github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/2178#issuecomment-1710879239 | https://api.github.com/repos/simonw/datasette/issues/2178 | 1710879239 | IC_kwDOBm6k_c5l-fIH | 9599 | 2023-09-07T23:20:32Z | 2023-09-07T23:20:32Z | OWNER | To test that locally, use this YAML instead: ```yaml databases: content: allow: id: root tables: releases: allow: true ``` And: ```yaml allow: id: root databases: content: tables: releases: allow: true | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1886350562 | |
https://github.com/simonw/datasette/issues/2178#issuecomment-1710878391 | https://api.github.com/repos/simonw/datasette/issues/2178 | 1710878391 | IC_kwDOBm6k_c5l-e63 | 9599 | 2023-09-07T23:19:05Z | 2023-09-07T23:19:05Z | OWNER | This fix didn't work on Datasette Cloud. I used `/-/permissions` to debug it and saw this: ![image](https://github.com/simonw/datasette/assets/9599/61d2bc5f-1f96-41ea-8658-91dfbcb6610c) Only checking `view-table` is not enough: for my instance on Datasette Cloud the view permission check that should have failed was for the database or instance. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1886350562 | |
https://github.com/simonw/datasette/issues/2178#issuecomment-1710871095 | https://api.github.com/repos/simonw/datasette/issues/2178 | 1710871095 | IC_kwDOBm6k_c5l-dI3 | 9599 | 2023-09-07T23:07:16Z | 2023-09-07T23:07:16Z | OWNER | I ran this: datasette content.db -p 8043 -m fk-auth.yml --root Against this YAML: ```yaml databases: content: tables: users: allow: id: root ``` And it worked as it should - here's a screenshot of an anonymous user and a root user viewing the same page: ![CleanShot 2023-09-07 at 16 05 34@2x](https://github.com/simonw/datasette/assets/9599/3e91da08-107c-421c-8a00-aa650b960c58) | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1886350562 | |
https://github.com/simonw/datasette/issues/2178#issuecomment-1710567329 | https://api.github.com/repos/simonw/datasette/issues/2178 | 1710567329 | IC_kwDOBm6k_c5l9S-h | 9599 | 2023-09-07T17:59:59Z | 2023-09-07T17:59:59Z | OWNER | Should I put the permission check in that undocumented `datasette.expand_foreign_keys()` method? I think so - it should accept `request.actor` as one of its arguments. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1886350562 | |
https://github.com/simonw/datasette/issues/2178#issuecomment-1710565268 | https://api.github.com/repos/simonw/datasette/issues/2178 | 1710565268 | IC_kwDOBm6k_c5l9SeU | 9599 | 2023-09-07T17:58:04Z | 2023-09-07T17:59:06Z | OWNER | Relevant code: https://github.com/simonw/datasette/blob/fbcb103c0cb6668018ace539a01a6a1f156e8d6a/datasette/views/table.py#L1132-L1149 Which calls this undocumented method: https://github.com/simonw/datasette/blob/fbcb103c0cb6668018ace539a01a6a1f156e8d6a/datasette/app.py#L938-L973 | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
1886350562 |