sections: internals:internals-permission-sql
This data as json
| id | page | ref | title | content | breadcrumbs | references |
|---|---|---|---|---|---|---|
| internals:internals-permission-sql | internals | internals-permission-sql | PermissionSQL class | The PermissionSQL class is used by plugins to contribute SQL-based permission rules through the permission_resources_sql(datasette, actor, action) hook. This enables efficient permission checking across multiple resources by leveraging SQLite's query engine. from datasette.permissions import PermissionSQL @dataclass class PermissionSQL: source: str # Plugin name for auditing sql: str # SQL query returning permission rules params: Dict[str, Any] # Parameters for the SQL query Attributes: source - string An identifier for the source of these permission rules, typically the plugin name. This is used for debugging and auditing. sql - string A SQL query that returns permission rules. The query must return rows with the following columns: parent (TEXT or NULL) - The parent resource identifier (e.g., database name) child (TEXT or NULL) - The child resource identifier (e.g., table name) allow (INTEGER) - 1 for allow, 0 for deny reason (TEXT) - A human-readable explanation of why this permission was granted or denied params - dictionary A dictionary of parameters to bind into the SQL query. Parameter names should not include the : prefix. | ["Internals for plugins", "Permission classes and utilities"] | [] |