Show padlock on private table page, refs #811

simonw · Jun 8, 2020 · aa42000 · aa42000
1 parent dfff34e
commit aa42000
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/datasette/templates/table.html b/datasette/templates/table.html
@@ -26,7 +26,7 @@
 
 {% block content %}
 
-<h1 style="padding-left: 10px; border-left: 10px solid #{{ database_color(database) }}">{{ metadata.title or table }}{% if is_view %} (view){% endif %}</h1>
+<h1 style="padding-left: 10px; border-left: 10px solid #{{ database_color(database) }}">{{ metadata.title or table }}{% if is_view %} (view){% endif %}{% if private %} 🔒{% endif %}</h1>
 
 {% block description_source_license %}{% include "_description_source_license.html" %}{% endblock %}
 

diff --git a/datasette/views/table.py b/datasette/views/table.py
@@ -271,6 +271,10 @@ async def data(
         await self.check_permission(request, "view-database", "database", database)
         await self.check_permission(request, "view-table", "table", (database, table))
 
+        private = not await self.ds.permission_allowed(
+            None, "view-table", "table", (database, table), default=True
+        )
+
         pks = await db.primary_keys(table)
         table_columns = await db.table_columns(table)
 
@@ -834,6 +838,7 @@ async def extra_template():
                 "suggested_facets": suggested_facets,
                 "next": next_value and str(next_value) or None,
                 "next_url": next_url,
+                "private": private,
             },
             extra_template,
             (

diff --git a/tests/test_permissions.py b/tests/test_permissions.py
@@ -90,11 +90,16 @@ def test_view_table(allow, expected_anon, expected_auth):
     ) as client:
         anon_response = client.get("/fixtures/compound_three_primary_keys")
         assert expected_anon == anon_response.status
+        if allow and anon_response.status == 200:
+            # Should be no padlock
+            assert ">compound_three_primary_keys 🔒</h1>" not in anon_response.text
         auth_response = client.get(
             "/fixtures/compound_three_primary_keys",
             cookies={"ds_actor": client.ds.sign({"id": "root"}, "actor")},
         )
         assert expected_auth == auth_response.status
+        if allow and expected_anon == 403 and expected_auth == 200:
+            assert ">compound_three_primary_keys 🔒</h1>" in auth_response.text
 
 
 def test_table_list_respects_view_table():