datasette 0.45

on Python PyPI

Magic parameters for canned queries, a log out feature, improved plugin documentation and four new plugin hooks.

Magic parameters for canned queries

Canned queries now support Magic parameters, which can be used to insert or select automatically generated values. For example:

insert into logs
  (user_id, timestamp)
values
  (:_actor_id, :_now_datetime_utc)

This inserts the currently authenticated actor ID and the current datetime. (#842)

Log out

The ds_actor cookie can be used by plugins (or by Datasette's --root mechanism) to authenticate users. The new /-/logout page provides a way to clear that cookie.

A "Log out" button now shows in the global navigation provided the user is authenticated using the ds_actor cookie. (#840)

Better plugin documentation

The plugin documentation has been re-arranged into four sections, including a brand new section on testing plugins. (#687)

• Plugins introduces Datasette's plugin system and describes how to install and configure plugins.
• Writing plugins describes how to author plugins, from simple one-off plugins to packaged plugins that can be published to PyPI. It also describes how to start a plugin using the new datasette-plugin cookiecutter template.
• Plugin hooks is a full list of detailed documentation for every Datasette plugin hook.
• Testing plugins describes how to write tests for Datasette plugins, using pytest and HTTPX.

New plugin hooks

• register_magic_parameters(datasette) can be used to define new types of magic canned query parameters.
• startup(datasette) can run custom code when Datasette first starts up. datasette-init is a new plugin that uses this hook to create database tables and views on startup if they have not yet been created. (#834)
• canned_queries(datasette, database, actor) lets plugins provide additional canned queries beyond those defined in Datasette's metadata. See datasette-saved-queries for an example of this hook in action. (#852)
• forbidden(datasette, request, message) is a hook for customizing how Datasette responds to 403 forbidden errors. (#812)

Smaller changes

• Cascading view permissons - so if a user has view-table they can view the table page even if they do not have view-database or view-instance. (#832)
• CSRF protection no longer applies to Authentication: Bearer token requests or requests without cookies. (#835)
• datasette.add_message() now works inside plugins. (#864)
• Workaround for "Too many open files" error in test runs. (#846)
• Respect existing scope["actor"] if already set by ASGI middleware. (#854)
• New process for shipping Alpha and beta releases. (#807)
• {{ csrftoken() }} now works when plugins render a template using datasette.render_template(..., request=request). (#863)
• Datasette now creates a single Request object and uses it throughout the lifetime of the current HTTP request. (#870)