Example permissions plugin

[simonw]

To show how they work. Also useful to confirm how they interact with the default permissions.

[simonw]

https://datasette.readthedocs.io/en/latest/plugins.html#permission-allowed-datasette-actor-action-resource has a couple of examples now.

[simonw]

I want to build a plugin that does Authorization: Bearer xxx API key authentication.

[simonw]

datasette-auth-bearer perhaps?

[simonw]

Problem with that is it's more of a actor_from_request opportunity than permission_allowed. You could use actor_from_request to authenticate API clients from their Authorization: header, then use the regular "allow" blocks in metadata.json to actually assign their permissions.

The most interesting permissions plugin would be one that implements permissions against some kind of database schema, hence allowing admins to edit permissions through writable canned queries.

[simonw]

I'm dropping this from the 0.44 milestone.

[simonw]

New policy in 9f236c4 dictates that this should be in Milestone 0.44 after all:

• New plugin hooks should only be shipped if accompanied by a separate release of a non-demo plugin that uses them.

[simonw]

What's a simple but useful plugin I could release that exercises this hook?

Ideally one which executes permission checks against the database somehow.

I could do a simplest-possible implementation of the idea in #801 (allow-by-query).

[simonw]

datasette-permissions-sql

plugins:
  datasette-permissions-sql:
    view-instance: |-
      select count(*) from users where admin = 1 and id = :id

[simonw]

https://github.com/simonw/datasette-permissions-sql is now released as a 0.1a here: https://pypi.org/project/datasette-permissions-sql/