Magic parameters for canned queries, a log out feature, improved plugin documentation and four new plugin hooks.
Magic parameters for canned queries
Canned queries now support Magic parameters, which can be used to insert or select automatically generated values. For example:
insert into logs
(user_id, timestamp)
values
(:_actor_id, :_now_datetime_utc)
This inserts the currently authenticated actor ID and the current datetime. (#842)
Log out
The ds_actor cookie can be used by plugins (or by Datasette's --root mechanism) to authenticate users. The new /-/logout
page provides a way to clear that cookie.
A "Log out" button now shows in the global navigation provided the user is authenticated using the ds_actor
cookie. (#840)
Better plugin documentation
The plugin documentation has been re-arranged into four sections, including a brand new section on testing plugins. (#687)
- Plugins introduces Datasette's plugin system and describes how to install and configure plugins.
- Writing plugins describes how to author plugins, from simple one-off plugins to packaged plugins that can be published to PyPI. It also describes how to start a plugin using the new datasette-plugin cookiecutter template.
- Plugin hooks is a full list of detailed documentation for every Datasette plugin hook.
- Testing plugins describes how to write tests for Datasette plugins, using pytest and HTTPX.
New plugin hooks
- register_magic_parameters(datasette) can be used to define new types of magic canned query parameters.
- startup(datasette) can run custom code when Datasette first starts up. datasette-init is a new plugin that uses this hook to create database tables and views on startup if they have not yet been created. (#834)
- canned_queries(datasette, database, actor) lets plugins provide additional canned queries beyond those defined in Datasette's metadata. See datasette-saved-queries for an example of this hook in action. (#852)
- forbidden(datasette, request, message) is a hook for customizing how Datasette responds to 403 forbidden errors. (#812)
Smaller changes
- Cascading view permissons - so if a user has
view-table
they can view the table page even if they do not haveview-database
orview-instance
. (#832) - CSRF protection no longer applies to
Authentication: Bearer token
requests or requests without cookies. (#835) datasette.add_message()
now works inside plugins. (#864)- Workaround for "Too many open files" error in test runs. (#846)
- Respect existing
scope["actor"]
if already set by ASGI middleware. (#854) - New process for shipping Alpha and beta releases. (#807)
{{ csrftoken() }}
now works when plugins render a template usingdatasette.render_template(..., request=request)
. (#863)- Datasette now creates a single Request object and uses it throughout the lifetime of the current HTTP request. (#870)