datasette-edit-schema 0.7.1__tar.gz → 0.8a1__tar.gz

{datasette-edit-schema-0.7.1/datasette_edit_schema.egg-info → datasette-edit-schema-0.8a1}/PKG-INFO

@@ -1,14 +1,19 @@
 Metadata-Version: 2.1
 Name: datasette-edit-schema
-Version: 0.7.1
+Version: 0.8a1
 Summary: Datasette plugin for modifying table schemas
-Home-page: https://github.com/simonw/datasette-edit-schema
 Author: Simon Willison
-License: Apache License, Version 2.0
-Requires-Python: >=3.7
+License: Apache-2.0
+Project-URL: Homepage, https://datasette.io/plugins/datasette-edit-schema
+Project-URL: Changelog, https://github.com/simonw/datasette-edit-schema/releases
+Project-URL: Issues, https://github.com/simonw/datasette-edit-schema/issues
+Project-URL: CI, https://github.com/simonw/datasette-edit-schema/actions
+Classifier: Framework :: Datasette
+Classifier: License :: OSI Approved :: Apache Software License
+Requires-Python: >=3.8
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: datasette>=0.63
+Requires-Dist: datasette>=1.0a13
 Requires-Dist: sqlite-utils>=3.35
 Provides-Extra: test
 Requires-Dist: pytest; extra == "test"
@@ -25,6 +30,8 @@ Requires-Dist: html5lib; extra == "test"
 
 Datasette plugin for modifying table schemas
 
+> :warning: The latest alpha release depends on Datasette 1.09a. Use [version 0.7.1](https://github.com/simonw/datasette-edit-schema/blob/0.7.1/README.md) with older releases of Datasette.
+
 ## Features
 
 * Add new columns to a table
@@ -54,7 +61,9 @@ By default only [the root actor](https://datasette.readthedocs.io/en/stable/auth
 
 ## Permissions
 
-The `edit-schema` permission governs access. You can use permission plugins such as [datasette-permissions-sql](https://github.com/simonw/datasette-permissions-sql) to grant additional access to the write interface.
+The `edit-schema` permission provides access to all functionality.
+
+You can use permission plugins such as [datasette-permissions-sql](https://github.com/simonw/datasette-permissions-sql) to grant additional access to the write interface.
 
 These permission checks will call the `permission_allowed()` plugin hook with three arguments:
 
@@ -62,6 +71,38 @@ These permission checks will call the `permission_allowed()` plugin hook with th
 - `actor` will be the currently authenticated actor - usually a dictionary
 - `resource` will be the string name of the database
 
+You can instead use more finely-grained permissions from the default Datasette permissions collection:
+
+- `create-table` allows users to create a new table. The `resource` will be the name of the database.
+- `drop-table` allows users to drop a table. The `resource` will be a tuple of `(database_name, table_name)`.
+- `alter-table` allows users to alter a table. The `resource` will be a tuple of `(database_name, table_name)`.
+
+To rename a table a user must have both `drop-table` permission for that table and `create-table` permission for that database.
+
+For example, to configure Datasette to allow the user with ID `pelican` to create, alter and drop tables in the `marketing` database and to alter just the `notes` table in the `sales` database, you could use the following configuration:
+
+```yaml
+databases:
+  marketing:
+    permissions:
+      create-table:
+        id: pelican
+      drop-table:
+        id: pelican
+      alter-table:
+        id: pelican
+  sales:
+    tables:
+      notes:
+        permissions:
+          alter-table:
+            id: pelican
+```
+
+## Events
+
+This plugin fires `create-table`, `alter-table` and `drop-table` events when tables are modified, using the [Datasette Events](https://docs.datasette.io/en/latest/events.html) system introduced in [Datasette 1.0a8](https://docs.datasette.io/en/latest/changelog.html#a8-2024-02-07).
+
 ## Screenshot
 
 ![datasette-edit-schema interface](https://raw.githubusercontent.com/simonw/datasette-edit-schema/main/datasette-edit-schema.png)

datasette-edit-schema-0.7.1/PKG-INFO → datasette-edit-schema-0.8a1/README.md

@@ -1,21 +1,3 @@
-Metadata-Version: 2.1
-Name: datasette-edit-schema
-Version: 0.7.1
-Summary: Datasette plugin for modifying table schemas
-Home-page: https://github.com/simonw/datasette-edit-schema
-Author: Simon Willison
-License: Apache License, Version 2.0
-Requires-Python: >=3.7
-Description-Content-Type: text/markdown
-License-File: LICENSE
-Requires-Dist: datasette>=0.63
-Requires-Dist: sqlite-utils>=3.35
-Provides-Extra: test
-Requires-Dist: pytest; extra == "test"
-Requires-Dist: pytest-asyncio; extra == "test"
-Requires-Dist: beautifulsoup4; extra == "test"
-Requires-Dist: html5lib; extra == "test"
-
 # datasette-edit-schema
 
 [![PyPI](https://img.shields.io/pypi/v/datasette-edit-schema.svg)](https://pypi.org/project/datasette-edit-schema/)
@@ -25,6 +7,8 @@ Requires-Dist: html5lib; extra == "test"
 
 Datasette plugin for modifying table schemas
 
+> :warning: The latest alpha release depends on Datasette 1.09a. Use [version 0.7.1](https://github.com/simonw/datasette-edit-schema/blob/0.7.1/README.md) with older releases of Datasette.
+
 ## Features
 
 * Add new columns to a table
@@ -54,7 +38,9 @@ By default only [the root actor](https://datasette.readthedocs.io/en/stable/auth
 
 ## Permissions
 
-The `edit-schema` permission governs access. You can use permission plugins such as [datasette-permissions-sql](https://github.com/simonw/datasette-permissions-sql) to grant additional access to the write interface.
+The `edit-schema` permission provides access to all functionality.
+
+You can use permission plugins such as [datasette-permissions-sql](https://github.com/simonw/datasette-permissions-sql) to grant additional access to the write interface.
 
 These permission checks will call the `permission_allowed()` plugin hook with three arguments:
 
@@ -62,6 +48,38 @@ These permission checks will call the `permission_allowed()` plugin hook with th
 - `actor` will be the currently authenticated actor - usually a dictionary
 - `resource` will be the string name of the database
 
+You can instead use more finely-grained permissions from the default Datasette permissions collection:
+
+- `create-table` allows users to create a new table. The `resource` will be the name of the database.
+- `drop-table` allows users to drop a table. The `resource` will be a tuple of `(database_name, table_name)`.
+- `alter-table` allows users to alter a table. The `resource` will be a tuple of `(database_name, table_name)`.
+
+To rename a table a user must have both `drop-table` permission for that table and `create-table` permission for that database.
+
+For example, to configure Datasette to allow the user with ID `pelican` to create, alter and drop tables in the `marketing` database and to alter just the `notes` table in the `sales` database, you could use the following configuration:
+
+```yaml
+databases:
+  marketing:
+    permissions:
+      create-table:
+        id: pelican
+      drop-table:
+        id: pelican
+      alter-table:
+        id: pelican
+  sales:
+    tables:
+      notes:
+        permissions:
+          alter-table:
+            id: pelican
+```
+
+## Events
+
+This plugin fires `create-table`, `alter-table` and `drop-table` events when tables are modified, using the [Datasette Events](https://docs.datasette.io/en/latest/events.html) system introduced in [Datasette 1.0a8](https://docs.datasette.io/en/latest/changelog.html#a8-2024-02-07).
+
 ## Screenshot
 
 ![datasette-edit-schema interface](https://raw.githubusercontent.com/simonw/datasette-edit-schema/main/datasette-edit-schema.png)
@@ -85,4 +103,4 @@ pip install -e '.[test]'
 To run the tests:
 ```bash
 pytest
-```
+```

{datasette-edit-schema-0.7.1 → datasette-edit-schema-0.8a1}/datasette_edit_schema/__init__.py

@@ -1,4 +1,5 @@
 from datasette import hookimpl
+from datasette.events import CreateTableEvent, AlterTableEvent, DropTableEvent
 from datasette.utils.asgi import Response, NotFound, Forbidden
 from datasette.utils import sqlite3
 from urllib.parse import quote_plus, unquote_plus
@@ -11,6 +12,11 @@ from .utils import (
     potential_primary_keys,
 )
 
+try:
+    from datasette import events
+except ImportError:  # Pre Datasette 1.0a8
+    events = None
+
 # Don't attempt to detect foreign keys on tables larger than this:
 FOREIGN_KEY_DETECTION_LIMIT = 10_000
 
@@ -29,9 +35,7 @@ def permission_allowed(actor, action, resource):
 @hookimpl
 def table_actions(datasette, actor, database, table):
     async def inner():
-        if not await datasette.permission_allowed(
-            actor, "edit-schema", resource=database, default=False
-        ):
+        if not await can_alter_table(datasette, actor, database, table):
             return []
         return [
             {
@@ -39,18 +43,63 @@ def table_actions(datasette, actor, database, table):
                     "/-/edit-schema/{}/{}".format(database, quote_plus(table))
                 ),
                 "label": "Edit table schema",
+                "description": "Rename the table, add and remove columns...",
             }
         ]
 
     return inner
 
 
+async def can_create_table(datasette, actor, database):
+    if await datasette.permission_allowed(
+        actor, "edit-schema", resource=database, default=False
+    ):
+        return True
+    # Or maybe they have create-table
+    if await datasette.permission_allowed(
+        actor, "create-table", resource=database, default=False
+    ):
+        return True
+    return False
+
+
+async def can_alter_table(datasette, actor, database, table):
+    if await datasette.permission_allowed(
+        actor, "edit-schema", resource=database, default=False
+    ):
+        return True
+    if await datasette.permission_allowed(
+        actor, "alter-table", resource=(database, table), default=False
+    ):
+        return True
+    return False
+
+
+async def can_rename_table(datasette, actor, database, table):
+    if not await can_drop_table(datasette, actor, database, table):
+        return False
+    if not await can_create_table(datasette, actor, database):
+        return False
+    return True
+
+
+async def can_drop_table(datasette, actor, database, table):
+    if await datasette.permission_allowed(
+        actor, "edit-schema", resource=database, default=False
+    ):
+        return True
+    # Or maybe they have drop-table
+    if await datasette.permission_allowed(
+        actor, "drop-table", resource=(database, table), default=False
+    ):
+        return True
+    return False
+
+
 @hookimpl
 def database_actions(datasette, actor, database):
     async def inner():
-        if not await datasette.permission_allowed(
-            actor, "edit-schema", resource=database, default=False
-        ):
+        if not await can_create_table(datasette, actor, database):
             return []
         return [
             {
@@ -58,6 +107,7 @@ def database_actions(datasette, actor, database):
                     "/-/edit-schema/{}/-/create".format(database)
                 ),
                 "label": "Create a table",
+                "description": "Define a new table with specified columns",
             }
         ]
 
@@ -173,9 +223,9 @@ async def edit_schema_database(request, datasette):
 
 
 async def edit_schema_create_table(request, datasette):
-    databases = get_databases(datasette)
     database_name = request.url_vars["database"]
-    await check_permissions(datasette, request, database_name)
+    if not await can_create_table(datasette, request.actor, database_name):
+        raise Forbidden("Permission denied for create-table")
     try:
         db = datasette.get_database(database_name)
     except KeyError:
@@ -210,17 +260,18 @@ async def edit_schema_create_table(request, datasette):
         def create_the_table(conn):
             db = sqlite_utils.Database(conn)
             if not table_name.strip():
-                return "Table name is required"
+                return None, "Table name is required"
             if db[table_name].exists():
-                return "Table already exists"
+                return None, "Table already exists"
             try:
                 db[table_name].create(
                     create, pk=primary_key_name, not_null=(primary_key_name,)
                 )
+                return db[table_name].schema, None
             except Exception as e:
-                return str(e)
+                return None, str(e)
 
-        error = await db.execute_write_fn(create_the_table, block=True)
+        schema, error = await db.execute_write_fn(create_the_table, block=True)
 
         if error:
             datasette.add_message(request, str(error), datasette.ERROR)
@@ -228,6 +279,14 @@ async def edit_schema_create_table(request, datasette):
         else:
             datasette.add_message(request, "Table has been created")
             path = datasette.urls.table(database_name, table_name)
+            await datasette.track_event(
+                CreateTableEvent(
+                    actor=request.actor,
+                    database=database_name,
+                    table=table_name,
+                    schema=schema,
+                )
+            )
 
         return Response.redirect(path)
 
@@ -251,7 +310,10 @@ async def edit_schema_table(request, datasette):
     table = unquote_plus(request.url_vars["table"])
     databases = get_databases(datasette)
     database_name = request.url_vars["database"]
-    await check_permissions(datasette, request, database_name)
+
+    if not await can_alter_table(datasette, request.actor, database_name, table):
+        raise Forbidden("Permission denied for alter-table")
+
     try:
         database = [db for db in databases if db.name == database_name][0]
     except IndexError:
@@ -260,6 +322,29 @@ async def edit_schema_table(request, datasette):
         raise NotFound("Table not found")
 
     if request.method == "POST":
+
+        def get_schema(conn):
+            table_obj = sqlite_utils.Database(conn)[table]
+            if not table_obj.exists():
+                return None
+            return table_obj.schema
+
+        before_schema = await database.execute_fn(get_schema)
+
+        async def track_analytics():
+            after_schema = await database.execute_fn(get_schema)
+            # Don't track drop tables, which happen when after_schema is None
+            if after_schema is not None and after_schema != before_schema:
+                await datasette.track_event(
+                    AlterTableEvent(
+                        actor=request.actor,
+                        database=database_name,
+                        table=table,
+                        before_schema=before_schema,
+                        after_schema=after_schema,
+                    )
+                )
+
         formdata = await request.post_vars()
         if formdata.get("action") == "update_columns":
             types = {}
@@ -315,31 +400,35 @@ async def edit_schema_table(request, datasette):
             await database.execute_write_fn(transform_the_table, block=True)
 
             datasette.add_message(request, "Changes to table have been saved")
-
+            await track_analytics()
             return Response.redirect(request.path)
 
         if formdata.get("action") == "update_foreign_keys":
-            return await update_foreign_keys(
+            response = await update_foreign_keys(
                 request, datasette, database, table, formdata
             )
         elif formdata.get("action") == "update_primary_key":
-            return await update_primary_key(
+            response = await update_primary_key(
                 request, datasette, database, table, formdata
             )
-        elif "delete_table" in formdata:
-            return await delete_table(request, datasette, database, table)
+        elif "drop_table" in formdata:
+            response = await drop_table(request, datasette, database, table)
         elif "add_column" in formdata:
-            return await add_column(request, datasette, database, table, formdata)
+            response = await add_column(request, datasette, database, table, formdata)
         elif "rename_table" in formdata:
-            return await rename_table(request, datasette, database, table, formdata)
+            response = await rename_table(request, datasette, database, table, formdata)
         elif "add_index" in formdata:
             column = formdata.get("add_index_column") or ""
             unique = formdata.get("add_index_unique")
-            return await add_index(request, datasette, database, table, column, unique)
+            response = await add_index(
+                request, datasette, database, table, column, unique
+            )
         elif any(key.startswith("drop_index_") for key in formdata.keys()):
-            return await drop_index(request, datasette, database, table, formdata)
+            response = await drop_index(request, datasette, database, table, formdata)
         else:
-            return Response.html("Unknown operation", status=400)
+            response = Response.html("Unknown operation", status=400)
+        await track_analytics()
+        return response
 
     def get_columns_and_schema_and_fks_and_pks_and_indexes(conn):
         db = sqlite_utils.Database(conn)
@@ -354,10 +443,11 @@ async def edit_schema_table(request, datasette):
             textwrap.dedent(
                 """
         select group_concat(sql, ';
-        ') from sqlite_master where tbl_name = 'Orders'
+        ') from sqlite_master where tbl_name = ?
         order by type desc
         """
-            )
+            ),
+            [table],
         ).fetchone()[0]
         return columns, schema, t.foreign_keys, t.pks, t.indexes
 
@@ -394,19 +484,20 @@ async def edit_schema_table(request, datasette):
         (pair[0], pair[1]) for pair in other_primary_keys if pair[2] is str
     ]
 
-    column_foreign_keys = [
+    all_columns_to_manage_foreign_keys = [
         {
             "name": column["name"],
-            "foreign_key": foreign_keys_by_column.get(column["name"])[0]
-            if foreign_keys_by_column.get(column["name"])
-            else None,
+            "foreign_key": (
+                foreign_keys_by_column.get(column["name"])[0]
+                if foreign_keys_by_column.get(column["name"])
+                else None
+            ),
             "suggestions": [],
-            "options": integer_primary_keys
-            if column["type"] is int
-            else string_primary_keys,
+            "options": (
+                integer_primary_keys if column["type"] is int else string_primary_keys
+            ),
         }
         for column in columns
-        if not column["is_pk"]
     ]
 
     # Anything not a float or an existing PK could be the next PK, but
@@ -433,7 +524,7 @@ async def edit_schema_table(request, datasette):
                 other_primary_keys,
             )
         )
-        for info in column_foreign_keys:
+        for info in all_columns_to_manage_foreign_keys:
             info["suggestions"] = potential_fks.get(info["name"], [])
         # Now do potential primary keys against non-float columns
         non_float_columns = [
@@ -444,7 +535,7 @@ async def edit_schema_table(request, datasette):
         )
 
     # Add 'options' to those
-    for info in column_foreign_keys:
+    for info in all_columns_to_manage_foreign_keys:
         options = []
         seen = set()
         info["html_options"] = options
@@ -516,29 +607,49 @@ async def edit_schema_table(request, datasette):
                     for value in TYPES.values()
                 ],
                 "foreign_keys": foreign_keys,
-                "column_foreign_keys": column_foreign_keys,
+                "all_columns_to_manage_foreign_keys": all_columns_to_manage_foreign_keys,
                 "potential_pks": potential_pks,
                 "is_rowid_table": bool(pks == ["rowid"]),
                 "current_pk": pks[0] if len(pks) == 1 else None,
                 "existing_indexes": existing_indexes,
                 "non_primary_key_columns": non_primary_key_columns,
+                "can_drop_table": await can_drop_table(
+                    datasette, request.actor, database_name, table
+                ),
+                "can_rename_table": await can_rename_table(
+                    datasette, request.actor, database_name, table
+                ),
             },
             request=request,
         )
     )
 
 
-async def delete_table(request, datasette, database, table):
-    def do_delete_table(conn):
+async def drop_table(request, datasette, database, table):
+    if not await can_drop_table(datasette, request.actor, database.name, table):
+        raise Forbidden("Permission denied for drop-table")
+
+    def do_drop_table(conn):
         db = sqlite_utils.Database(conn)
         db[table].disable_fts()
         db[table].drop()
         db.vacuum()
 
-    await datasette.databases[database.name].execute_write_fn(
-        do_delete_table, block=True
-    )
+    if hasattr(database, "execute_isolated_fn"):
+        await database.execute_isolated_fn(do_drop_table)
+        # For the tests
+        datasette._datasette_edit_schema_used_execute_isolated_fn = True
+    else:
+        await database.execute_write_fn(do_drop_table)
+
     datasette.add_message(request, "Table has been deleted")
+    await datasette.track_event(
+        DropTableEvent(
+            actor=request.actor,
+            database=database.name,
+            table=table,
+        )
+    )
     return Response.redirect("/-/edit-schema/" + database.name)
 
 
@@ -601,7 +712,19 @@ async def rename_table(request, datasette, database, table, formdata):
         )
         return redirect
 
+    # User must have drop-table permission on old table and create-table on new table
+    if not await can_rename_table(datasette, request.actor, database.name, table):
+        datasette.add_message(
+            request,
+            "Permission denied to rename table '{}'".format(table),
+            datasette.ERROR,
+        )
+        return redirect
+
     try:
+        before_schema = await database.execute_fn(
+            lambda conn: sqlite_utils.Database(conn)[table].schema
+        )
         await database.execute_write(
             """
             ALTER TABLE [{}] RENAME TO [{}];
@@ -610,9 +733,22 @@ async def rename_table(request, datasette, database, table, formdata):
             ),
             block=True,
         )
+        after_schema = await database.execute_fn(
+            lambda conn: sqlite_utils.Database(conn)[new_name].schema
+        )
         datasette.add_message(
             request, "Table renamed to '{}'".format(new_name), datasette.INFO
         )
+        await datasette.track_event(
+            AlterTableEvent(
+                actor=request.actor,
+                database=database.name,
+                table=new_name,
+                before_schema=before_schema,
+                after_schema=after_schema,
+            )
+        )
+
     except Exception as error:
         datasette.add_message(
             request, "Error renaming table: {}".format(str(error)), datasette.ERROR

{datasette-edit-schema-0.7.1 → datasette-edit-schema-0.8a1}/datasette_edit_schema/templates/edit_schema_create_table.html

@@ -22,6 +22,9 @@ select {
     font-size: 1em;
     font-family: Helvetica, sans-serif;
 }
+select.select-smaller {
+    width: 90%;
+}
 html body label {
     font-weight: bold;
     display: inline-block;
@@ -81,14 +84,14 @@ html body label {
 <form action="{{ base_url }}-/edit-schema/{{ database.name|quote_plus }}/-/create" method="post">
 <p>
   <label for="table_name">Table name: &nbsp;</label>
-  <input type="text" required="1" id="table_name" name="table_name" size="20" style="width: 30%">
+  <input type="text" required="1" id="table_name" name="table_name" size="20" style="width: 25%">
 </p>
 <h2>Columns</h2>
 <p style="font-size: 0.8em;">If the primary key is an integer it will automatically count up from 1</p>
 <ul class="editable-columns">
   <!-- primary key comes first and is not sortable -->
   <li>
-    <input style="width: 30%" type="text" size="10" name="primary_key_name" value="id">
+    <input style="width: 25%" type="text" size="10" name="primary_key_name" value="id">
     <label>Type: <select name="primary_key_type">
       <option value="INTEGER" selected="selected">Integer</option>
       <option value="TEXT">Text</option>
@@ -99,7 +102,7 @@ html body label {
 <ul class="sortable-columns editable-columns">
 {% for column in columns %}
     <li>
-        <input style="width: 30%" type="text" size="10" name="column-name.{{ loop.index }}" value="">
+        <input style="width: 25%" type="text" size="10" name="column-name.{{ loop.index }}" value="">
         <label>Type: <select name="column-type.{{ loop.index }}">
             {% for type in types %}
                 <option value="{{ type.value }}">{{ type.name }}</option>