datasette-sqlite-authorizer by datasette
70 downloads this week Star
README source code
Configure Datasette to block operations using the SQLite set_authorizer mechanism
Install this plugin in the same environment as Datasette.
datasette install datasette-sqlite-authorizer
This plugin currently offers a single configuration option: read_only_tables
. You can use this to specify a list of tables that should be read-only.
If a table is read-only, any attempt to write to it - insert
, update
, delete
, drop table
, alter table
- will be denied with an error message.
To configure read-only tables, add the following to your metadata.yaml
file:
plugins:
datasette-sqlite-authorizer:
read_only_tables:
- table: my_table
database: my_database
You can omit the database
key if you want to apply the same rule to all databases.
Here's how to use this plugin to make all tables relating to Litestream synchronization read-only, across all attached databases:
plugins:
datasette-sqlite-authorizer:
read_only_tables:
- table: _litestream_lock
- table: _litestream_seq
To enable debug output (to standard error) for specific action checks, add them to a debug_actions
list. For example, to log all SQLITE_INSERT
actions:
plugins:
datasette-sqlite-authorizer:
debug_actions:
- SQLITE_INSERT
- SQLITE_DELETE
Logged output will look something like this:
authorizer: {"action": "SQLITE_INSERT", "arg1": "foo", "arg2": null, "db_name": "main", "trigger_name": null, "result": "OK"}
authorizer: {"action": "SQLITE_DELETE", "arg1": "foo", "arg2": null, "db_name": "main", "trigger_name": null, "result": "OK"}
To set up this plugin locally, first checkout the code. Then create a new virtual environment:
cd datasette-sqlite-authorizer
python3 -m venv venv
source venv/bin/activate
Now install the dependencies and test dependencies:
pip install -e '.[test]'
To run the tests:
pytest