sections: upgrade-1.0a20:using-datasette-allowed-to-check-permissions-instead-of-datasette-permission-allowed
This data as json
| id | page | ref | title | content | breadcrumbs | references |
|---|---|---|---|---|---|---|
| upgrade-1.0a20:using-datasette-allowed-to-check-permissions-instead-of-datasette-permission-allowed | upgrade-1.0a20 | using-datasette-allowed-to-check-permissions-instead-of-datasette-permission-allowed | Using datasette.allowed() to check permissions instead of datasette.permission_allowed() | The internal method datasette.permission_allowed() has been replaced by datasette.allowed() . The old method looked like this: can_debug = await datasette.permission_allowed( request.actor, "view-debug-info", ) can_explain_sql = await datasette.permission_allowed( request.actor, "explain-sql", resource="database_name", ) can_annotate_rows = await datasette.permission_allowed( request.actor, "annotate-rows", resource=(database_name, table_name), ) Note the confusing design here where resource could be either a string or a tuple depending on the permission being checked. The new keyword-only design makes this a lot more clear: from datasette.resources import DatabaseResource, TableResource can_debug = await datasette.allowed( actor=request.actor, action="view-debug-info", ) can_explain_sql = await datasette.allowed( actor=request.actor, action="explain-sql", resource=DatabaseResource(database_name), ) can_annotate_rows = await datasette.allowed( actor=request.actor, action="annotate-rows", resource=TableResource(database_name, table_name), ) | ["Datasette 1.0a20 plugin upgrade guide"] | [] |