{"authentication~3Aallowdebugview": {"id": "authentication:allowdebugview", "page": "authentication", "ref": "allowdebugview", "title": "The /-/allow-debug tool", "content": "The /-/allow-debug tool lets you try out different \"action\" blocks against different \"actor\" JSON objects. You can try that out here: https://latest.datasette.io/-/allow-debug", "breadcrumbs": "[\"Authentication and permissions\", \"Permissions\"]", "references": "[{\"href\": \"https://latest.datasette.io/-/allow-debug\", \"label\": \"https://latest.datasette.io/-/allow-debug\"}]"}, "authentication~3Aauthentication": {"id": "authentication:authentication", "page": "authentication", "ref": "authentication", "title": "Authentication and permissions", "content": "Datasette does not require authentication by default. Any visitor to a Datasette instance can explore the full data and execute read-only SQL queries. \n Datasette's plugin system can be used to add many different styles of authentication, such as user accounts, single sign-on or API keys.", "breadcrumbs": "[]", "references": "[]"}, "authentication~3Aauthentication-actor": {"id": "authentication:authentication-actor", "page": "authentication", "ref": "authentication-actor", "title": "Actors", "content": "Through plugins, Datasette can support both authenticated users (with cookies) and authenticated API agents (via authentication tokens). The word \"actor\" is used to cover both of these cases. \n Every request to Datasette has an associated actor value, available in the code as request.actor . This can be None for unauthenticated requests, or a JSON compatible Python dictionary for authenticated users or API agents. \n The actor dictionary can be any shape - the design of that data structure is left up to the plugins. A useful convention is to include an \"id\" string, as demonstrated by the \"root\" actor below. \n Plugins can use the actor_from_request(datasette, request) hook to implement custom logic for authenticating an actor based on the incoming HTTP request.", "breadcrumbs": "[\"Authentication and permissions\"]", "references": "[]"}, "authentication~3Aauthentication-actor-matches-allow": {"id": "authentication:authentication-actor-matches-allow", "page": "authentication", "ref": "authentication-actor-matches-allow", "title": "actor_matches_allow()", "content": "Plugins that wish to implement this same \"allow\" block permissions scheme can take advantage of the datasette.utils.actor_matches_allow(actor, allow) function: \n from datasette.utils import actor_matches_allow\n\nactor_matches_allow({\"id\": \"root\"}, {\"id\": \"*\"})\n# returns True \n The currently authenticated actor is made available to plugins as request.actor .", "breadcrumbs": "[\"Authentication and permissions\"]", "references": "[]"}, "authentication~3Aauthentication-ds-actor": {"id": "authentication:authentication-ds-actor", "page": "authentication", "ref": "authentication-ds-actor", "title": "The ds_actor cookie", "content": "Datasette includes a default authentication plugin which looks for a signed ds_actor cookie containing a JSON actor dictionary. This is how the root actor mechanism works. \n Authentication plugins can set signed ds_actor cookies themselves like so: \n response = Response.redirect(\"/\")\nresponse.set_cookie(\n \"ds_actor\",\n datasette.sign({\"a\": {\"id\": \"cleopaws\"}}, \"actor\"),\n) \n Note that you need to pass \"actor\" as the namespace to .sign(value, namespace=\"default\") . \n The shape of data encoded in the cookie is as follows: \n {\n \"a\": {... actor ...}\n}", "breadcrumbs": "[\"Authentication and permissions\"]", "references": "[]"}, "authentication~3Aauthentication-ds-actor-expiry": {"id": "authentication:authentication-ds-actor-expiry", "page": "authentication", "ref": "authentication-ds-actor-expiry", "title": "Including an expiry time", "content": "ds_actor cookies can optionally include a signed expiry timestamp, after which the cookies will no longer be valid. Authentication plugins may chose to use this mechanism to limit the lifetime of the cookie. For example, if a plugin implements single-sign-on against another source it may decide to set short-lived cookies so that if the user is removed from the SSO system their existing Datasette cookies will stop working shortly afterwards. \n To include an expiry, add a \"e\" key to the cookie value containing a base62-encoded integer representing the timestamp when the cookie should expire. For example, here's how to set a cookie that expires after 24 hours: \n import time\nfrom datasette.utils import baseconv\n\nexpires_at = int(time.time()) + (24 * 60 * 60)\n\nresponse = Response.redirect(\"/\")\nresponse.set_cookie(\n \"ds_actor\",\n datasette.sign(\n {\n \"a\": {\"id\": \"cleopaws\"},\n \"e\": baseconv.base62.encode(expires_at),\n },\n \"actor\",\n ),\n) \n The resulting cookie will encode data that looks something like this: \n {\n \"a\": {\n \"id\": \"cleopaws\"\n },\n \"e\": \"1jjSji\"\n}", "breadcrumbs": "[\"Authentication and permissions\", \"The ds_actor cookie\"]", "references": "[]"}, "authentication~3Aauthentication-permissions": {"id": "authentication:authentication-permissions", "page": "authentication", "ref": "authentication-permissions", "title": "Permissions", "content": "Datasette has an extensive permissions system built-in, which can be further extended and customized by plugins. \n The key question the permissions system answers is this: \n \n Is this actor allowed to perform this action , optionally against this particular resource ? \n \n Actors are described above . \n An action is a string describing the action the actor would like to perform. A full list is provided below - examples include view-table and execute-sql . \n A resource is the item the actor wishes to interact with - for example a specific database or table. Some actions, such as permissions-debug , are not associated with a particular resource. \n Datasette's built-in view permissions ( view-database , view-table etc) default to allow - unless you configure additional permission rules unauthenticated users will be allowed to access content. \n Permissions with potentially harmful effects should default to deny . Plugin authors should account for this when designing new plugins - for example, the datasette-upload-csvs plugin defaults to deny so that installations don't accidentally allow unauthenticated users to create new tables by uploading a CSV file.", "breadcrumbs": "[\"Authentication and permissions\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette-upload-csvs\", \"label\": \"datasette-upload-csvs\"}]"}, "authentication~3Aauthentication-permissions-allow": {"id": "authentication:authentication-permissions-allow", "page": "authentication", "ref": "authentication-permissions-allow", "title": "Defining permissions with \"allow\" blocks", "content": "The standard way to define permissions in Datasette is to use an \"allow\" block. This is a JSON document describing which actors are allowed to perform a permission. \n The most basic form of allow block is this ( allow demo , deny demo ): \n {\n \"allow\": {\n \"id\": \"root\"\n }\n} \n This will match any actors with an \"id\" property of \"root\" - for example, an actor that looks like this: \n {\n \"id\": \"root\",\n \"name\": \"Root User\"\n} \n An allow block can specify \"deny all\" using false ( demo ): \n {\n \"allow\": false\n} \n An \"allow\" of true allows all access ( demo ): \n {\n \"allow\": true\n} \n Allow keys can provide a list of values. These will match any actor that has any of those values ( allow demo , deny demo ): \n {\n \"allow\": {\n \"id\": [\"simon\", \"cleopaws\"]\n }\n} \n This will match any actor with an \"id\" of either \"simon\" or \"cleopaws\" . \n Actors can have properties that feature a list of values. These will be matched against the list of values in an allow block. Consider the following actor: \n {\n \"id\": \"simon\",\n \"roles\": [\"staff\", \"developer\"]\n} \n This allow block will provide access to any actor that has \"developer\" as one of their roles ( allow demo , deny demo ): \n {\n \"allow\": {\n \"roles\": [\"developer\"]\n }\n} \n Note that \"roles\" is not a concept that is baked into Datasette - it's a convention that plugins can choose to implement and act on. \n If you want to provide access to any actor with a value for a specific key, use \"*\" . For example, to match any logged-in user specify the following ( allow demo , deny demo ): \n {\n \"allow\": {\n \"id\": \"*\"\n }\n} \n You can specify that only unauthenticated actors (from anonymous HTTP requests) should be allowed access using the special \"unauthenticated\": true key in an allow block ( allow demo , deny demo ): \n {\n \"allow\": {\n \"unauthenticated\": true\n }\n} \n Allow keys act as an \"or\" mechanism. An actor will be able to execute the query if any of their JSON properties match any of the values in the corresponding lists in the allow block. The following block will allow users with either a role of \"ops\" OR users who have an id of \"simon\" or \"cleopaws\" : \n {\n \"allow\": {\n \"id\": [\"simon\", \"cleopaws\"],\n \"role\": \"ops\"\n }\n} \n Demo for cleopaws , demo for ops role , demo for an actor matching neither rule .", "breadcrumbs": "[\"Authentication and permissions\", \"Permissions\"]", "references": "[{\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%22id%22%3A+%22root%22%7D&allow=%7B%0D%0A++++++++%22id%22%3A+%22root%22%0D%0A++++%7D\", \"label\": \"allow demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%22id%22%3A+%22trevor%22%7D&allow=%7B%0D%0A++++++++%22id%22%3A+%22root%22%0D%0A++++%7D\", \"label\": \"deny demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22id%22%3A+%22root%22%0D%0A%7D&allow=false\", \"label\": \"demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22id%22%3A+%22root%22%0D%0A%7D&allow=true\", \"label\": \"demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22id%22%3A+%22cleopaws%22%0D%0A%7D&allow=%7B%0D%0A++++%22id%22%3A+%5B%0D%0A++++++++%22simon%22%2C%0D%0A++++++++%22cleopaws%22%0D%0A++++%5D%0D%0A%7D\", \"label\": \"allow demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22id%22%3A+%22pancakes%22%0D%0A%7D&allow=%7B%0D%0A++++%22id%22%3A+%5B%0D%0A++++++++%22simon%22%2C%0D%0A++++++++%22cleopaws%22%0D%0A++++%5D%0D%0A%7D\", \"label\": \"deny demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22id%22%3A+%22simon%22%2C%0D%0A++++%22roles%22%3A+%5B%0D%0A++++++++%22staff%22%2C%0D%0A++++++++%22developer%22%0D%0A++++%5D%0D%0A%7D&allow=%7B%0D%0A++++%22roles%22%3A+%5B%0D%0A++++++++%22developer%22%0D%0A++++%5D%0D%0A%7D\", \"label\": \"allow demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22id%22%3A+%22cleopaws%22%2C%0D%0A++++%22roles%22%3A+%5B%22dog%22%5D%0D%0A%7D&allow=%7B%0D%0A++++%22roles%22%3A+%5B%0D%0A++++++++%22developer%22%0D%0A++++%5D%0D%0A%7D\", \"label\": \"deny demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22id%22%3A+%22simon%22%0D%0A%7D&allow=%7B%0D%0A++++%22id%22%3A+%22*%22%0D%0A%7D\", \"label\": \"allow demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22bot%22%3A+%22readme-bot%22%0D%0A%7D&allow=%7B%0D%0A++++%22id%22%3A+%22*%22%0D%0A%7D\", \"label\": \"deny demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=null&allow=%7B%0D%0A++++%22unauthenticated%22%3A+true%0D%0A%7D\", \"label\": \"allow demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22id%22%3A+%22hello%22%0D%0A%7D&allow=%7B%0D%0A++++%22unauthenticated%22%3A+true%0D%0A%7D\", \"label\": \"deny demo\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22id%22%3A+%22cleopaws%22%0D%0A%7D&allow=%7B%0D%0A++++%22id%22%3A+%5B%0D%0A++++++++%22simon%22%2C%0D%0A++++++++%22cleopaws%22%0D%0A++++%5D%2C%0D%0A++++%22role%22%3A+%22ops%22%0D%0A%7D\", \"label\": \"Demo for cleopaws\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22id%22%3A+%22trevor%22%2C%0D%0A++++%22role%22%3A+%5B%0D%0A++++++++%22ops%22%2C%0D%0A++++++++%22staff%22%0D%0A++++%5D%0D%0A%7D&allow=%7B%0D%0A++++%22id%22%3A+%5B%0D%0A++++++++%22simon%22%2C%0D%0A++++++++%22cleopaws%22%0D%0A++++%5D%2C%0D%0A++++%22role%22%3A+%22ops%22%0D%0A%7D\", \"label\": \"demo for ops role\"}, {\"href\": \"https://latest.datasette.io/-/allow-debug?actor=%7B%0D%0A++++%22id%22%3A+%22percy%22%2C%0D%0A++++%22role%22%3A+%5B%0D%0A++++++++%22staff%22%0D%0A++++%5D%0D%0A%7D&allow=%7B%0D%0A++++%22id%22%3A+%5B%0D%0A++++++++%22simon%22%2C%0D%0A++++++++%22cleopaws%22%0D%0A++++%5D%2C%0D%0A++++%22role%22%3A+%22ops%22%0D%0A%7D\", \"label\": \"demo for an actor matching neither rule\"}]"}, "authentication~3Aauthentication-permissions-database": {"id": "authentication:authentication-permissions-database", "page": "authentication", "ref": "authentication-permissions-database", "title": "Controlling access to specific databases", "content": "To limit access to a specific private.db database to just authenticated users, use the \"allow\" block like this: \n {\n \"databases\": {\n \"private\": {\n \"allow\": {\n \"id\": \"*\"\n }\n }\n }\n}", "breadcrumbs": "[\"Authentication and permissions\", \"Configuring permissions in metadata.json\"]", "references": "[]"}, "authentication~3Aauthentication-permissions-execute-sql": {"id": "authentication:authentication-permissions-execute-sql", "page": "authentication", "ref": "authentication-permissions-execute-sql", "title": "Controlling the ability to execute arbitrary SQL", "content": "Datasette defaults to allowing any site visitor to execute their own custom SQL queries, for example using the form on the database page or by appending a ?_where= parameter to the table page like this . \n Access to this ability is controlled by the execute-sql permission. \n The easiest way to disable arbitrary SQL queries is using the default_allow_sql setting when you first start Datasette running. \n You can alternatively use an \"allow_sql\" block to control who is allowed to execute arbitrary SQL queries. \n To prevent any user from executing arbitrary SQL queries, use this: \n {\n \"allow_sql\": false\n} \n To enable just the root user to execute SQL for all databases in your instance, use the following: \n {\n \"allow_sql\": {\n \"id\": \"root\"\n }\n} \n To limit this ability for just one specific database, use this: \n {\n \"databases\": {\n \"mydatabase\": {\n \"allow_sql\": {\n \"id\": \"root\"\n }\n }\n }\n}", "breadcrumbs": "[\"Authentication and permissions\", \"Configuring permissions in metadata.json\"]", "references": "[{\"href\": \"https://latest.datasette.io/fixtures\", \"label\": \"the database page\"}, {\"href\": \"https://latest.datasette.io/fixtures/facetable?_where=_city_id=1\", \"label\": \"like this\"}]"}, "authentication~3Aauthentication-permissions-instance": {"id": "authentication:authentication-permissions-instance", "page": "authentication", "ref": "authentication-permissions-instance", "title": "Controlling access to an instance", "content": "Here's how to restrict access to your entire Datasette instance to just the \"id\": \"root\" user: \n {\n \"title\": \"My private Datasette instance\",\n \"allow\": {\n \"id\": \"root\"\n }\n} \n To deny access to all users, you can use \"allow\": false : \n {\n \"title\": \"My entirely inaccessible instance\",\n \"allow\": false\n} \n One reason to do this is if you are using a Datasette plugin - such as datasette-permissions-sql - to control permissions instead.", "breadcrumbs": "[\"Authentication and permissions\", \"Configuring permissions in metadata.json\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette-permissions-sql\", \"label\": \"datasette-permissions-sql\"}]"}, "authentication~3Aauthentication-permissions-metadata": {"id": "authentication:authentication-permissions-metadata", "page": "authentication", "ref": "authentication-permissions-metadata", "title": "Configuring permissions in metadata.json", "content": "You can limit who is allowed to view different parts of your Datasette instance using \"allow\" keys in your Metadata configuration. \n You can control the following: \n \n \n Access to the entire Datasette instance \n \n \n Access to specific databases \n \n \n Access to specific tables and views \n \n \n Access to specific Canned queries \n \n \n If a user cannot access a specific database, they will not be able to access tables, views or queries within that database. If a user cannot access the instance they will not be able to access any of the databases, tables, views or queries.", "breadcrumbs": "[\"Authentication and permissions\"]", "references": "[]"}, "authentication~3Aauthentication-permissions-query": {"id": "authentication:authentication-permissions-query", "page": "authentication", "ref": "authentication-permissions-query", "title": "Controlling access to specific canned queries", "content": "Canned queries allow you to configure named SQL queries in your metadata.json that can be executed by users. These queries can be set up to both read and write to the database, so controlling who can execute them can be important. \n To limit access to the add_name canned query in your dogs.db database to just the root user : \n {\n \"databases\": {\n \"dogs\": {\n \"queries\": {\n \"add_name\": {\n \"sql\": \"INSERT INTO names (name) VALUES (:name)\",\n \"write\": true,\n \"allow\": {\n \"id\": [\"root\"]\n }\n }\n }\n }\n }\n}", "breadcrumbs": "[\"Authentication and permissions\", \"Configuring permissions in metadata.json\"]", "references": "[]"}, "authentication~3Aauthentication-permissions-table": {"id": "authentication:authentication-permissions-table", "page": "authentication", "ref": "authentication-permissions-table", "title": "Controlling access to specific tables and views", "content": "To limit access to the users table in your bakery.db database: \n {\n \"databases\": {\n \"bakery\": {\n \"tables\": {\n \"users\": {\n \"allow\": {\n \"id\": \"*\"\n }\n }\n }\n }\n }\n} \n This works for SQL views as well - you can list their names in the \"tables\" block above in the same way as regular tables. \n \n Restricting access to tables and views in this way will NOT prevent users from querying them using arbitrary SQL queries, like this for example. \n If you are restricting access to specific tables you should also use the \"allow_sql\" block to prevent users from bypassing the limit with their own SQL queries - see Controlling the ability to execute arbitrary SQL .", "breadcrumbs": "[\"Authentication and permissions\", \"Configuring permissions in metadata.json\"]", "references": "[{\"href\": \"https://latest.datasette.io/fixtures?sql=select+*+from+facetable\", \"label\": \"like this\"}]"}, "authentication~3Aauthentication-root": {"id": "authentication:authentication-root", "page": "authentication", "ref": "authentication-root", "title": "Using the \"root\" actor", "content": "Datasette currently leaves almost all forms of authentication to plugins - datasette-auth-github for example. \n The one exception is the \"root\" account, which you can sign into while using Datasette on your local machine. This provides access to a small number of debugging features. \n To sign in as root, start Datasette using the --root command-line option, like this: \n $ datasette --root\nhttp://127.0.0.1:8001/-/auth-token?token=786fc524e0199d70dc9a581d851f466244e114ca92f33aa3b42a139e9388daa7\nINFO: Started server process [25801]\nINFO: Waiting for application startup.\nINFO: Application startup complete.\nINFO: Uvicorn running on http://127.0.0.1:8001 (Press CTRL+C to quit) \n The URL on the first line includes a one-use token which can be used to sign in as the \"root\" actor in your browser. Click on that link and then visit http://127.0.0.1:8001/-/actor to confirm that you are authenticated as an actor that looks like this: \n {\n \"id\": \"root\"\n}", "breadcrumbs": "[\"Authentication and permissions\", \"Actors\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette-auth-github\", \"label\": \"datasette-auth-github\"}]"}, "authentication~3Aid1": {"id": "authentication:id1", "page": "authentication", "ref": "id1", "title": "Built-in permissions", "content": "This section lists all of the permission checks that are carried out by Datasette core, along with the resource if it was passed.", "breadcrumbs": "[\"Authentication and permissions\"]", "references": "[]"}, "authentication~3Alogoutview": {"id": "authentication:logoutview", "page": "authentication", "ref": "logoutview", "title": "The /-/logout page", "content": "The page at /-/logout provides the ability to log out of a ds_actor cookie authentication session.", "breadcrumbs": "[\"Authentication and permissions\", \"The ds_actor cookie\"]", "references": "[]"}, "authentication~3Apermissions-debug-menu": {"id": "authentication:permissions-debug-menu", "page": "authentication", "ref": "permissions-debug-menu", "title": "debug-menu", "content": "Controls if the various debug pages are displayed in the navigation menu. \n Default deny .", "breadcrumbs": "[\"Authentication and permissions\", \"Built-in permissions\"]", "references": "[]"}, "authentication~3Apermissions-execute-sql": {"id": "authentication:permissions-execute-sql", "page": "authentication", "ref": "permissions-execute-sql", "title": "execute-sql", "content": "Actor is allowed to run arbitrary SQL queries against a specific database, e.g. https://latest.datasette.io/fixtures?sql=select+100 \n \n \n resource - string \n \n The name of the database \n \n \n \n Default allow . See also the default_allow_sql setting .", "breadcrumbs": "[\"Authentication and permissions\", \"Built-in permissions\"]", "references": "[{\"href\": \"https://latest.datasette.io/fixtures?sql=select+100\", \"label\": \"https://latest.datasette.io/fixtures?sql=select+100\"}]"}, "authentication~3Apermissions-permissions-debug": {"id": "authentication:permissions-permissions-debug", "page": "authentication", "ref": "permissions-permissions-debug", "title": "permissions-debug", "content": "Actor is allowed to view the /-/permissions debug page. \n Default deny .", "breadcrumbs": "[\"Authentication and permissions\", \"Built-in permissions\"]", "references": "[]"}, "authentication~3Apermissions-plugins": {"id": "authentication:permissions-plugins", "page": "authentication", "ref": "permissions-plugins", "title": "Checking permissions in plugins", "content": "Datasette plugins can check if an actor has permission to perform an action using the datasette.permission_allowed(...) method. \n Datasette core performs a number of permission checks, documented below . Plugins can implement the permission_allowed(datasette, actor, action, resource) plugin hook to participate in decisions about whether an actor should be able to perform a specified action.", "breadcrumbs": "[\"Authentication and permissions\"]", "references": "[]"}, "authentication~3Apermissions-view-database": {"id": "authentication:permissions-view-database", "page": "authentication", "ref": "permissions-view-database", "title": "view-database", "content": "Actor is allowed to view a database page, e.g. https://latest.datasette.io/fixtures \n \n \n resource - string \n \n The name of the database \n \n \n \n Default allow .", "breadcrumbs": "[\"Authentication and permissions\", \"Built-in permissions\"]", "references": "[{\"href\": \"https://latest.datasette.io/fixtures\", \"label\": \"https://latest.datasette.io/fixtures\"}]"}, "authentication~3Apermissions-view-database-download": {"id": "authentication:permissions-view-database-download", "page": "authentication", "ref": "permissions-view-database-download", "title": "view-database-download", "content": "Actor is allowed to download a database, e.g. https://latest.datasette.io/fixtures.db \n \n \n resource - string \n \n The name of the database \n \n \n \n Default allow .", "breadcrumbs": "[\"Authentication and permissions\", \"Built-in permissions\"]", "references": "[{\"href\": \"https://latest.datasette.io/fixtures.db\", \"label\": \"https://latest.datasette.io/fixtures.db\"}]"}, "authentication~3Apermissions-view-instance": {"id": "authentication:permissions-view-instance", "page": "authentication", "ref": "permissions-view-instance", "title": "view-instance", "content": "Top level permission - Actor is allowed to view any pages within this instance, starting at https://latest.datasette.io/ \n Default allow .", "breadcrumbs": "[\"Authentication and permissions\", \"Built-in permissions\"]", "references": "[{\"href\": \"https://latest.datasette.io/\", \"label\": \"https://latest.datasette.io/\"}]"}, "authentication~3Apermissions-view-query": {"id": "authentication:permissions-view-query", "page": "authentication", "ref": "permissions-view-query", "title": "view-query", "content": "Actor is allowed to view (and execute) a canned query page, e.g. https://latest.datasette.io/fixtures/pragma_cache_size - this includes executing Writable canned queries . \n \n \n resource - tuple: (string, string) \n \n The name of the database, then the name of the canned query \n \n \n \n Default allow .", "breadcrumbs": "[\"Authentication and permissions\", \"Built-in permissions\"]", "references": "[{\"href\": \"https://latest.datasette.io/fixtures/pragma_cache_size\", \"label\": \"https://latest.datasette.io/fixtures/pragma_cache_size\"}]"}, "authentication~3Apermissions-view-table": {"id": "authentication:permissions-view-table", "page": "authentication", "ref": "permissions-view-table", "title": "view-table", "content": "Actor is allowed to view a table (or view) page, e.g. https://latest.datasette.io/fixtures/complex_foreign_keys \n \n \n resource - tuple: (string, string) \n \n The name of the database, then the name of the table \n \n \n \n Default allow .", "breadcrumbs": "[\"Authentication and permissions\", \"Built-in permissions\"]", "references": "[{\"href\": \"https://latest.datasette.io/fixtures/complex_foreign_keys\", \"label\": \"https://latest.datasette.io/fixtures/complex_foreign_keys\"}]"}, "authentication~3Apermissionsdebugview": {"id": "authentication:permissionsdebugview", "page": "authentication", "ref": "permissionsdebugview", "title": "The permissions debug tool", "content": "The debug tool at /-/permissions is only available to the authenticated root user (or any actor granted the permissions-debug action according to a plugin). \n It shows the thirty most recent permission checks that have been carried out by the Datasette instance. \n This is designed to help administrators and plugin authors understand exactly how permission checks are being carried out, in order to effectively configure Datasette's permission system.", "breadcrumbs": "[\"Authentication and permissions\"]", "references": "[]"}, "binary_data~3Abinary": {"id": "binary_data:binary", "page": "binary_data", "ref": "binary", "title": "Binary data", "content": "SQLite tables can contain binary data in BLOB columns. \n Datasette includes special handling for these binary values. The Datasette interface detects binary values and provides a link to download their content, for example on https://latest.datasette.io/fixtures/binary_data \n \n Binary data is represented in .json exports using Base64 encoding. \n https://latest.datasette.io/fixtures/binary_data.json?_shape=array \n [\n {\n \"rowid\": 1,\n \"data\": {\n \"$base64\": true,\n \"encoded\": \"FRwCx60F/g==\"\n }\n },\n {\n \"rowid\": 2,\n \"data\": {\n \"$base64\": true,\n \"encoded\": \"FRwDx60F/g==\"\n }\n },\n {\n \"rowid\": 3,\n \"data\": null\n }\n]", "breadcrumbs": "[]", "references": "[{\"href\": \"https://latest.datasette.io/fixtures/binary_data\", \"label\": \"https://latest.datasette.io/fixtures/binary_data\"}, {\"href\": \"https://latest.datasette.io/fixtures/binary_data.json?_shape=array\", \"label\": \"https://latest.datasette.io/fixtures/binary_data.json?_shape=array\"}]"}, "binary_data~3Abinary-linking": {"id": "binary_data:binary-linking", "page": "binary_data", "ref": "binary-linking", "title": "Linking to binary downloads", "content": "The .blob output format is used to return binary data. It requires a _blob_column= query string argument specifying which BLOB column should be downloaded, for example: \n https://latest.datasette.io/fixtures/binary_data/1.blob?_blob_column=data \n This output format can also be used to return binary data from an arbitrary SQL query. Since such queries do not specify an exact row, an additional ?_blob_hash= parameter can be used to specify the SHA-256 hash of the value that is being linked to. \n Consider the query select data from binary_data - demonstrated here . \n That page links to the binary value downloads. Those links look like this: \n https://latest.datasette.io/fixtures.blob?sql=select+data+from+binary_data&_blob_column=data&_blob_hash=f3088978da8f9aea479ffc7f631370b968d2e855eeb172bea7f6c7a04262bb6d \n These .blob links are also returned in the .csv exports Datasette provides for binary tables and queries, since the CSV format does not have a mechanism for representing binary data.", "breadcrumbs": "[\"Binary data\"]", "references": "[{\"href\": \"https://latest.datasette.io/fixtures/binary_data/1.blob?_blob_column=data\", \"label\": \"https://latest.datasette.io/fixtures/binary_data/1.blob?_blob_column=data\"}, {\"href\": \"https://latest.datasette.io/fixtures?sql=select+data+from+binary_data\", \"label\": \"demonstrated here\"}, {\"href\": \"https://latest.datasette.io/fixtures.blob?sql=select+data+from+binary_data&_blob_column=data&_blob_hash=f3088978da8f9aea479ffc7f631370b968d2e855eeb172bea7f6c7a04262bb6d\", \"label\": \"https://latest.datasette.io/fixtures.blob?sql=select+data+from+binary_data&_blob_column=data&_blob_hash=f3088978da8f9aea479ffc7f631370b968d2e855eeb172bea7f6c7a04262bb6d\"}]"}, "binary_data~3Abinary-plugins": {"id": "binary_data:binary-plugins", "page": "binary_data", "ref": "binary-plugins", "title": "Binary plugins", "content": "Several Datasette plugins are available that change the way Datasette treats binary data. \n \n \n datasette-render-binary modifies Datasette's default interface to show an automatic guess at what type of binary data is being stored, along with a visual representation of the binary value that displays ASCII strings directly in the interface. \n \n \n datasette-render-images detects common image formats and renders them as images directly in the Datasette interface. \n \n \n datasette-media allows Datasette interfaces to be configured to serve binary files from configured SQL queries, and includes the ability to resize images directly before serving them.", "breadcrumbs": "[\"Binary data\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette-render-binary\", \"label\": \"datasette-render-binary\"}, {\"href\": \"https://github.com/simonw/datasette-render-images\", \"label\": \"datasette-render-images\"}, {\"href\": \"https://github.com/simonw/datasette-media\", \"label\": \"datasette-media\"}]"}, "changelog~3Aasgi": {"id": "changelog:asgi", "page": "changelog", "ref": "asgi", "title": "ASGI", "content": "ASGI is the Asynchronous Server Gateway Interface standard. I've been wanting to convert Datasette into an ASGI application for over a year - Port Datasette to ASGI #272 tracks thirteen months of intermittent development - but with Datasette 0.29 the change is finally released. This also means Datasette now runs on top of Uvicorn and no longer depends on Sanic . \n I wrote about the significance of this change in Porting Datasette to ASGI, and Turtles all the way down . \n The most exciting consequence of this change is that Datasette plugins can now take advantage of the ASGI standard.", "breadcrumbs": "[\"Changelog\", \"0.29 (2019-07-07)\"]", "references": "[{\"href\": \"https://asgi.readthedocs.io/\", \"label\": \"ASGI\"}, {\"href\": \"https://github.com/simonw/datasette/issues/272\", \"label\": \"Port Datasette to ASGI #272\"}, {\"href\": \"https://www.uvicorn.org/\", \"label\": \"Uvicorn\"}, {\"href\": \"https://github.com/huge-success/sanic\", \"label\": \"Sanic\"}, {\"href\": \"https://simonwillison.net/2019/Jun/23/datasette-asgi/\", \"label\": \"Porting Datasette to ASGI, and Turtles all the way down\"}]"}, "changelog~3Aauthentication": {"id": "changelog:authentication", "page": "changelog", "ref": "authentication", "title": "Authentication", "content": "Prior to this release the Datasette ecosystem has treated authentication as exclusively the realm of plugins, most notably through datasette-auth-github . \n 0.44 introduces Authentication and permissions as core Datasette concepts ( #699 ). This enables different plugins to share responsibility for authenticating requests - you might have one plugin that handles user accounts and another one that allows automated access via API keys, for example. \n You'll need to install plugins if you want full user accounts, but default Datasette can now authenticate a single root user with the new --root command-line option, which outputs a one-time use URL to authenticate as a root actor ( #784 ): \n $ datasette fixtures.db --root\nhttp://127.0.0.1:8001/-/auth-token?token=5b632f8cd44b868df625f5a6e2185d88eea5b22237fd3cc8773f107cc4fd6477\nINFO: Started server process [14973]\nINFO: Waiting for application startup.\nINFO: Application startup complete.\nINFO: Uvicorn running on http://127.0.0.1:8001 (Press CTRL+C to quit) \n Plugins can implement new ways of authenticating users using the new actor_from_request(datasette, request) hook.", "breadcrumbs": "[\"Changelog\", \"0.44 (2020-06-11)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette-auth-github\", \"label\": \"datasette-auth-github\"}, {\"href\": \"https://github.com/simonw/datasette/issues/699\", \"label\": \"#699\"}, {\"href\": \"https://github.com/simonw/datasette/issues/784\", \"label\": \"#784\"}]"}, "changelog~3Abetter-plugin-documentation": {"id": "changelog:better-plugin-documentation", "page": "changelog", "ref": "better-plugin-documentation", "title": "Better plugin documentation", "content": "The plugin documentation has been re-arranged into four sections, including a brand new section on testing plugins. ( #687 ) \n \n \n Plugins introduces Datasette's plugin system and describes how to install and configure plugins. \n \n \n Writing plugins describes how to author plugins, from one-off single file plugins to packaged plugins that can be published to PyPI. It also describes how to start a plugin using the new datasette-plugin cookiecutter template. \n \n \n Plugin hooks is a full list of detailed documentation for every Datasette plugin hook. \n \n \n Testing plugins describes how to write tests for Datasette plugins, using pytest and HTTPX .", "breadcrumbs": "[\"Changelog\", \"0.45 (2020-07-01)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/687\", \"label\": \"#687\"}, {\"href\": \"https://github.com/simonw/datasette-plugin\", \"label\": \"datasette-plugin\"}, {\"href\": \"https://docs.pytest.org/\", \"label\": \"pytest\"}, {\"href\": \"https://www.python-httpx.org/\", \"label\": \"HTTPX\"}]"}, "changelog~3Abinary-data": {"id": "changelog:binary-data", "page": "changelog", "ref": "binary-data", "title": "Binary data", "content": "SQLite tables can contain binary data in BLOB columns. Datasette now provides links for users to download this data directly from Datasette, and uses those links to make binary data available from CSV exports. See Binary data for more details. ( #1036 and #1034 ).", "breadcrumbs": "[\"Changelog\", \"0.51 (2020-10-31)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/1036\", \"label\": \"#1036\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1034\", \"label\": \"#1034\"}]"}, "changelog~3Abug-fixes": {"id": "changelog:bug-fixes", "page": "changelog", "ref": "bug-fixes", "title": "Bug fixes", "content": "Don't show the facet option in the cog menu if faceting is not allowed. ( #1683 ) \n \n \n ?_sort and ?_sort_desc now work if the column that is being sorted has been excluded from the query using ?_col= or ?_nocol= . ( #1773 ) \n \n \n Fixed bug where ?_sort_desc was duplicated in the URL every time the Apply button was clicked. ( #1738 )", "breadcrumbs": "[\"Changelog\", \"0.62 (2022-08-14)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/1683\", \"label\": \"#1683\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1773\", \"label\": \"#1773\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1738\", \"label\": \"#1738\"}]"}, "changelog~3Abug-fixes-and-other-improvements": {"id": "changelog:bug-fixes-and-other-improvements", "page": "changelog", "ref": "bug-fixes-and-other-improvements", "title": "Bug fixes and other improvements", "content": "Custom pages now work correctly when combined with the base_url setting. ( #1238 ) \n \n \n Fixed intermittent error displaying the index page when the user did not have permission to access one of the tables. Thanks, Guy Freeman. ( #1305 ) \n \n \n Columns with the name \"Link\" are no longer incorrectly displayed in bold. ( #1308 ) \n \n \n Fixed error caused by tables with a single quote in their names. ( #1257 ) \n \n \n Updated dependencies: pytest-asyncio , Black , jinja2 , aiofiles , click , and itsdangerous . \n \n \n The official Datasette Docker image now supports apt-get install . ( #1320 ) \n \n \n The Heroku runtime used by datasette publish heroku is now python-3.8.10 .", "breadcrumbs": "[\"Changelog\", \"0.57 (2021-06-05)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/1238\", \"label\": \"#1238\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1305\", \"label\": \"#1305\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1308\", \"label\": \"#1308\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1257\", \"label\": \"#1257\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1320\", \"label\": \"#1320\"}]"}, "changelog~3Acode-formatting-with-black-and-prettier": {"id": "changelog:code-formatting-with-black-and-prettier", "page": "changelog", "ref": "code-formatting-with-black-and-prettier", "title": "Code formatting with Black and Prettier", "content": "Datasette adopted Black for opinionated Python code formatting in June 2019. Datasette now also embraces Prettier for JavaScript formatting, which like Black is enforced by tests in continuous integration. Instructions for using these two tools can be found in the new section on Code formatting in the contributors documentation. ( #1167 )", "breadcrumbs": "[\"Changelog\", \"0.54 (2021-01-25)\"]", "references": "[{\"href\": \"https://github.com/psf/black\", \"label\": \"Black\"}, {\"href\": \"https://prettier.io/\", \"label\": \"Prettier\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1167\", \"label\": \"#1167\"}]"}, "changelog~3Acontrol-http-caching-with-ttl": {"id": "changelog:control-http-caching-with-ttl", "page": "changelog", "ref": "control-http-caching-with-ttl", "title": "Control HTTP caching with ?_ttl=", "content": "You can now customize the HTTP max-age header that is sent on a per-URL basis, using the new ?_ttl= query string parameter. \n You can set this to any value in seconds, or you can set it to 0 to disable HTTP caching entirely. \n Consider for example this query which returns a randomly selected member of the Avengers: \n select * from [avengers/avengers] order by random() limit 1 \n If you hit the following page repeatedly you will get the same result, due to HTTP caching: \n /fivethirtyeight?sql=select+*+from+%5Bavengers%2Favengers%5D+order+by+random%28%29+limit+1 \n By adding ?_ttl=0 to the zero you can ensure the page will not be cached and get back a different super hero every time: \n /fivethirtyeight?sql=select+*+from+%5Bavengers%2Favengers%5D+order+by+random%28%29+limit+1&_ttl=0", "breadcrumbs": "[\"Changelog\", \"0.23 (2018-06-18)\"]", "references": "[{\"href\": \"https://fivethirtyeight.datasettes.com/fivethirtyeight?sql=select+*+from+%5Bavengers%2Favengers%5D+order+by+random%28%29+limit+1\", \"label\": \"/fivethirtyeight?sql=select+*+from+%5Bavengers%2Favengers%5D+order+by+random%28%29+limit+1\"}, {\"href\": \"https://fivethirtyeight.datasettes.com/fivethirtyeight?sql=select+*+from+%5Bavengers%2Favengers%5D+order+by+random%28%29+limit+1&_ttl=0\", \"label\": \"/fivethirtyeight?sql=select+*+from+%5Bavengers%2Favengers%5D+order+by+random%28%29+limit+1&_ttl=0\"}]"}, "changelog~3Acookie-methods": {"id": "changelog:cookie-methods", "page": "changelog", "ref": "cookie-methods", "title": "Cookie methods", "content": "Plugins can now use the new response.set_cookie() method to set cookies. \n A new request.cookies method on the :ref:internals_request` can be used to read incoming cookies.", "breadcrumbs": "[\"Changelog\", \"0.44 (2020-06-11)\"]", "references": "[]"}, "changelog~3Acsrf-protection": {"id": "changelog:csrf-protection", "page": "changelog", "ref": "csrf-protection", "title": "CSRF protection", "content": "Since writable canned queries are built using POST forms, Datasette now ships with CSRF protection ( #798 ). This applies automatically to any POST request, which means plugins need to include a csrftoken in any POST forms that they render. They can do that like so: \n ", "breadcrumbs": "[\"Changelog\", \"0.44 (2020-06-11)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/798\", \"label\": \"#798\"}]"}, "changelog~3Acsv-export": {"id": "changelog:csv-export", "page": "changelog", "ref": "csv-export", "title": "CSV export", "content": "Any Datasette table, view or custom SQL query can now be exported as CSV. \n \n Check out the CSV export documentation for more details, or\n try the feature out on\n https://fivethirtyeight.datasettes.com/fivethirtyeight/bechdel%2Fmovies \n If your table has more than max_returned_rows (default 1,000)\n Datasette provides the option to stream all rows . This option takes advantage\n of async Python and Datasette's efficient pagination to\n iterate through the entire matching result set and stream it back as a\n downloadable CSV file.", "breadcrumbs": "[\"Changelog\", \"0.23 (2018-06-18)\"]", "references": "[{\"href\": \"https://fivethirtyeight.datasettes.com/fivethirtyeight/bechdel%2Fmovies\", \"label\": \"https://fivethirtyeight.datasettes.com/fivethirtyeight/bechdel%2Fmovies\"}]"}, "changelog~3Adocumentation": {"id": "changelog:documentation", "page": "changelog", "ref": "documentation", "title": "Documentation", "content": "New tutorial: Cleaning data with sqlite-utils and Datasette . \n \n \n Screenshots in the documentation are now maintained using shot-scraper , as described in Automating screenshots for the Datasette documentation using shot-scraper . ( #1844 ) \n \n \n More detailed command descriptions on the CLI reference page. ( #1787 ) \n \n \n New documentation on Running Datasette using OpenRC - thanks, Adam Simpson. ( #1825 )", "breadcrumbs": "[\"Changelog\", \"0.63 (2022-10-27)\"]", "references": "[{\"href\": \"https://datasette.io/tutorials/clean-data\", \"label\": \"Cleaning data with sqlite-utils and Datasette\"}, {\"href\": \"https://shot-scraper.datasette.io/\", \"label\": \"shot-scraper\"}, {\"href\": \"https://simonwillison.net/2022/Oct/14/automating-screenshots/\", \"label\": \"Automating screenshots for the Datasette documentation using shot-scraper\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1844\", \"label\": \"#1844\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1787\", \"label\": \"#1787\"}, {\"href\": \"https://github.com/simonw/datasette/pull/1825\", \"label\": \"#1825\"}]"}, "changelog~3Afacet-by-date": {"id": "changelog:facet-by-date", "page": "changelog", "ref": "facet-by-date", "title": "Facet by date", "content": "If a column contains datetime values, Datasette can now facet that column by date. ( #481 )", "breadcrumbs": "[\"Changelog\", \"0.29 (2019-07-07)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/481\", \"label\": \"#481\"}]"}, "changelog~3Afaceting": {"id": "changelog:faceting", "page": "changelog", "ref": "faceting", "title": "Faceting", "content": "The number of unique values in a facet is now always displayed. Previously it was only displayed if the user specified ?_facet_size=max . ( #1556 ) \n \n \n Facets of type date or array can now be configured in metadata.json , see Facets in metadata.json . Thanks, David Larlet. ( #1552 ) \n \n \n New ?_nosuggest=1 parameter for table views, which disables facet suggestion. ( #1557 ) \n \n \n Fixed bug where ?_facet_array=tags&_facet=tags would only display one of the two selected facets. ( #625 )", "breadcrumbs": "[\"Changelog\", \"0.60 (2022-01-13)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/1556\", \"label\": \"#1556\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1552\", \"label\": \"#1552\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1557\", \"label\": \"#1557\"}, {\"href\": \"https://github.com/simonw/datasette/issues/625\", \"label\": \"#625\"}]"}, "changelog~3Afeatures": {"id": "changelog:features", "page": "changelog", "ref": "features", "title": "Features", "content": "Now tested against Python 3.11. Docker containers used by datasette publish and datasette package both now use that version of Python. ( #1853 ) \n \n \n --load-extension option now supports entrypoints. Thanks, Alex Garcia. ( #1789 ) \n \n \n Facet size can now be set per-table with the new facet_size table metadata option. ( #1804 ) \n \n \n The truncate_cells_html setting now also affects long URLs in columns. ( #1805 ) \n \n \n The non-JavaScript SQL editor textarea now increases height to fit the SQL query. ( #1786 ) \n \n \n Facets are now displayed with better line-breaks in long values. Thanks, Daniel Rech. ( #1794 ) \n \n \n The settings.json file used in Configuration directory mode is now validated on startup. ( #1816 ) \n \n \n SQL queries can now include leading SQL comments, using /* ... */ or -- ... syntax. Thanks, Charles Nepote. ( #1860 ) \n \n \n SQL query is now re-displayed when terminated with a time limit error. ( #1819 ) \n \n \n The inspect data mechanism is now used to speed up server startup - thanks, Forest Gregg. ( #1834 ) \n \n \n In Configuration directory mode databases with filenames ending in .sqlite or .sqlite3 are now automatically added to the Datasette instance. ( #1646 ) \n \n \n Breadcrumb navigation display now respects the current user's permissions. ( #1831 )", "breadcrumbs": "[\"Changelog\", \"0.63 (2022-10-27)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/1853\", \"label\": \"#1853\"}, {\"href\": \"https://github.com/simonw/datasette/pull/1789\", \"label\": \"#1789\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1804\", \"label\": \"#1804\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1805\", \"label\": \"#1805\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1786\", \"label\": \"#1786\"}, {\"href\": \"https://github.com/simonw/datasette/pull/1794\", \"label\": \"#1794\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1816\", \"label\": \"#1816\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1860\", \"label\": \"#1860\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1819\", \"label\": \"#1819\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1834\", \"label\": \"#1834\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1646\", \"label\": \"#1646\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1831\", \"label\": \"#1831\"}]"}, "changelog~3Aflash-messages": {"id": "changelog:flash-messages", "page": "changelog", "ref": "flash-messages", "title": "Flash messages", "content": "Writable canned queries needed a mechanism to let the user know that the query has been successfully executed. The new flash messaging system ( #790 ) allows messages to persist in signed cookies which are then displayed to the user on the next page that they visit. Plugins can use this mechanism to display their own messages, see .add_message(request, message, type=datasette.INFO) for details. \n You can try out the new messages using the /-/messages debug tool, for example at https://latest.datasette.io/-/messages", "breadcrumbs": "[\"Changelog\", \"0.44 (2020-06-11)\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/790\", \"label\": \"#790\"}, {\"href\": \"https://latest.datasette.io/-/messages\", \"label\": \"https://latest.datasette.io/-/messages\"}]"}, "changelog~3Aforeign-key-expansions": {"id": "changelog:foreign-key-expansions", "page": "changelog", "ref": "foreign-key-expansions", "title": "Foreign key expansions", "content": "When Datasette detects a foreign key reference it attempts to resolve a label\n for that reference (automatically or using the Specifying the label column for a table metadata\n option) so it can display a link to the associated row. \n This expansion is now also available for JSON and CSV representations of the\n table, using the new _labels=on query string option. See\n Expanding foreign key references for more details.", "breadcrumbs": "[\"Changelog\", \"0.23 (2018-06-18)\"]", "references": "[]"}, "changelog~3Aid1": {"id": "changelog:id1", "page": "changelog", "ref": "id1", "title": "Changelog", "content": "", "breadcrumbs": "[]", "references": "[]"}, "changelog~3Aid10": {"id": "changelog:id10", "page": "changelog", "ref": "id10", "title": "0.64.3 (2023-04-27)", "content": "Added pip and setuptools as explicit dependencies. This fixes a bug where Datasette could not be installed using Rye . ( #2065 )", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/mitsuhiko/rye\", \"label\": \"Rye\"}, {\"href\": \"https://github.com/simonw/datasette/issues/2065\", \"label\": \"#2065\"}]"}, "changelog~3Aid105": {"id": "changelog:id105", "page": "changelog", "ref": "id105", "title": "0.23.2 (2018-07-07)", "content": "Minor bugfix and documentation release. \n \n \n CSV export now respects --cors , fixes #326 \n \n \n Installation instructions , including docker image - closes #328 \n \n \n Fix for row pages for tables with / in, closes #325", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/326\", \"label\": \"#326\"}, {\"href\": \"https://github.com/simonw/datasette/issues/328\", \"label\": \"#328\"}, {\"href\": \"https://github.com/simonw/datasette/issues/325\", \"label\": \"#325\"}]"}, "changelog~3Aid109": {"id": "changelog:id109", "page": "changelog", "ref": "id109", "title": "0.23.1 (2018-06-21)", "content": "Minor bugfix release. \n \n \n Correctly display empty strings in HTML table, closes #314 \n \n \n Allow \".\" in database filenames, closes #302 \n \n \n 404s ending in slash redirect to remove that slash, closes #309 \n \n \n Fixed incorrect display of compound primary keys with foreign key\n references. Closes #319 \n \n \n Docs + example of canned SQL query using || concatenation. Closes #321 \n \n \n Correctly display facets with value of 0 - closes #318 \n \n \n Default 'expand labels' to checked in CSV advanced export", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/314\", \"label\": \"#314\"}, {\"href\": \"https://github.com/simonw/datasette/issues/302\", \"label\": \"#302\"}, {\"href\": \"https://github.com/simonw/datasette/issues/309\", \"label\": \"#309\"}, {\"href\": \"https://github.com/simonw/datasette/issues/319\", \"label\": \"#319\"}, {\"href\": \"https://github.com/simonw/datasette/issues/321\", \"label\": \"#321\"}, {\"href\": \"https://github.com/simonw/datasette/issues/318\", \"label\": \"#318\"}]"}, "changelog~3Aid11": {"id": "changelog:id11", "page": "changelog", "ref": "id11", "title": "0.64.2 (2023-03-08)", "content": "Fixed a bug with datasette publish cloudrun where deploys all used the same Docker image tag. This was mostly inconsequential as the service is deployed as soon as the image has been pushed to the registry, but could result in the incorrect image being deployed if two different deploys for two separate services ran at exactly the same time. ( #2036 )", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/2036\", \"label\": \"#2036\"}]"}, "changelog~3Aid116": {"id": "changelog:id116", "page": "changelog", "ref": "id116", "title": "0.23 (2018-06-18)", "content": "This release features CSV export, improved options for foreign key expansions,\n new configuration settings and improved support for SpatiaLite. \n See datasette/compare/0.22.1...0.23 for a full list of\n commits added since the last release.", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/compare/0.22.1...0.23\", \"label\": \"datasette/compare/0.22.1...0.23\"}]"}, "changelog~3Aid117": {"id": "changelog:id117", "page": "changelog", "ref": "id117", "title": "0.22.1 (2018-05-23)", "content": "Bugfix release, plus we now use versioneer for our version numbers. \n \n \n Faceting no longer breaks pagination, fixes #282 \n \n \n Add __version_info__ derived from __version__ [Robert Gieseke] \n This might be tuple of more than two values (major and minor\n version) if commits have been made after a release. \n \n \n Add version number support with Versioneer. [Robert Gieseke] \n Versioneer Licence:\n Public Domain (CC0-1.0) \n Closes #273 \n \n \n Refactor inspect logic [Russ Garrett]", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/warner/python-versioneer\", \"label\": \"versioneer\"}, {\"href\": \"https://github.com/simonw/datasette/issues/282\", \"label\": \"#282\"}, {\"href\": \"https://github.com/simonw/datasette/issues/273\", \"label\": \"#273\"}]"}, "changelog~3Aid12": {"id": "changelog:id12", "page": "changelog", "ref": "id12", "title": "0.64.1 (2023-01-11)", "content": "Documentation now links to a current source of information for installing Python 3. ( #1987 ) \n \n \n Incorrectly calling the Datasette constructor using Datasette(\"path/to/data.db\") instead of Datasette([\"path/to/data.db\"]) now returns a useful error message. ( #1985 )", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/1987\", \"label\": \"#1987\"}, {\"href\": \"https://github.com/simonw/datasette/issues/1985\", \"label\": \"#1985\"}]"}, "changelog~3Aid120": {"id": "changelog:id120", "page": "changelog", "ref": "id120", "title": "0.22 (2018-05-20)", "content": "The big new feature in this release is Facets . Datasette can now apply faceted browse to any column in any table. It will also suggest possible facets. See the Datasette Facets announcement post for more details. \n In addition to the work on facets: \n \n \n Added docs for introspection endpoints \n \n \n New --config option, added --help-config , closes #274 \n Removed the --page_size= argument to datasette serve in favour of: \n datasette serve --config default_page_size:50 mydb.db \n Added new help section: \n $ datasette --help-config\nConfig options:\n default_page_size Default page size for the table view\n (default=100)\n max_returned_rows Maximum rows that can be returned from a table\n or custom query (default=1000)\n sql_time_limit_ms Time limit for a SQL query in milliseconds\n (default=1000)\n default_facet_size Number of values to return for requested facets\n (default=30)\n facet_time_limit_ms Time limit for calculating a requested facet\n (default=200)\n facet_suggest_time_limit_ms Time limit for calculating a suggested facet\n (default=50) \n \n \n Only apply responsive table styles to .rows-and-column \n Otherwise they interfere with tables in the description, e.g. on\n https://fivethirtyeight.datasettes.com/fivethirtyeight/nba-elo%2Fnbaallelo \n \n \n Refactored views into new views/ modules, refs #256 \n \n \n Documentation for SQLite full-text search support, closes #253 \n \n \n /-/versions now includes SQLite fts_versions , closes #252", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://simonwillison.net/2018/May/20/datasette-facets/\", \"label\": \"Datasette Facets\"}, {\"href\": \"https://docs.datasette.io/en/stable/introspection.html\", \"label\": \"docs for introspection endpoints\"}, {\"href\": \"https://github.com/simonw/datasette/issues/274\", \"label\": \"#274\"}, {\"href\": \"https://fivethirtyeight.datasettes.com/fivethirtyeight/nba-elo%2Fnbaallelo\", \"label\": \"https://fivethirtyeight.datasettes.com/fivethirtyeight/nba-elo%2Fnbaallelo\"}, {\"href\": \"https://github.com/simonw/datasette/issues/256\", \"label\": \"#256\"}, {\"href\": \"https://docs.datasette.io/en/stable/full_text_search.html\", \"label\": \"Documentation for SQLite full-text search\"}, {\"href\": \"https://github.com/simonw/datasette/issues/253\", \"label\": \"#253\"}, {\"href\": \"https://github.com/simonw/datasette/issues/252\", \"label\": \"#252\"}]"}, "changelog~3Aid125": {"id": "changelog:id125", "page": "changelog", "ref": "id125", "title": "0.21 (2018-05-05)", "content": "New JSON _shape= options, the ability to set table _size= and a mechanism for searching within specific columns. \n \n \n Default tests to using a longer timelimit \n Every now and then a test will fail in Travis CI on Python 3.5 because it hit\n the default 20ms SQL time limit. \n Test fixtures now default to a 200ms time limit, and we only use the 20ms time\n limit for the specific test that tests query interruption. This should make\n our tests on Python 3.5 in Travis much more stable. \n \n \n Support _search_COLUMN=text searches, closes #237 \n \n \n Show version on /-/plugins page, closes #248 \n \n \n ?_size=max option, closes #249 \n \n \n Added /-/versions and /-/versions.json , closes #244 \n Sample output: \n {\n \"python\": {\n \"version\": \"3.6.3\",\n \"full\": \"3.6.3 (default, Oct 4 2017, 06:09:38) \\n[GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.37)]\"\n },\n \"datasette\": {\n \"version\": \"0.20\"\n },\n \"sqlite\": {\n \"version\": \"3.23.1\",\n \"extensions\": {\n \"json1\": null,\n \"spatialite\": \"4.3.0a\"\n }\n }\n} \n \n \n Renamed ?_sql_time_limit_ms= to ?_timelimit , closes #242 \n \n \n New ?_shape=array option + tweaks to _shape , closes #245 \n \n \n Default is now ?_shape=arrays (renamed from lists ) \n \n \n New ?_shape=array returns an array of objects as the root object \n \n \n Changed ?_shape=object to return the object as the root \n \n \n Updated docs \n \n \n \n \n FTS tables now detected by inspect() , closes #240 \n \n \n New ?_size=XXX query string parameter for table view, closes #229 \n Also added documentation for all of the _special arguments. \n Plus deleted some duplicate logic implementing _group_count . \n \n \n If max_returned_rows==page_size , increment max_returned_rows - fixes #230 \n \n \n New hidden: True option for table metadata, closes #239 \n \n \n Hide idx_* tables if spatialite detected, closes #228 \n \n \n Added class=rows-and-columns to custom query results table \n \n \n Added CSS class rows-and-columns to main table \n \n \n label_column option in metadata.json - closes #234", "breadcrumbs": "[\"Changelog\"]", "references": "[{\"href\": \"https://github.com/simonw/datasette/issues/237\", \"label\": \"#237\"}, {\"href\": \"https://github.com/simonw/datasette/issues/248\", \"label\": \"#248\"}, {\"href\": \"https://github.com/simonw/datasette/issues/249\", \"label\": \"#249\"}, {\"href\": \"https://github.com/simonw/datasette/issues/244\", \"label\": \"#244\"}, {\"href\": \"https://github.com/simonw/datasette/issues/242\", \"label\": \"#242\"}, {\"href\": \"https://github.com/simonw/datasette/issues/245\", \"label\": \"#245\"}, {\"href\": \"https://github.com/simonw/datasette/issues/240\", \"label\": \"#240\"}, {\"href\": \"https://github.com/simonw/datasette/issues/229\", \"label\": \"#229\"}, {\"href\": \"https://github.com/simonw/datasette/issues/230\", \"label\": \"#230\"}, {\"href\": \"https://github.com/simonw/datasette/issues/239\", \"label\": \"#239\"}, {\"href\": \"https://github.com/simonw/datasette/issues/228\", \"label\": \"#228\"}, {\"href\": \"https://github.com/simonw/datasette/issues/234\", \"label\": \"#234\"}]"}, "changelog~3Aid13": {"id": "changelog:id13", "page": "changelog", "ref": "id13", "title": "0.64 (2023-01-09)", "content": "Datasette now strongly recommends against allowing arbitrary SQL queries if you are using SpatiaLite . SpatiaLite includes SQL functions that could cause the Datasette server to crash. See SpatiaLite for more details. \n \n \n New default_allow_sql setting, providing an easier way to disable all arbitrary SQL execution by end users: datasette --setting default_allow_sql off . See also Controlling the ability to execute arbitrary SQL . ( #1409 ) \n \n \n Building a location to time zone API with SpatiaLite is a new Datasette tutorial showing how to safely use SpatiaLite to create a location to time zone API. \n \n \n New documentation about how to debug problems loading SQLite extensions . The error message shown when an extension cannot be loaded has also been improved. ( #1979 ) \n \n \n Fixed an accessibility issue: the