sections: internals:id1
This data as json
| id | page | ref | title | content | breadcrumbs | references |
|---|---|---|---|---|---|---|
| internals:id1 | internals | id1 | TokenRestrictions | The TokenRestrictions class uses a builder pattern to specify which actions a token is allowed to perform. Import it from datasette.tokens : from datasette.tokens import TokenRestrictions restrictions = ( TokenRestrictions() .allow_all("view-instance") .allow_all("view-table") .allow_database("docs", "view-query") .allow_resource("docs", "attachments", "insert-row") .allow_resource("docs", "attachments", "update-row") ) The builder methods are: allow_all(action) - allow an action across all databases and resources allow_database(database, action) - allow an action on a specific database allow_resource(database, resource, action) - allow an action on a specific resource (table, SQL view or canned query ) within a database Each method returns the TokenRestrictions instance so calls can be chained. The following example creates a token that can access view-instance and view-table across everything, can additionally use view-query for anything in the docs database and is allowed to execute insert-row and update-row in the attachments table in that database: token = await datasette.create_token( actor_id="user1", restrictions=( TokenRestrictions() .allow_all("view-instance") .allow_all("view-table") .allow_database("docs", "view-query") .allow_resource("docs", "attachments", "insert-row") .allow_resource("docs", "attachments", "update-row") ), ) | ["Internals for plugins", "Datasette class", "await .create_token(actor_id, expires_after=None, restrictions=None, handler=None)"] | [] |