id,page,ref,title,content,breadcrumbs,references
plugin_hooks:restrict-execute-sql-to-a-database-prefix,plugin_hooks,restrict-execute-sql-to-a-database-prefix,Restrict execute-sql to a database prefix,"Only allow  execute-sql  against databases whose name begins with
                         analytics_ . This shows how to use parameters that the permission resolver
                        will pass through to the SQL snippet. 
                     from datasette import hookimpl
from datasette.permissions import PermissionSQL


@hookimpl
def permission_resources_sql(datasette, actor, action):
    if action != ""execute-sql"":
        return None

    return PermissionSQL(
        sql=""""""
            SELECT
                parent,
                NULL AS child,
                1 AS allow,
                'execute-sql allowed for analytics_*' AS reason
            FROM catalog_databases
            WHERE database_name LIKE :analytics_prefix
        """""",
        params={
            ""analytics_prefix"": ""analytics_%"",
        },
    )","[""Plugin hooks"", ""permission_resources_sql(datasette, actor, action)"", ""Permission plugin examples""]",[]