sections_fts: 41
This data as json
| rowid | title | content |
|---|---|---|
| 41 | await .allowed(*, action, resource, actor=None) | action - string The name of the action that is being permission checked. resource - Resource object A Resource object representing the database, table, or other resource. Must be an instance of a Resource class such as TableResource , DatabaseResource , QueryResource , or InstanceResource . actor - dictionary, optional The authenticated actor. This is usually request.actor . Defaults to None for unauthenticated requests. This method checks if the given actor has permission to perform the given action on the given resource. All parameters must be passed as keyword arguments. Example usage: from datasette.resources import ( TableResource, DatabaseResource, ) # Check if actor can view a specific table can_view = await datasette.allowed( action="view-table", resource=TableResource( database="fixtures", table="facetable" ), actor=request.actor, ) # Check if actor can execute SQL on a database can_execute = await datasette.allowed( action="execute-sql", resource=DatabaseResource(database="fixtures"), actor=request.actor, ) The method returns True if the permission is granted, False if denied. Results are cached for the duration of the current request, so checking the same (actor, action, resource) combination twice within one request only does the underlying permission resolution work once. |