Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions in metadata.yml / metadata.json #2126

Closed
ctsrc opened this issue Aug 6, 2023 · 3 comments
Closed

Permissions in metadata.yml / metadata.json #2126

ctsrc opened this issue Aug 6, 2023 · 3 comments

Comments

@ctsrc
Copy link

ctsrc commented Aug 6, 2023
edited

https://docs.datasette.io/en/latest/authentication.html#other-permissions-in-metadata says the following:

For all other permissions, you can use one or more "permissions" blocks in your metadata.

To grant access to the permissions debug tool to all signed in users you can grant permissions-debug to any actor with an id matching the wildcard * by adding this a the root of your metadata:

permissions:
  debug-menu:
    id: '*'

I tried this.

My metadata.yml file looks like:

permissions:
  debug-menu:
    id: '*'
  permissions-debug:
    id: '*'
plugins:
  datasette-auth-passwords:
    myuser_password_hash:
      $env: "PASSWORD_HASH_MYUSER"

And then I run

datasette -m metadata.yml tiddlywiki.db --root

And I open a session for the "root" user of datasette with the link given.

I open a private browser session and log in as "myuser" from http://127.0.0.1:8001/-/login

Then I check http://127.0.0.1:8001/-/actor which confirms that I am logged in as the "myuser" actor

{
    "actor": {
        "id": "myuser"
    }
}

In the session where I am logged in as "myuser" I then try to go to http://127.0.0.1:8001/-/permissions

But all I get there as the logged in user "myuser" is

Forbidden

Permission denied

And then if I check the http://127.0.0.1:8001/-/permissions as the datasette "root" user from another browser session, I see:

permissions-debug checked at 2023-08-06T16:22:58.997841 ✗ (used default)

Actor: {"id": "myuser"}

It seems that in spite of having tried to give the permissions-debug permission to the "myuser" user in my metadata.yml file, datasette does not agree that "myuser" has permission permissions-debug..

What do I need to do differently so that my "myuser" user is able to access http://127.0.0.1:8001/-/permissions ?
@ctsrc
Copy link
Author

ctsrc commented Aug 6, 2023

And in similar fashion, how can I assign the edit-tiddlywiki permission to my user myuser in metadata.yml / metadata.json?

@simonw
Copy link
Owner

simonw commented Aug 10, 2023

What version of Datasette are you running?

That feature was added in Datasette 1.0a2, so if you're on the current stable release you won't have it yet.

@ctsrc
Copy link
Author

ctsrc commented Aug 11, 2023

I see :) yeah, I’m on the stable version installed from homebrew on macOS

@ctsrc ctsrc closed this as completed Aug 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simonw @ctsrc