Advanced permission management for Datasette

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for simonw from gravatar.com simonw

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Simon Willison
  • Requires: Python >=3.8
  • Provides-Extra: test
Classifiers

Project description

datasette-acl

PyPI Changelog Tests License

Advanced permission management for Datasette. Highly experimental.

Installation

Install this plugin in the same environment as Datasette.

datasette install datasette-acl

Usage

This plugin is under active development. For the moment, it only supports defining permissions for tables against dynamic groups, described below.

Permissions are saved in the internal database. This means you should run Datasette with the --internal path/to/internal.db option, otherwise your permissions will be reset every time you restart Datasette.

Users with the new datasette-acl permission will have the ability to access a UI for setting permissions for groups on a table.

To configure the root user to have this permission, add the following to your Datasette configuration:

permissions:
  datasette-acl:
    id: root

Alternatively you can start Datasette running like this:

datasette mydata.db --root --internal internal.db \
  -s permissions.datasette-acl.id root

Dynamic groups

You may wish to define permission rules against groups of actors based on their actor attributes, without needing to manually add those actors to a group. This can be achieved by defining a dynamic group in the datasette-acl configuration.

Dynamic groups are defined in terms of allow blocks. The following configuration defines two dynamic groups - one called admin that contains all users with "is_admin": true in their attributes, and another called sales that explicitly lists the users with "sales" as one of the values in their department array.

plugins:
  datasette-acl:
    dynamic-groups:
      admin:
        is_admin": true
      sales:
        department: ["sales"]

Any time an actor has their permissions checked they will be dynamically added to or removed from these groups based on the current value of their actor attributes.

Development

To set up this plugin locally, first checkout the code. Then create a new virtual environment:

cd datasette-acl
python -m venv venv
source venv/bin/activate

Now install the dependencies and test dependencies:

pip install -e '.[test]'

To run the tests:

python -m pytest

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for simonw from gravatar.com simonw

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Simon Willison
  • Requires: Python >=3.8
  • Provides-Extra: test
Classifiers

Release history Release notifications | RSS feed

0.4a4 pre-release

0.4a3 pre-release

0.4a2 pre-release

0.4a1 pre-release

0.4a0 pre-release

0.3a0 pre-release

0.2a0 pre-release

This version

0.1a0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

datasette_acl-0.1a0.tar.gz (11.2 kB view hashes)

Uploaded Source

Built Distribution

datasette_acl-0.1a0-py3-none-any.whl (10.6 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page