sections: plugin_hooks:plugin-hook-permission-allowed
This data as json
id | page | ref | title | content | breadcrumbs | references |
---|---|---|---|---|---|---|
plugin_hooks:plugin-hook-permission-allowed | plugin_hooks | plugin-hook-permission-allowed | permission_allowed(datasette, actor, action, resource) | datasette - Datasette class You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name) , or to execute SQL queries. actor - dictionary The current actor, as decided by actor_from_request(datasette, request) . action - string The action to be performed, e.g. "edit-table" . resource - string or None An identifier for the individual resource, e.g. the name of the table. Called to check that an actor has permission to perform an action on a resource. Can return True if the action is allowed, False if the action is not allowed or None if the plugin does not have an opinion one way or the other. Here's an example plugin which randomly selects if a permission should be allowed or denied, except for view-instance which always uses the default permission scheme instead. from datasette import hookimpl import random @hookimpl def permission_allowed(action): if action != "view-instance": # Return True or False at random return random.random() > 0.5 # Returning None falls back to default permissions This function can alternatively return an awaitable function which itself returns True , False or None . You can use this option if you need to execute additional database queries using await datasette.execute(...) . Here's an example that allows users to view the admin_log table only if their actor id is present in the admin_users table. It aso disallows arbitrary SQL queries for the staff.db database for all users. @hookimpl def permission_allowed(datasette, actor, action, resource): async def inner(): if action == "execute-sql" and resource == "staff": return False if action == "view-table" and resource == ( "staff", "admin_log", ): if not actor: return False user_id = actor["id"] return await datasette.get_database( "staff" ).execute( "select count(*) from admin_users where user_id = :user_id", {"user_id": user_id}, ) return inner See built-in permissions for a full list of permissions that are included in Datasette core. Example: datasette-permissions-sql | ["Plugin hooks"] | [{"href": "https://datasette.io/plugins/datasette-permissions-sql", "label": "datasette-permissions-sql"}] |