{"id": "changelog:alter-table-support-for-create-insert-upsert-and-update", "page": "changelog", "ref": "alter-table-support-for-create-insert-upsert-and-update", "title": "Alter table support for create, insert, upsert and update", "content": "The  JSON write API  can now be used to apply simple alter table schema changes, provided the acting actor has the new  alter-table  permission. ( #2101 ) \n                 The only alter operation supported so far is adding new columns to an existing table. \n                 \n                     \n                         The  /db/-/create  API now adds new columns during large operations to create a table based on incoming example  \"rows\" , in the case where one of the later rows includes columns that were not present in the earlier batches. This requires the  create-table  but not the  alter-table  permission. \n                     \n                     \n                         When  /db/-/create  is called with rows in a situation where the table may have been already created, an  \"alter\": true  key can be included to indicate that any missing columns from the new rows should be added to the table. This requires the  alter-table  permission. \n                     \n                     \n                         /db/table/-/insert  and  /db/table/-/upsert  and  /db/table/row-pks/-/update  all now also accept  \"alter\": true , depending on the  alter-table  permission. \n                     \n                 \n                 Operations that alter a table now fire the new  alter-table event .", "breadcrumbs": "[\"Changelog\", \"1.0a9 (2024-02-16)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/2101\", \"label\": \"#2101\"}]"}
{"id": "changelog:permissions-fix-for-the-upsert-api", "page": "changelog", "ref": "permissions-fix-for-the-upsert-api", "title": "Permissions fix for the upsert API", "content": "The  /database/table/-/upsert API  had a minor permissions bug, only affecting Datasette instances that had configured the  insert-row  and  update-row  permissions to apply to a specific table rather than the database or instance as a whole. Full details in issue  #2262 . \n                 To avoid similar mistakes in the future the  datasette.permission_allowed()  method now specifies  default=  as a keyword-only argument.", "breadcrumbs": "[\"Changelog\", \"1.0a9 (2024-02-16)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/2262\", \"label\": \"#2262\"}]"}
{"id": "changelog:permission-checks-now-consider-opinions-from-every-plugin", "page": "changelog", "ref": "permission-checks-now-consider-opinions-from-every-plugin", "title": "Permission checks now consider opinions from every plugin", "content": "The  datasette.permission_allowed()  method previously consulted every plugin that implemented the  permission_allowed()  plugin hook and obeyed the opinion of the last plugin to return a value. ( #2275 ) \n                 Datasette now consults every plugin and checks to see if any of them returned  False  (the veto rule), and if none of them did, it then checks to see if any of them returned  True . \n                 This is explained at length in the new documentation covering  How permissions are resolved .", "breadcrumbs": "[\"Changelog\", \"1.0a9 (2024-02-16)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/2275\", \"label\": \"#2275\"}]"}
{"id": "changelog:other-changes", "page": "changelog", "ref": "other-changes", "title": "Other changes", "content": "The new  DATASETTE_TRACE_PLUGINS=1 environment variable  turns on detailed trace output for every executed plugin hook, useful for debugging and understanding how the plugin system works at a low level. ( #2274 ) \n                     \n                     \n                         Datasette on Python 3.9 or above marks its non-cryptographic uses of the MD5 hash function as  usedforsecurity=False , for compatibility with FIPS systems. ( #2270 ) \n                     \n                     \n                         SQL relating to  Datasette's internal database  now executes inside a transaction, avoiding a potential database locked error. ( #2273 ) \n                     \n                     \n                         The  /-/threads  debug page now identifies the database in the name associated with each dedicated write thread. ( #2265 ) \n                     \n                     \n                         The  /db/-/create  API now fires a  insert-rows  event if rows were inserted after the table was created. ( #2260 )", "breadcrumbs": "[\"Changelog\", \"1.0a9 (2024-02-16)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/2274\", \"label\": \"#2274\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2270\", \"label\": \"#2270\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2273\", \"label\": \"#2273\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2265\", \"label\": \"#2265\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2260\", \"label\": \"#2260\"}]"}