Open simonw opened 1 year ago
simonw
commented
1 year ago Hard-coding permissions into this plugin is not the right longer-term solution:
We should probably move this to plugin configuration of some sort, such that https://github.com/ocdtrekkie/datasette-sandstorm can define this mapping itself - here for example:
https://github.com/ocdtrekkie/datasette-sandstorm/blob/main/metadata.yml
ocdtrekkie
commented
1 year ago So currently, the plugin correctly pulls in Sandstorm's permissions into the actor table, but doesn't appear to successfully assign the upload-dbs permission. Below is what I found on /-/permissions, using the latest code.
Recent permissions checks
permissions-debug checked at 2022-09-13T04:08:14.609264 ✓
Actor: {"id": "root"}
view-instance checked at 2022-09-13T04:08:14.609194 none (used default)
Actor: {"id": "root"}
upload-csvs checked at 2022-09-13T04:08:10.860937 ✓
Actor: {"id": "root"}
upload-dbs checked at 2022-09-13T04:08:10.860868 ✓
Actor: {"id": "root"}
datasette-write checked at 2022-09-13T04:08:10.860809 ✓
Actor: {"id": "root"}
debug-menu checked at 2022-09-13T04:08:10.860705 ✓
Actor: {"id": "root"}
view-instance checked at 2022-09-13T04:08:10.853199 ✓ (used default)
Actor: null
view-table checked at 2022-09-13T04:08:10.852555 ✓ (used default)
Actor: null
Resource: ('basemap', 'sqlite_stat1')
view-table checked at 2022-09-13T04:08:10.852535 ✓ (used default)
Actor: {"id": "root"}
Resource: ('basemap', 'sqlite_stat1')
view-table checked at 2022-09-13T04:08:10.851834 ✓ (used default)
Actor: null
Resource: ('basemap', 'grid_data')
view-table checked at 2022-09-13T04:08:10.851814 ✓ (used default)
Actor: {"id": "root"}
Resource: ('basemap', 'grid_data')
view-table checked at 2022-09-13T04:08:10.851110 ✓ (used default)
Actor: null
Resource: ('basemap', 'grids')
view-table checked at 2022-09-13T04:08:10.851090 ✓ (used default)
Actor: {"id": "root"}
Resource: ('basemap', 'grids')
view-table checked at 2022-09-13T04:08:10.850417 ✓ (used default)
Actor: null
Resource: ('basemap', 'metadata')
view-table checked at 2022-09-13T04:08:10.850374 ✓ (used default)
Actor: {"id": "root"}
Resource: ('basemap', 'metadata')
view-table checked at 2022-09-13T04:08:10.849810 ✓ (used default)
Actor: null
Resource: ('basemap', 'tiles')
view-table checked at 2022-09-13T04:08:10.849788 ✓ (used default)
Actor: {"id": "root"}
Resource: ('basemap', 'tiles')
view-database checked at 2022-09-13T04:08:10.848489 ✓ (used default)
Actor: null
Resource: basemap
view-database checked at 2022-09-13T04:08:10.848431 ✓ (used default)
Actor: {"id": "root"}
Resource: basemap
view-table checked at 2022-09-13T04:08:10.847446 ✓ (used default)
Actor: null
Resource: ('_internal', 'foreign_keys')
view-table checked at 2022-09-13T04:08:10.847391 ✓ (used default)
Actor: {"id": "root"}
Resource: ('_internal', 'foreign_keys')
view-table checked at 2022-09-13T04:08:10.846759 ✓ (used default)
Actor: null
Resource: ('_internal', 'indexes')
view-table checked at 2022-09-13T04:08:10.846738 ✓ (used default)
Actor: {"id": "root"}
Resource: ('_internal', 'indexes')
view-table checked at 2022-09-13T04:08:10.845852 ✓ (used default)
Actor: null
Resource: ('_internal', 'columns')
view-table checked at 2022-09-13T04:08:10.845654 ✓ (used default)
Actor: {"id": "root"}
Resource: ('_internal', 'columns')
view-table checked at 2022-09-13T04:08:10.844078 ✓ (used default)
Actor: null
Resource: ('_internal', 'tables')
view-table checked at 2022-09-13T04:08:10.844045 ✓ (used default)
Actor: {"id": "root"}
Resource: ('_internal', 'tables')
view-table checked at 2022-09-13T04:08:10.843205 ✓ (used default)
Actor: null
Resource: ('_internal', 'databases')
view-table checked at 2022-09-13T04:08:10.843150 ✓ (used default)
Actor: {"id": "root"}
Resource: ('_internal', 'databases')
view-database checked at 2022-09-13T04:08:10.840048 ✗
Actor: null
Resource: _internal
view-database checked at 2022-09-13T04:08:10.840030 ✓ (used default)
Actor: {"id": "root"}
Resource: _internal
view-database checked at 2022-09-13T04:08:10.838524 ✓ (used default)
Actor: null
Resource: _memory
view-database checked at 2022-09-13T04:08:10.838508 ✓ (used default)
Actor: {"id": "root"}
Resource: _memory
view-instance checked at 2022-09-13T04:08:10.838475 none (used default)
Actor: {"id": "root"}
upload-csvs checked at 2022-09-13T04:07:52.419323 ✗
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
upload-dbs checked at 2022-09-13T04:07:52.419267 ✗
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
datasette-write checked at 2022-09-13T04:07:52.419252 ✗ (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
debug-menu checked at 2022-09-13T04:07:52.419230 ✗ (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
view-instance checked at 2022-09-13T04:07:52.406456 none (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
upload-csvs checked at 2022-09-13T04:07:43.457494 ✗
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
upload-dbs checked at 2022-09-13T04:07:43.457447 ✗
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
datasette-write checked at 2022-09-13T04:07:43.457367 ✗ (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
debug-menu checked at 2022-09-13T04:07:43.457324 ✗ (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
view-instance checked at 2022-09-13T04:07:43.385554 ✓ (used default)
Actor: null
view-table checked at 2022-09-13T04:07:43.384811 ✓ (used default)
Actor: null
Resource: ('basemap', 'sqlite_stat1')
view-table checked at 2022-09-13T04:07:43.384792 ✓ (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
Resource: ('basemap', 'sqlite_stat1')
view-table checked at 2022-09-13T04:07:43.384002 ✓ (used default)
Actor: null
Resource: ('basemap', 'grid_data')
view-table checked at 2022-09-13T04:07:43.383961 ✓ (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
Resource: ('basemap', 'grid_data')
view-table checked at 2022-09-13T04:07:43.383214 ✓ (used default)
Actor: null
Resource: ('basemap', 'grids')
view-table checked at 2022-09-13T04:07:43.383195 ✓ (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
Resource: ('basemap', 'grids')
view-table checked at 2022-09-13T04:07:43.382557 ✓ (used default)
Actor: null
Resource: ('basemap', 'metadata')
view-table checked at 2022-09-13T04:07:43.382511 ✓ (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
Resource: ('basemap', 'metadata')
view-table checked at 2022-09-13T04:07:43.381839 ✓ (used default)
Actor: null
Resource: ('basemap', 'tiles')
view-table checked at 2022-09-13T04:07:43.381816 ✓ (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
Resource: ('basemap', 'tiles')
view-database checked at 2022-09-13T04:07:43.380276 ✓ (used default)
Actor: null
Resource: basemap
view-database checked at 2022-09-13T04:07:43.380232 ✓ (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
Resource: basemap
view-database checked at 2022-09-13T04:07:43.380113 ✗
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
Resource: _internal
view-database checked at 2022-09-13T04:07:43.377656 ✓ (used default)
Actor: null
Resource: _memory
view-database checked at 2022-09-13T04:07:43.377523 ✓ (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
Resource: _memory
view-instance checked at 2022-09-13T04:07:43.377432 none (used default)
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
Here's the problem:
Actor: {"id": "0058753a6b9f7e19401de3a10a941da0", "permissions": ["admin", "edit"], "picture": "http://static.local.sandstorm.io:6090/identicon/5e0d06fefb17f641093c4686cf1fe597?s=256", "preferred_handle": "alice", "pronouns": "female", "username": "Alice Dev Admin"}
upload-dbs checked at 2022-09-13T04:07:52.419267 ✗I thought the permission was called write but it's actually called edit!
simonw
commented
1 year ago This should have the fix:
pip install https://github.com/simonw/datasette-sandstorm-support/archive/60954697b66e22590aaac17962044593f4a481db.zipAhhhhhhh, good catch! I started at the code a bit and didn't notice that.
I can totally validate the functionality you've built so far now. Database upload works with write permission, and does not work when I only share view permissions to another user.
Following:
2
Plugin hook is: https://docs.datasette.io/en/stable/plugin_hooks.html#permission-allowed-datasette-actor-action-resource