issue_comments: 636569917

This data as json

html_url issue_url id node_id user created_at updated_at author_association body reactions issue performed_via_github_app
https://github.com/simonw/datasette/issues/698#issuecomment-636569917 https://api.github.com/repos/simonw/datasette/issues/698 636569917 MDEyOklzc3VlQ29tbWVudDYzNjU2OTkxNw== 9599 2020-06-01T01:39:44Z 2020-06-01T01:39:44Z OWNER

Idea for the authentication piece: I'll have the canned query code execute the following:

python if await datasette.permission_allowed( request.scope.get("actor"), "execute_query", "canned_query", query_name, default=True ): Then I'll add a default plugin to Datasette which implements that plugin hook, looks at the Datasette metadata for that query, and says "No" if the following (and request.scope["actor"] is empty):

json { "databases": { "my-database": { "queries": { "add_twitter_handle": { "sql": "insert into twitter_handles (username) values (:username)", "write": true, "requires_actor": true } } } } } I think I'll support this too:

json "allowed_actors": ["root"] So you can configure queries to only be available to specific {"id": xxx} actors.

This will be the first time the new permission_allowed mechanism from #699 will be exercised in Datasette core.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 582517965