sections
5 rows where breadcrumbs contains "permission_resources_sql(datasette, actor, action)" and references = "[]"
This data as json, CSV (advanced)
Suggested facets: breadcrumbs, breadcrumbs (array)
| id ▼ | page | ref | title | content | breadcrumbs | references |
|---|---|---|---|---|---|---|
| plugin_hooks:allow-alice-to-view-a-specific-table | plugin_hooks | allow-alice-to-view-a-specific-table | Allow Alice to view a specific table | This plugin grants the actor with id == "alice" permission to perform the view-table action against the sales table inside the accounting database. from datasette import hookimpl from datasette.permissions import PermissionSQL @hookimpl def permission_resources_sql(datasette, actor, action): if action != "view-table": return None if not actor or actor.get("id") != "alice": return None return PermissionSQL( sql=""" SELECT 'accounting' AS parent, 'sales' AS child, 1 AS allow, 'alice can view accounting/sales' AS reason """, ) | ["Plugin hooks", "permission_resources_sql(datasette, actor, action)", "Permission plugin examples"] | [] |
| plugin_hooks:default-deny-with-an-exception | plugin_hooks | default-deny-with-an-exception | Default deny with an exception | Combine a root-level deny with a specific table allow for trusted users. The resolver will automatically apply the most specific rule. from datasette import hookimpl from datasette.permissions import PermissionSQL TRUSTED = {"alice", "bob"} @hookimpl def permission_resources_sql(datasette, actor, action): if action != "view-table": return None actor_id = (actor or {}).get("id") if actor_id not in TRUSTED: return PermissionSQL( sql=""" SELECT NULL AS parent, NULL AS child, 0 AS allow, 'default deny view-table' AS reason """, ) return PermissionSQL( sql=""" SELECT NULL AS parent, NULL AS child, 0 AS allow, 'default deny view-table' AS reason UNION ALL SELECT 'reports' AS parent, 'daily_metrics' AS child, 1 AS allow, 'trusted user access' AS reason """, params={"actor_id": actor_id}, ) The UNION ALL ensures the deny rule is always present, while the second row adds the exception for trusted users. | ["Plugin hooks", "permission_resources_sql(datasette, actor, action)", "Permission plugin examples"] | [] |
| plugin_hooks:permission-plugin-examples | plugin_hooks | permission-plugin-examples | Permission plugin examples | These snippets show how to use the new permission_resources_sql hook to contribute rows to the action-based permission resolver. Each hook receives the current actor dictionary (or None ) and must return None or an instance or list of datasette.permissions.PermissionSQL (or a coroutine that resolves to that). | ["Plugin hooks", "permission_resources_sql(datasette, actor, action)"] | [] |
| plugin_hooks:read-permissions-from-a-custom-table | plugin_hooks | read-permissions-from-a-custom-table | Read permissions from a custom table | This example stores grants in an internal table called permission_grants with columns (actor_id, action, parent, child, allow, reason) . from datasette import hookimpl from datasette.permissions import PermissionSQL @hookimpl def permission_resources_sql(datasette, actor, action): if not actor: return None return PermissionSQL( sql=""" SELECT parent, child, allow, COALESCE(reason, 'permission_grants table') AS reason FROM permission_grants WHERE actor_id = :grants_actor_id AND action = :grants_action """, params={ "grants_actor_id": actor.get("id"), "grants_action": action, }, ) | ["Plugin hooks", "permission_resources_sql(datasette, actor, action)", "Permission plugin examples"] | [] |
| plugin_hooks:restrict-execute-sql-to-a-database-prefix | plugin_hooks | restrict-execute-sql-to-a-database-prefix | Restrict execute-sql to a database prefix | Only allow execute-sql against databases whose name begins with analytics_ . This shows how to use parameters that the permission resolver will pass through to the SQL snippet. from datasette import hookimpl from datasette.permissions import PermissionSQL @hookimpl def permission_resources_sql(datasette, actor, action): if action != "execute-sql": return None return PermissionSQL( sql=""" SELECT parent, NULL AS child, 1 AS allow, 'execute-sql allowed for analytics_*' AS reason FROM catalog_databases WHERE database_name LIKE :analytics_prefix """, params={ "analytics_prefix": "analytics_%", }, ) | ["Plugin hooks", "permission_resources_sql(datasette, actor, action)", "Permission plugin examples"] | [] |
Advanced export
JSON shape: default, array, newline-delimited, object
CREATE TABLE [sections] ( [id] TEXT PRIMARY KEY, [page] TEXT, [ref] TEXT, [title] TEXT, [content] TEXT, [breadcrumbs] TEXT, [references] TEXT );