https://github.com/cldellow/datasette-current-actor
Adds a `current_actor()` function to SQLite
https://github.com/cldellow/datasette-current-actor
Last synced: over 1 year ago
JSON representation
Adds a `current_actor()` function to SQLite
- Host: GitHub
- URL: https://github.com/cldellow/datasette-current-actor
- Owner: cldellow
- License: apache-2.0
- Created: 2023-02-04T20:29:38.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2023-02-12T18:35:12.000Z (over 3 years ago)
- Last Synced: 2025-03-29T12:13:20.915Z (over 1 year ago)
- Language: Python
- Size: 20.5 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# datasette-current-actor
[](https://pypi.org/project/datasette-current-actor/)
[](https://github.com/cldellow/datasette-current-actor/releases)
[](https://github.com/cldellow/datasette-current-actor/actions?query=workflow%3ATest)
[](https://github.com/cldellow/datasette-current-actor/blob/main/LICENSE)
Adds functions to SQLite to show the current actor's ID, IP and user agent.
## Installation
Install this plugin in the same environment as Datasette.
datasette install datasette-current-actor
## Usage
- `current_actor()` returns the current actor's ID, or `NULL` if no actor.
- `current_actor('attrs', 'name')` navigates the actor object, returning
the value of the `name` key stored in the `attrs` key, or `NULL` if any
of the intermediate values are absent.
- `current_actor_ip()` returns the current actor's IP address
- `current_actor_user_agent()` returns the current actor's HTTP user agent
### Default values, views and triggers
SQLite is _flexible_. It turns out you can refer to functions that don't exist
when issuing DDL statements. As long as they exist when they're needed, it all
works out.
#### Auditing
Track who added a row:
```sql
CREATE TABLE notes(
created_by text not null default (current_actor()),
created_by_ip text not null default (current_actor_ip()),
note text not null
);
```
Or create an UPDATE trigger on a table that sets the `last_edited_by` column to
`current_actor()`.
#### Row-level security
Restrict the rows that users see:
```sql
CREATE VIEW rls AS
SELECT * FROM sensitive_data WHERE owner = current_actor()
```
You can see a live example at https://dux.fly.dev/cooking/my_questions, which should show you 0 rows.
You can use the hamburger menu in the top right to log in with GitHub. You will then see questions whose owner_id ends
in the same digit as your GitHub user ID.
## Development
To set up this plugin locally, first checkout the code. Then create a new virtual environment:
cd datasette-current-actor
python3 -m venv venv
source venv/bin/activate
Now install the dependencies and test dependencies:
pip install -e '.[test]'
To run the tests:
pytest