Support setting permissions at the individual table level

[simonw]

This permission should take the current database and table into account, so administrators can configure permission for specific users to edit tables only within a specific database (or limit them to editing specific columns).

Import to consider what this means for table renaming - if you only have permission to edit one specific table you should not be able to rename it. Refs #19.

Originally posted by @simonw in https://github.com/simonw/datasette-edit-tables/issues/9#issuecomment-701739951

[simonw]

Currently permissions are at the database level: you can either edit the schema of every table in a specific database or you can't.

This issue would make it more finely-grained. Now that users can also create tables we may need to split the permissions up some more, maybe like this:

• edit-schema-create-table - a database-level permission
• edit-schema-alter-table - table-level permission
• edit-schema-drop-table - table-level permission

[simonw]

Need this for Datasette Cloud, where I want to prevent users from editing the schema of certain tables such as _litestream_seq.

[simonw]

For backwards compatibility I'll continue to support the edit-schema permission which will mean that all three other permissions are allowed.

[simonw]

I'm going to merge what I have so far, then work on the more complicated edit-schema-drop-table separately.

It's more complicated because it involves conditionally showing or hiding the drop table button.

[simonw]

Spotted a complication: if a user has edit-schema-drop-table but does NOT have edit-schema-alter-table they can't access the alter table page that has the drop table option on it.

Does it even make sense for a user with edit-schema-drop-table not to have edit-schema-alter-table?

I think I'll document that you need to add both.

[simonw]

I'll close this after a round of manual testing.

[simonw]

Problem: I have a alter-table permission in Datasette core now thanks to:

• https://github.com/simonw/datasette/issues/2101

In which case shipping new permissions here may not make sense after all.

[simonw]

I added the Datasette core create-table and drop-table permissions in November 2022:

• https://github.com/simonw/datasette/issues/1874
• https://github.com/simonw/datasette/issues/1882

[simonw]

I'm going to close this issue and open a new one to reuse the core permissions instead.