I'm going to refactor this stuff out and document it so it can be easily used by plugins:
|
async def check_permission(self, request, action, resource=None): |
|
ok = await self.ds.permission_allowed( |
|
request.actor, |
|
action, |
|
resource=resource, |
|
default=True, |
|
) |
|
if not ok: |
|
raise Forbidden(action) |
|
|
|
async def check_permissions(self, request, permissions): |
|
"""permissions is a list of (action, resource) tuples or 'action' strings""" |
|
for permission in permissions: |
|
if isinstance(permission, str): |
|
action = permission |
|
resource = None |
|
elif isinstance(permission, (tuple, list)) and len(permission) == 2: |
|
action, resource = permission |
|
else: |
|
assert ( |
|
False |
|
), "permission should be string or tuple of two items: {}".format( |
|
repr(permission) |
|
) |
|
ok = await self.ds.permission_allowed( |
|
request.actor, |
|
action, |
|
resource=resource, |
|
default=None, |
|
) |
|
if ok is not None: |
|
if ok: |
|
return |
|
else: |
|
raise Forbidden(action) |
Originally posted by @simonw in #1660 (comment)
datasette/datasette/views/base.py
Lines 69 to 103 in 4a4164b
Originally posted by @simonw in #1660 (comment)