From 3ce7f2e7dae010de97b67618c111ea5853164a69 Mon Sep 17 00:00:00 2001
From: Simon Willison <swillison@gmail.com>
Date: Mon, 8 Jun 2020 07:23:10 -0700
Subject: [PATCH] Show padlock on private database page, refs #811

---
 datasette/templates/database.html |  2 +-
 datasette/views/database.py       |  3 +++
 tests/test_permissions.py         | 10 ++++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/datasette/templates/database.html b/datasette/templates/database.html
index 1187267dc1..089142e241 100644
--- a/datasette/templates/database.html
+++ b/datasette/templates/database.html
@@ -18,7 +18,7 @@
 
 {% block content %}
 
-<h1 style="padding-left: 10px; border-left: 10px solid #{{ database_color(database) }}">{{ metadata.title or database }}</h1>
+<h1 style="padding-left: 10px; border-left: 10px solid #{{ database_color(database) }}">{{ metadata.title or database }}{% if private %} 🔒{% endif %}</h1>
 
 {% block description_source_license %}{% include "_description_source_license.html" %}{% endblock %}
 
diff --git a/datasette/views/database.py b/datasette/views/database.py
index afbb6b05ec..2d7e6b319e 100644
--- a/datasette/views/database.py
+++ b/datasette/views/database.py
@@ -86,6 +86,9 @@ async def data(self, request, database, hash, default_labels=False, _size=None):
                 "hidden_count": len([t for t in tables if t["hidden"]]),
                 "views": views,
                 "queries": canned_queries,
+                "private": not await self.ds.permission_allowed(
+                    None, "view-database", "database", database
+                ),
             },
             {
                 "show_hidden": request.args.get("_show_hidden"),
diff --git a/tests/test_permissions.py b/tests/test_permissions.py
index 5dcf46ad9f..d76d1e1578 100644
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@@ -43,10 +43,20 @@ def test_view_database(allow, expected_anon, expected_auth):
         ):
             anon_response = client.get(path)
             assert expected_anon == anon_response.status
+            if allow and path == "/fixtures" and anon_response.status == 200:
+                # Should be no padlock
+                assert ">fixtures 🔒</h1>" not in anon_response.text
             auth_response = client.get(
                 path, cookies={"ds_actor": client.ds.sign({"id": "root"}, "actor")},
             )
             assert expected_auth == auth_response.status
+            if (
+                allow
+                and path == "/fixtures"
+                and expected_anon == 403
+                and expected_auth == 200
+            ):
+                assert ">fixtures 🔒</h1>" in auth_response.text
 
 
 def test_database_list_respects_view_database():