-
-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add permissions checks #4
Comments
I may need to borrow this function from Datasette for the tests: def assert_permissions_checked(datasette, actions):
# actions is a list of "action" or (action, resource) tuples
for action in actions:
if isinstance(action, str):
resource = None
else:
action, resource = action
assert [
pc
for pc in datasette._permission_checks
if pc["action"] == action and pc["resource"] == resource
], """Missing expected permission check: action={}, resource={}
Permission checks seen: {}
""".format(
action, resource, json.dumps(list(datasette._permission_checks), indent=4),
) It's not importable (it lives in |
Rethinking how default permissions should work: if you install the plugin locally on your laptop, it should work without authentication. You can then control permissions using {
"plugins": {
"datasette-insert-api": {
"allow": {
"id": "root"
}
}
}
} |
The trickiest thing here is going to be the documentation. I think I'll describe how to use this with |
Here's the documentation I wrote for finely grained permissions, which are not yet implemented: Finely grained permissionsUsing an The API implements several new Datasett permissions, which other plugins can use to make more finely grained decisions. The full set of permissions are as follows:
You can use plugins like datasette-permissions-sql to hook into these more detailed permissions for finely grained control over what actions each authenticated actor can take. Plugins that implement the permission_allowed() plugin hook can take full control over these permission decisions. |
Released 0.3 with basic |
Initially using an
"allow"
block.Split from #2 (comment)
The text was updated successfully, but these errors were encountered: