Releases: simonw/datasette
1.0a13
Each of the key concepts in Datasette now has an actions menu, which plugins can use to add additional functionality targeting that entity.
- Plugin hook: view_actions() for actions that can be applied to a SQL view. (#2297)
- Plugin hook: homepage_actions() for actions that apply to the instance homepage. (#2298)
- Plugin hook: row_actions() for actions that apply to the row page. (#2299)
- Action menu items for all of the
*_actions()plugin hooks can now return an optional"description"key, which will be displayed in the menu below the action label. (#2294) - Plugin hooks documentation page is now organized with additional headings. (#2300)
- Improved the display of action buttons on pages that also display metadata. (#2286)
- The header and footer of the page now uses a subtle gradient effect, and options in the navigation menu are better visually defined. (#2302)
- Table names that start with an underscore now default to hidden. (#2104)
pragma_table_listhas been added to the allow-list of SQLite pragma functions supported by Datasette.select * from pragma_table_list()is no longer blocked. (#2104)
1.0a12
- New query_actions() plugin hook, similar to table_actions() and database_actions(). Can be used to add a menu of actions to the canned query or arbitrary SQL query page. (#2283)
- New design for the button that opens the query, table and database actions menu. (#2281)
- "does not contain" table filter for finding rows that do not contain a string. (#2287)
- Fixed a bug in the makeColumnActions(columnDetails) JavaScript plugin mechanism where the column action menu was not fully reset in between each interaction. (#2289)
1.0a11
- The
"replace": trueargument to the/db/table/-/insertAPI now requires the actor to have theupdate-rowpermission. (#2279) - Fixed some UI bugs in the interactive permissions debugging tool. (#2278)
- The column action menu now aligns better with the cog icon, and positions itself taking into account the width of the browser window. (#2263)
1.0a10
The only changes in this alpha correspond to the way Datasette handles database transactions. (#2277)
- The database.execute_write_fn() method has a new
transaction=Trueparameter. This defaults toTruewhich means all functions executed using this method are now automatically wrapped in a transaction - previously the functions needed to roll transaction handling on their own, and many did not. - Pass
transaction=Falsetoexecute_write_fn()if you want to manually handle transactions in your function. - Several internal Datasette features, including parts of the JSON write API, had been failing to wrap their operations in a transaction. This has been fixed by the new
transaction=Truedefault.
1.0a9
This alpha release adds basic alter table support to the Datasette Write API and fixes a permissions bug relating to the /upsert API endpoint.
Alter table support for create, insert, upsert and update
The JSON write API can now be used to apply simple alter table schema changes, provided the acting actor has the new alter-table permission. (#2101)
The only alter operation supported so far is adding new columns to an existing table.
- The /db/-/create API now adds new columns during large operations to create a table based on incoming example
"rows", in the case where one of the later rows includes columns that were not present in the earlier batches. This requires thecreate-tablebut not thealter-tablepermission. - When
/db/-/createis called with rows in a situation where the table may have been already created, an"alter": truekey can be included to indicate that any missing columns from the new rows should be added to the table. This requires thealter-tablepermission. - /db/table/-/insert and /db/table/-/upsert and /db/table/row-pks/-/update all now also accept
"alter": true, depending on thealter-tablepermission.
Operations that alter a table now fire the new alter-table event.
Permissions fix for the upsert API
The /database/table/-/upsert API had a minor permissions bug, only affecting Datasette instances that had configured the insert-row and update-row permissions to apply to a specific table rather than the database or instance as a whole. Full details in issue #2262.
To avoid similar mistakes in the future the datasette.permission_allowed() method now specifies default= as a keyword-only argument.
Permission checks now consider opinions from every plugin
The datasette.permission_allowed() method previously consulted every plugin that implemented the permission_allowed() plugin hook and obeyed the opinion of the last plugin to return a value. (#2275)
Datasette now consults every plugin and checks to see if any of them returned False (the veto rule), and if none of them did, it then checks to see if any of them returned True.
This is explained at length in the new documentation covering How permissions are resolved.
Other changes
- The new DATASETTE_TRACE_PLUGINS=1 environment variable turns on detailed trace output for every executed plugin hook, useful for debugging and understanding how the plugin system works at a low level. (#2274)
- Datasette on Python 3.9 or above marks its non-cryptographic uses of the MD5 hash function as
usedforsecurity=False, for compatibility with FIPS systems. (#2270) - SQL relating to Datasette's internal database now executes inside a transaction, avoiding a potential database locked error. (#2273)
- The
/-/threadsdebug page now identifies the database in the name associated with each dedicated write thread. (#2265) - The
/db/-/createAPI now fires ainsert-rowsevent if rows were inserted after the table was created. (#2260)
1.0a8
This alpha release continues the migration of Datasette's configuration from metadata.yaml to the new datasette.yaml configuration file, introduces a new system for JavaScript plugins and adds several new plugin hooks.
See Datasette 1.0a8: JavaScript plugins, new plugin hooks and plugin configuration in datasette.yaml for an annotated version of these release notes.
Configuration
-
Plugin configuration now lives in the datasette.yaml configuration file, passed to Datasette using the
-c/--configoption. Thanks, Alex Garcia. (#2093)datasette -c datasette.yaml
Where
datasette.yamlcontains configuration that looks like this:plugins: datasette-cluster-map: latitude_column: xlat longitude_column: xlon
-
Previously plugins were configured in
metadata.yaml, which was confusing as plugin settings were unrelated to database and table metadata. -
The
-s/--settingoption can now be used to set plugin configuration as well. See Configuration via the command-line for details. (#2252)The above YAML configuration example using
-s/--settinglooks like this:datasette mydatabase.db\ -s plugins.datasette-cluster-map.latitude_column xlat\ -s plugins.datasette-cluster-map.longitude_column xlon
-
The new
/-/configpage shows the current instance configuration, after redacting keys that could contain sensitive data such as API keys or passwords. (#2254) -
Existing Datasette installations may already have configuration set in
metadata.yamlthat should be migrated todatasette.yaml. To avoid breaking these installations, Datasette will silently treat table configuration, plugin configuration and allow blocks in metadata as if they had been specified in configuration instead. (#2247) (#2248) (#2249)
Note that the datasette publish command has not yet been updated to accept a datasette.yaml configuration file. This will be addressed in #2195 but for the moment you can include those settings in metadata.yaml instead.
JavaScript plugins
Datasette now includes a JavaScript plugins mechanism, allowing JavaScript to customize Datasette in a way that can collaborate with other plugins.
This provides two initial hooks, with more to come in the future:
-
makeAboveTablePanelConfigs() can add additional panels to the top of the table page.
-
makeColumnActions() can add additional actions to the column menu.
Thanks Cameron Yick for contributing this feature. (#2052)
Plugin hooks
-
New jinja2_environment_from_request(datasette, request, env) plugin hook, which can be used to customize the current Jinja environment based on the incoming request. This can be used to modify the template lookup path based on the incoming request hostname, among other things. (#2225)
-
New family of template slot plugin hooks:
top_homepage,top_database,top_table,top_row,top_query,top_canned_query. Plugins can use these to provide additional HTML to be injected at the top of the corresponding pages. (#1191) -
New track_event() mechanism for plugins to emit and receive events when certain events occur within Datasette. (#2240)
-
Plugins can register additional event classes using register_events(datasette).
-
They can then trigger those events with the datasette.track_event(event) internal method.
-
Plugins can subscribe to notifications of events using the track_event(datasette, event) plugin hook.
-
Datasette core now emits
login,logout,create-token,create-table,drop-table,insert-rows,upsert-rows,update-row,delete-rowevents, documented here.
-
-
New internal function for plugin authors: await db.execute_isolated_fn(fn), for creating a new SQLite connection, executing code and then closing that connection, all while preventing other code from writing to that particular database. This connection will not have the prepare_connection() plugin hook executed against it, allowing plugins to perform actions that might otherwise be blocked by existing connection configuration. (#2218)
Documentation
-
Documentation describing how to write tests that use signed actor cookies using
datasette.client.actor_cookie(). (#1830) -
Documentation on how to register a plugin for the duration of a test. (#2234)
-
The configuration documentation now shows examples of both YAML and JSON for each setting.
Minor fixes
-
Datasette no longer attempts to run SQL queries in parallel when rendering a table page, as this was leading to some rare crashing bugs. (#2189)
-
Fixed warning:
DeprecationWarning: pkg_resources is deprecated as an API(#2057) -
Fixed bug where
?_extra=columnsparameter returned an incorrectly shaped response. (#2230)