Skip to content

Commit

Permalink
actor_from_request and permission_allowed hookspecs, refs #699
Browse files Browse the repository at this point in the history
  • Loading branch information
simonw committed Jun 1, 2020
1 parent c4fbe50 commit 060a567
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 0 deletions.
10 changes: 10 additions & 0 deletions datasette/hookspecs.py
Original file line number Diff line number Diff line change
Expand Up @@ -58,3 +58,13 @@ def register_output_renderer(datasette):
@hookspec
def register_facet_classes():
"Register Facet subclasses"


@hookspec
def actor_from_request(datasette, request):
"Return an actor dictionary based on the incoming request"


@hookspec
def permission_allowed(actor, action, resource_type, resource_identifier):
"Check if actor is allowed to perfom this action - return True, False or None"
37 changes: 37 additions & 0 deletions docs/plugins.rst
Original file line number Diff line number Diff line change
Expand Up @@ -941,3 +941,40 @@ This example plugin adds a ``x-databases`` HTTP header listing the currently att
return wrap_with_databases_header
Examples: `datasette-auth-github <https://github.com/simonw/datasette-auth-github>`_, `datasette-search-all <https://github.com/simonw/datasette-search-all>`_, `datasette-media <https://github.com/simonw/datasette-media>`_

.. _plugin_actor_from_request:

actor_from_request(datasette, request)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

``datasette`` - :ref:`internals_datasette`
You can use this to access plugin configuration options via ``datasette.plugin_config(your_plugin_name)``, or to execute SQL queries.

``request`` - object
The current HTTP :ref:`internals_request`.

This is part of Datasette's authentication and permissions system. The function should attempt to authenticate an actor (either a user or an API actor of some sort) based on information in the request.

If it cannot authenticate an actor, it should return ``None``. Otherwise it should return a dictionary representing that actor.

.. _plugin_permission_allowed:

permission_allowed(datasette, actor, action, resource_type, resource_identifier)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

``datasette`` - :ref:`internals_datasette`
You can use this to access plugin configuration options via ``datasette.plugin_config(your_plugin_name)``, or to execute SQL queries.

``actor`` - dictionary
The current actor, as decided by :ref:`plugin_actor_from_request`.

``action`` - string
The action to be performed, e.g. ``"edit-table"``.

``resource_type`` - string
The type of resource being acted on, e.g. ``"table"``.

``resource`` - string
An identifier for the individual resource, e.g. the name of the table.

Called to check that an actor has permission to perform an action on a resource. Can return ``True`` if the action is allowed, ``False`` if the action is not allowed or ``None`` if the plugin does not have an opinion one way or the other.

0 comments on commit 060a567

Please sign in to comment.