Simon Willison

I'm not 100% sure I'm right about all of this, needs more research before rewriting any code.

... I ended up NOT landing that bodged fix, but I'm leaving this issue open because I think there still may be an improvement to be made here. When a...

OK this is a mess. In this example the `.upsert()` fails to detect the primary key that exists on the table: ```pycon >>> db = sqlite_utils.Database(memory=True) >>> t = db.table("dogs").create({"id":...

There are three ways these settings (like the table primary key) might make it to the point in the code where they are needed: - Passed to the `db.table()` method,...

There are a few other things to consider here. Currently every Datasette permission is either attached to the whole instance, a database or a resource (in the table-or-canned-query definition) within...

It's a bit more complicated than that. The problem is that **some** resources are children of databases, such that granting e.g. `insert-row` permission at the database level allows that user...

If I *do* change the definition of `Permission` I think I do it as a hard break in one of the 1.0 alphas, such that I can be sure that...

The most important thing about resources is that they need to fit the permissions system at the database level. `datasette-acl` for example needs to record the resources that permissions have...

The biggest challenge here then is how to cleanly implement permission checks that say "if the user has insert-row on the data/incidents table OR has insert-row on the data database"...

It's pretty clear to me that "resource" *should* mean a database or a table or a query or another type of thing provided by a plugin - so that special...