user2",
action="edit-schema-alter-table",
action="alter-table",
database="data",
resource="museums",
),
Expand Down

0 comments on commit 995744b

Please sign in to comment.