issue_comments: 1301594495

This data as json

html_url issue_url id node_id user created_at updated_at author_association body reactions issue performed_via_github_app
https://github.com/simonw/datasette/issues/1855#issuecomment-1301594495 https://api.github.com/repos/simonw/datasette/issues/1855 1301594495 IC_kwDOBm6k_c5NlMF_ 9599 2022-11-03T03:11:17Z 2022-11-03T03:11:17Z OWNER

Maybe the way to do this is through a new standard mechanism on the actor: a set of additional restrictions, e.g.:

{ "id": "root", "_r": { "a": ["ir", "ur", "dr"], "d": { "fixtures": ["ir", "ur", "dr"] }, "t": { "fixtures": { "searchable": ["ir"] } } } "a" is "all permissions" - these apply to everything. "d" permissions only apply to the specified database "t" permissions only apply to the specified table

The way this works is there's a default permission_allowed(datasette, actor, action, resource) hook which only consults these, and crucially just says NO if those rules do not match.

In this way it would apply as an extra layer of permission rules over the defaults (which for this root instance would all return yes).

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 1423336089