sections: plugin_hooks:restrict-execute-sql-to-a-database-prefix
This data as json
| id | page | ref | title | content | breadcrumbs | references |
|---|---|---|---|---|---|---|
| plugin_hooks:restrict-execute-sql-to-a-database-prefix | plugin_hooks | restrict-execute-sql-to-a-database-prefix | Restrict execute-sql to a database prefix | Only allow execute-sql against databases whose name begins with analytics_ . This shows how to use parameters that the permission resolver will pass through to the SQL snippet. from datasette import hookimpl from datasette.permissions import PermissionSQL @hookimpl def permission_resources_sql(datasette, actor, action): if action != "execute-sql": return None return PermissionSQL( sql=""" SELECT parent, NULL AS child, 1 AS allow, 'execute-sql allowed for analytics_*' AS reason FROM catalog_databases WHERE database_name LIKE :analytics_prefix """, params={ "analytics_prefix": "analytics_%", }, ) | ["Plugin hooks", "permission_resources_sql(datasette, actor, action)", "Permission plugin examples"] | [] |