mirror
/
datasette
kopia lustrzana https://github.com/simonw/datasette
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Require update-row to use insert replace, closes #2279

pull/2159/merge
Simon Willison 2024-02-19 12:55:51 -08:00
rodzic 3856a8cb24
commit b36a2d8f4b
3 zmienionych plików z 15 dodań i 2 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

5
datasette/views/table.py
Wyświetl plik

@ -485,6 +485,11 @@ class TableInsertView(BaseView):
if upsert and (ignore or replace):
return _error(["Upsert does not support ignore or replace"], 400)
if replace and not await self.ds.permission_allowed(
request.actor, "update-row", resource=(database_name, table_name)
):
return _error(['Permission denied: need update-row to use "replace"'], 403)
initial_schema = None
if alter:
# Must have alter-table permission

4
docs/json_api.rst
Wyświetl plik

@ -616,7 +616,7 @@ Pass ``"ignore": true`` to ignore these errors and insert the other rows:
"ignore": true
}
Or you can pass ``"replace": true`` to replace any rows with conflicting primary keys with the new values.
Or you can pass ``"replace": true`` to replace any rows with conflicting primary keys with the new values. This requires the :ref:`permissions_update_row` permission.
Pass ``"alter: true`` to automatically add any missing columns to the table. This requires the :ref:`permissions_alter_table` permission.
@ -854,7 +854,7 @@ The JSON here describes the table that will be created:
* ``pks`` can be used instead of ``pk`` to create a compound primary key. It should be a JSON list of column names to use in that primary key.
* ``ignore`` can be set to ``true`` to ignore existing rows by primary key if the table already exists.
* ``replace`` can be set to ``true`` to replace existing rows by primary key if the table already exists.
* ``replace`` can be set to ``true`` to replace existing rows by primary key if the table already exists. This requires the :ref:`permissions_update_row` permission.
* ``alter`` can be set to ``true`` if you want to automatically add any missing columns to the table. This requires the :ref:`permissions_alter_table` permission.
If the table is successfully created this will return a ``201`` status code and the following response:

8
tests/test_api_write.py
Wyświetl plik

@ -221,6 +221,14 @@ async def test_insert_rows(ds_write, return_rows):
400,
['Cannot use "ignore" and "replace" at the same time'],
),
(
# Replace is not allowed if you don't have update-row
"/data/docs/-/insert",
{"rows": [{"title": "Test"}], "replace": True},
"insert-but-not-update",
403,
['Permission denied: need update-row to use "replace"'],
),
(
"/data/docs/-/insert",
{"rows": [{"title": "Test"}], "invalid_param": True},