{"id": "changelog:v1-0-a2", "page": "changelog", "ref": "v1-0-a2", "title": "1.0a2 (2022-12-14)", "content": "The third Datasette 1.0 alpha release adds upsert support to the JSON API, plus the ability to specify finely grained permissions when creating an API token. \n See Datasette 1.0a2: Upserts and finely grained permissions for an extended, annotated version of these release notes. \n \n \n New /db/table/-/upsert API, documented here . upsert is an update-or-insert: existing rows will have specified keys updated, but if no row matches the incoming primary key a brand new row will be inserted instead. ( #1878 ) \n \n \n New register_permissions(datasette) plugin hook. Plugins can now register named permissions, which will then be listed in various interfaces that show available permissions. ( #1940 ) \n \n \n The /db/-/create API for creating a table now accepts \"ignore\": true and \"replace\": true options when called with the \"rows\" property that creates a new table based on an example set of rows. This means the API can be called multiple times with different rows, setting rules for what should happen if a primary key collides with an existing row. ( #1927 ) \n \n \n Arbitrary permissions can now be configured at the instance, database and resource (table, SQL view or canned query) level in Datasette's Metadata JSON and YAML files. The new \"permissions\" key can be used to specify which actors should have which permissions. See Other permissions in datasette.yaml for details. ( #1636 ) \n \n \n The /-/create-token page can now be used to create API tokens which are restricted to just a subset of actions, including against specific databases or resources. See API Tokens for details. ( #1947 ) \n \n \n Likewise, the datasette create-token CLI command can now create tokens with a subset of permissions . ( #1855 ) \n \n \n New datasette.create_token() API method for programmatically creating signed API tokens. ( #1951 ) \n \n \n /db/-/create API now requires actor to have insert-row permission in order to use the \"row\" or \"rows\" properties. ( #1937 )", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://simonwillison.net/2022/Dec/15/datasette-1a2/\", \"label\": \"Datasette 1.0a2: Upserts and finely grained permissions\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1878\", \"label\": \"#1878\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1940\", \"label\": \"#1940\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1927\", \"label\": \"#1927\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1636\", \"label\": \"#1636\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1947\", \"label\": \"#1947\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1855\", \"label\": \"#1855\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1951\", \"label\": \"#1951\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1937\", \"label\": \"#1937\"}]"} {"id": "changelog:v1-0-a3", "page": "changelog", "ref": "v1-0-a3", "title": "1.0a3 (2023-08-09)", "content": "This alpha release previews the updated design for Datasette's default JSON API. ( #782 ) \n The new default JSON representation for both table pages ( /dbname/table.json ) and arbitrary SQL queries ( /dbname.json?sql=... ) is now shaped like this: \n {\n \"ok\": true,\n \"rows\": [\n {\n \"id\": 3,\n \"name\": \"Detroit\"\n },\n {\n \"id\": 2,\n \"name\": \"Los Angeles\"\n },\n {\n \"id\": 4,\n \"name\": \"Memnonia\"\n },\n {\n \"id\": 1,\n \"name\": \"San Francisco\"\n }\n ],\n \"truncated\": false\n} \n Tables will include an additional \"next\" key for pagination, which can be passed to ?_next= to fetch the next page of results. \n The various ?_shape= options continue to work as before - see Different shapes for details. \n A new ?_extra= mechanism is available for tables, but has not yet been stabilized or documented. Details on that are available in #262 .", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/782\", \"label\": \"#782\"}, {\"href\": \"https://github.com/simonw/datasette/issues/262\", \"label\": \"#262\"}]"} {"id": "changelog:v1-0-a4", "page": "changelog", "ref": "v1-0-a4", "title": "1.0a4 (2023-08-21)", "content": "This alpha fixes a security issue with the /-/api API explorer. On authenticated Datasette instances (instances protected using plugins such as datasette-auth-passwords ) the API explorer interface could reveal the names of databases and tables within the protected instance. The data stored in those tables was not revealed. \n For more information and workarounds, read the security advisory . The issue has been present in every previous alpha version of Datasette 1.0: versions 1.0a0, 1.0a1, 1.0a2 and 1.0a3. \n Also in this alpha: \n \n \n The new datasette plugins --requirements option outputs a list of currently installed plugins in Python requirements.txt format, useful for duplicating that installation elsewhere. ( #2133 ) \n \n \n Writable canned queries can now define a on_success_message_sql field in their configuration, containing a SQL query that should be executed upon successful completion of the write operation in order to generate a message to be shown to the user. ( #2138 ) \n \n \n The automatically generated border color for a database is now shown in more places around the application. ( #2119 ) \n \n \n Every instance of example shell script code in the documentation should now include a working copy button, free from additional syntax. ( #2140 )", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://datasette.io/plugins/datasette-auth-passwords\", \"label\": \"datasette-auth-passwords\"}, {\"href\": \"https://github.com/simonw/datasette/security/advisories/GHSA-7ch3-7pp7-7cpq\", \"label\": \"the security advisory\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2133\", \"label\": \"#2133\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2138\", \"label\": \"#2138\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2119\", \"label\": \"#2119\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2140\", \"label\": \"#2140\"}]"} {"id": "changelog:v1-0-a5", "page": "changelog", "ref": "v1-0-a5", "title": "1.0a5 (2023-08-29)", "content": "When restrictions are applied to API tokens , those restrictions now behave slightly differently: applying the view-table restriction will imply the ability to view-database for the database containing that table, and both view-table and view-database will imply view-instance . Previously you needed to create a token with restrictions that explicitly listed view-instance and view-database and view-table in order to view a table without getting a permission denied error. ( #2102 ) \n \n \n New datasette.yaml (or .json ) configuration file, which can be specified using datasette -c path-to-file . The goal here to consolidate settings, plugin configuration, permissions, canned queries, and other Datasette configuration into a single single file, separate from metadata.yaml . The legacy settings.json config file used for Configuration directory mode has been removed, and datasette.yaml has a \"settings\" section where the same settings key/value pairs can be included. In the next future alpha release, more configuration such as plugins/permissions/canned queries will be moved to the datasette.yaml file. See #2093 for more details. Thanks, Alex Garcia. \n \n \n The -s/--setting option can now take dotted paths to nested settings. These will then be used to set or over-ride the same options as are present in the new configuration file. ( #2156 ) \n \n \n New --actor '{\"id\": \"json-goes-here\"}' option for use with datasette --get to treat the simulated request as being made by a specific actor, see datasette --get . ( #2153 ) \n \n \n The Datasette _internal database has had some changes. It no longer shows up in the datasette.databases list by default, and is now instead available to plugins using the datasette.get_internal_database() . Plugins are invited to use this as a private database to store configuration and settings and secrets that should not be made visible through the default Datasette interface. Users can pass the new --internal internal.db option to persist that internal database to disk. Thanks, Alex Garcia. ( #2157 ).", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/2102\", \"label\": \"#2102\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2093\", \"label\": \"#2093\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2156\", \"label\": \"#2156\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2153\", \"label\": \"#2153\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2157\", \"label\": \"#2157\"}]"} {"id": "changelog:v1-0-a6", "page": "changelog", "ref": "v1-0-a6", "title": "1.0a6 (2023-09-07)", "content": "New plugin hook: actors_from_ids(datasette, actor_ids) and an internal method to accompany it, await .actors_from_ids(actor_ids) . This mechanism is intended to be used by plugins that may need to display the actor who was responsible for something managed by that plugin: they can now resolve the recorded IDs of actors into the full actor objects. ( #2181 ) \n \n \n DATASETTE_LOAD_PLUGINS environment variable for controlling which plugins are loaded by Datasette. ( #2164 ) \n \n \n Datasette now checks if the user has permission to view a table linked to by a foreign key before turning that foreign key into a clickable link. ( #2178 ) \n \n \n The execute-sql permission now implies that the actor can also view the database and instance. ( #2169 ) \n \n \n Documentation describing a pattern for building plugins that themselves define further hooks for other plugins. ( #1765 ) \n \n \n Datasette is now tested against the Python 3.12 preview. ( #2175 )", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/2181\", \"label\": \"#2181\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2164\", \"label\": \"#2164\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2178\", \"label\": \"#2178\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2169\", \"label\": \"#2169\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1765\", \"label\": \"#1765\"}, {\"href\": \"https://github.com/simonw/datasette/pull/2175\", \"label\": \"#2175\"}]"} {"id": "changelog:v1-0-a7", "page": "changelog", "ref": "v1-0-a7", "title": "1.0a7 (2023-09-21)", "content": "Fix for a crashing bug caused by viewing the table page for a named in-memory database. ( #2189 )", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/2189\", \"label\": \"#2189\"}]"} {"id": "changelog:v1-0-a8", "page": "changelog", "ref": "v1-0-a8", "title": "1.0a8 (2024-02-07)", "content": "This alpha release continues the migration of Datasette's configuration from metadata.yaml to the new datasette.yaml configuration file, introduces a new system for JavaScript plugins and adds several new plugin hooks. \n See Datasette 1.0a8: JavaScript plugins, new plugin hooks and plugin configuration in datasette.yaml for an annotated version of these release notes.", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://simonwillison.net/2024/Feb/7/datasette-1a8/\", \"label\": \"Datasette 1.0a8: JavaScript plugins, new plugin hooks and plugin configuration in datasette.yaml\"}]"} {"id": "changelog:v1-0-a9", "page": "changelog", "ref": "v1-0-a9", "title": "1.0a9 (2024-02-16)", "content": "This alpha release adds basic alter table support to the Datasette Write API and fixes a permissions bug relating to the /upsert API endpoint.", "breadcrumbs": "[\"Changelog\"]", "references": "[]"} {"id": "changelog:writable-canned-queries", "page": "changelog", "ref": "writable-canned-queries", "title": "Writable canned queries", "content": "Datasette's Canned queries feature lets you define SQL queries in metadata.json which can then be executed by users visiting a specific URL. https://latest.datasette.io/fixtures/neighborhood_search for example. \n Canned queries were previously restricted to SELECT , but Datasette 0.44 introduces the ability for canned queries to execute INSERT or UPDATE queries as well, using the new \"write\": true property ( #800 ): \n {\n \"databases\": {\n \"dogs\": {\n \"queries\": {\n \"add_name\": {\n \"sql\": \"INSERT INTO names (name) VALUES (:name)\",\n \"write\": true\n }\n }\n }\n }\n} \n See Writable canned queries for more details.", "breadcrumbs": "[\"Changelog\", \"0.44 (2020-06-11)\"]", "references": "[{\"href\": \"https://latest.datasette.io/fixtures/neighborhood_search\", \"label\": \"https://latest.datasette.io/fixtures/neighborhood_search\"}, {\"href\": \"https://github.com/simonw/datasette/issues/800\", \"label\": \"#800\"}]"} {"id": "changelog:write-api", "page": "changelog", "ref": "write-api", "title": "Write API", "content": "New API explorer at /-/api for trying out the API. ( #1871 ) \n \n \n /db/-/create API for Creating a table . ( #1882 ) \n \n \n /db/table/-/insert API for Inserting rows . ( #1851 ) \n \n \n /db/table/-/drop API for Dropping tables . ( #1874 ) \n \n \n /db/table/pk/-/update API for Updating a row . ( #1863 ) \n \n \n /db/table/pk/-/delete API for Deleting a row . ( #1864 )", "breadcrumbs": "[\"Changelog\", \"1.0a0 (2022-11-29)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/1871\", \"label\": \"#1871\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1882\", \"label\": \"#1882\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1851\", \"label\": \"#1851\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1874\", \"label\": \"#1874\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1863\", \"label\": \"#1863\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1864\", \"label\": \"#1864\"}]"}