Dynamic groups feature #2

simonw · 2024-08-30T15:30:25Z

If there's no special mechanism for matching JSON on actors we could instead have code that dynamically adds or removes the actor from a group based on their JSON, matched against something in config? Then you could configure the plugin like this:
plugins:
  datasette-acl:
    dynamic-groups:
      admin:
        is_admin: true
Now any time we're about to run a permission check on an actor we first confirm that they are a member or NOT a member of the admin group based on matching them against that rule.

We can use actor_matches_allow(actor, allow) for that: https://github.com/simonw/datasette/blob/dc288056b81a3635bdb02a6d0121887db2720e5e/datasette/utils/__init__.py#L1025C5-L1026C1

Originally posted by @simonw in #1 (comment)

The text was updated successfully, but these errors were encountered:

Refs #2, #4

simonw added a commit that referenced this issue Aug 30, 2024

Dynamic groups feature - needs tests and docs, refs #2

91dc5f8

simonw added a commit that referenced this issue Aug 30, 2024

Tests for dynamic groups, refs #2

afa4b61

simonw closed this as completed in e520bff Aug 30, 2024

This was referenced Aug 30, 2024

Initial plugin design #1

Closed

UI for configuring just groups for a table #4

Closed

simonw added a commit that referenced this issue Aug 30, 2024

Populate dynamic groups in DB on startup

e339b19

Refs #2, #4

simonw added this to the Feature complete milestone Aug 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dynamic groups feature #2

Dynamic groups feature #2

simonw commented Aug 30, 2024

Dynamic groups feature #2

Dynamic groups feature #2

Comments

simonw commented Aug 30, 2024