sections: internals:id1
This data as json
| id | page | ref | title | content | breadcrumbs | references |
|---|---|---|---|---|---|---|
| internals:id1 | internals | id1 | TokenRestrictions | The TokenRestrictions class uses a builder pattern to specify which actions a token is allowed to perform. Import it from datasette.tokens : from datasette.tokens import TokenRestrictions restrictions = ( TokenRestrictions() .allow_all("view-instance") .allow_all("view-table") .allow_database("docs", "view-query") .allow_resource("docs", "attachments", "insert-row") .allow_resource("docs", "attachments", "update-row") ) The builder methods are: allow_all(action) - allow an action across all databases and resources allow_database(database, action) - allow an action on a specific database allow_resource(database, resource, action) - allow an action on a specific resource (table, SQL view or canned query ) within a database Each method returns the TokenRestrictions instance so calls can be chained. TokenRestrictions also provides an abbreviated(datasette) method which returns the restrictions as a dictionary using the compact format described in Restricting the actions that a token can perform , with action names replaced by their registered abbreviations. It returns the inner dictionary only - the "_r" wrapping key shown in that section is not included. Returns None if no restrictions are set. This is useful when writing a custom register_token_handler(datasette) that needs to embed restrictions in a token payload. For example, the following restrictions: restrictions = ( TokenRestrictions() .allow_all("view-instance") .allow_database("docs", "view-query") .allow_resource("docs", "attachments", "insert-row") ) restrictions.abbreviated(datasette) Returns this dictionary, using the abbreviations registered for each action: { "a": ["vi"], "d": {"docs": ["vq"]}, "r": {"docs": {"attachments": ["ir"]}}, } The following example creates a token that can access view-instance and view-table across everything, can additionally use view-query for anything in the docs database and is allowed to execute insert-row and update-row in the attachments table in that database: token = await datasette.create_token( actor_id="user1", restrictions=( TokenRestrictions() .allow_all("view-instance") .allow_all("view-table") .allow_database("docs", "view-query") .allow_resource("docs", "attachments", "insert-row") .allow_resource("docs", "attachments", "update-row") ), ) | ["Internals for plugins", "Datasette class", "await .create_token(actor_id, expires_after=None, restrictions=None, handler=None)"] | [] |