Closed simonw closed 7 months ago
Currently permissions are at the database level: you can either edit the schema of every table in a specific database or you can't.
This issue would make it more finely-grained. Now that users can also create tables we may need to split the permissions up some more, maybe like this:
edit-schema-create-table
- a database-level permissionedit-schema-alter-table
- table-level permissionedit-schema-drop-table
- table-level permissionNeed this for Datasette Cloud, where I want to prevent users from editing the schema of certain tables such as _litestream_seq
.
For backwards compatibility I'll continue to support the edit-schema
permission which will mean that all three other permissions are allowed.
I'm going to merge what I have so far, then work on the more complicated edit-schema-drop-table
separately.
It's more complicated because it involves conditionally showing or hiding the drop table button.
Spotted a complication: if a user has edit-schema-drop-table
but does NOT have edit-schema-alter-table
they can't access the alter table page that has the drop table option on it.
Does it even make sense for a user with edit-schema-drop-table
not to have edit-schema-alter-table
?
I think I'll document that you need to add both.
I'll close this after a round of manual testing.
Problem: I have a alter-table
permission in Datasette core now thanks to:
In which case shipping new permissions here may not make sense after all.
I added the Datasette core create-table
and drop-table
permissions in November 2022:
I'm going to close this issue and open a new one to reuse the core permissions instead.
Originally posted by @simonw in https://github.com/simonw/datasette-edit-tables/issues/9#issuecomment-701739951