Skip to content

Commit

Permalink
execute-sql now implies can view instance/database, closes #2169
Browse files Browse the repository at this point in the history
  • Loading branch information
@simonw
simonw committed Aug 31, 2023
1 parent 9cead33 commit 98ffad9
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
1 change: 1 addition & 0 deletions datasette/default_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ def register_permissions():
takes_database=True,
takes_resource=False,
default=True,
implies_can_view=True,
),
Permission(
name="permissions-debug",
Expand Down
4 changes: 4 additions & 0 deletions tests/test_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1183,6 +1183,10 @@ async def test_actor_restrictions(
({"a": ["update-row"]}, "view-instance", None, False),
# view-table on a resource implies view-instance
({"r": {"db1": {"t1": ["view-table"]}}}, "view-instance", None, True),
# execute-sql on a database implies view-instance, view-database
({"d": {"db1": ["es"]}}, "view-instance", None, True),
({"d": {"db1": ["es"]}}, "view-database", "db1", True),
({"d": {"db1": ["es"]}}, "view-database", "db2", False),
# update-row on a resource does not imply view-instance
({"r": {"db1": {"t1": ["update-row"]}}}, "view-instance", None, False),
# view-database on a resource implies view-instance
Expand Down

0 comments on commit 98ffad9

Please sign in to comment.