Weeknotes, I guess
What a week. Hard to work up the enthusiasm to write about what I’ve been working on.
I’ve mainly been pushing towards shipping a Datasette release with writeable canned queries. This lead me down various other rabbit holes.
Once you can write to a database, authentication and permissions become more than just a nice-to-have. I’ve used plugins for this in the past (datasette-auth-github and datasette-auth-existing-cookies), but to allow these plugins to work together with other features it makes sense to bring the concept of authentications and permission checks into Datasette core.
Issue #699 tracks my thinking on this. I’ve landed two new plugin hooks: actor_from_request, which lets plugins decide if the request is from an authenticated actor (a logged-in user or an authenticated API key of some sort) and permission_allowed which can answer if an actor is allowed to perform a specific action on a resource.
When you perform a write, I need to let you know if it worked or not. Django has messages, Flask calls them flash messages. I’ve now added these to Datasette, using signed cookies. The new /-/messages debug tool lets you try them out and see how they work.
New milestone: Datasette 1.0
Writeable canned queries are the last major feature I want to add before Datasette 1.0. I’ve put some notes together on what this means: essentially I want 1.0 to signify that plugin builders and template authors can develop against Datasette with confidence that their stuff won’t break until at least 2.0. I also started a Datasette 1.0 milestone.