Need to consider permissions here too. Currently:
|
async def upload_csvs(scope, receive, datasette, request): |
|
if not await datasette.permission_allowed( |
|
request.actor, "upload-csvs", default=False |
|
): |
|
raise Forbidden("Permission denied for upload-csvs") |
That needs to take the database into consideration as well.
Good opportunity for me to revise (and maybe document) how Datasette permissions deal with changing an existing permission to now depend on a resource.
Originally posted by @simonw in #28 (comment)
Originally posted by @simonw in #28 (comment)