{"url":"https://api.github.com/repos/simonw/datasette/issues/2126","repository_url":"https://api.github.com/repos/simonw/datasette","labels_url":"https://api.github.com/repos/simonw/datasette/issues/2126/labels{/name}","comments_url":"https://api.github.com/repos/simonw/datasette/issues/2126/comments","events_url":"https://api.github.com/repos/simonw/datasette/issues/2126/events","html_url":"https://github.com/simonw/datasette/issues/2126","id":1838266862,"node_id":"I_kwDOBm6k_c5tkbnu","number":2126,"title":"Permissions in metadata.yml / metadata.json","user":{"login":"ctsrc","id":36199671,"node_id":"MDQ6VXNlcjM2MTk5Njcx","avatar_url":"https://avatars.githubusercontent.com/u/36199671?v=4","gravatar_id":"","url":"https://api.github.com/users/ctsrc","html_url":"https://github.com/ctsrc","followers_url":"https://api.github.com/users/ctsrc/followers","following_url":"https://api.github.com/users/ctsrc/following{/other_user}","gists_url":"https://api.github.com/users/ctsrc/gists{/gist_id}","starred_url":"https://api.github.com/users/ctsrc/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ctsrc/subscriptions","organizations_url":"https://api.github.com/users/ctsrc/orgs","repos_url":"https://api.github.com/users/ctsrc/repos","events_url":"https://api.github.com/users/ctsrc/events{/privacy}","received_events_url":"https://api.github.com/users/ctsrc/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignees":[],"milestone":null,"comments":3,"created_at":"2023-08-06T16:24:10Z","updated_at":"2023-08-11T05:52:30Z","closed_at":"2023-08-11T05:52:29Z","assignee":null,"author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"https://docs.datasette.io/en/latest/authentication.html#other-permissions-in-metadata says the following:\r\n\r\n> For all other permissions, you can use one or more \"permissions\" blocks in your metadata.\r\n\r\n> To grant access to the permissions debug tool to all signed in users you can grant permissions-debug to any actor with an id matching the wildcard * by adding this a the root of your metadata:\r\n\r\n```yaml\r\npermissions:\r\n  debug-menu:\r\n    id: '*'\r\n```\r\n\r\nI tried this.\r\n\r\nMy `metadata.yml` file looks like:\r\n\r\n```yaml\r\npermissions:\r\n  debug-menu:\r\n    id: '*'\r\n  permissions-debug:\r\n    id: '*'\r\nplugins:\r\n  datasette-auth-passwords:\r\n    myuser_password_hash:\r\n      $env: \"PASSWORD_HASH_MYUSER\"\r\n```\r\n\r\nAnd then I run\r\n\r\n```zsh\r\ndatasette -m metadata.yml tiddlywiki.db --root\r\n```\r\n\r\nAnd I open a session for the \"root\" user of datasette with the link given.\r\n\r\nI open a private browser session and log in as \"myuser\" from http://127.0.0.1:8001/-/login\r\n\r\nThen I check http://127.0.0.1:8001/-/actor which confirms that I am logged in as the \"myuser\" actor\r\n\r\n```json\r\n{\r\n    \"actor\": {\r\n        \"id\": \"myuser\"\r\n    }\r\n}\r\n```\r\n\r\nIn the session where I am logged in as \"myuser\" I then try to go to http://127.0.0.1:8001/-/permissions\r\n\r\nBut all I get there as the logged in user \"myuser\" is\r\n\r\n> Forbidden\r\n>\r\n> Permission denied\r\n\r\nAnd then if I check the http://127.0.0.1:8001/-/permissions as the datasette \"root\" user from another browser session, I see:\r\n\r\n> permissions-debug checked at 2023-08-06T16:22:58.997841 ✗ (used default)\r\n>\r\n> Actor: {\"id\": \"myuser\"}\r\n\r\nIt seems that in spite of having tried to give the `permissions-debug` permission to the \"myuser\" user in my `metadata.yml` file, datasette does not agree that \"myuser\" has permission `permissions-debug`..\r\n\r\nWhat do I need to do differently so that my \"myuser\" user is able to access http://127.0.0.1:8001/-/permissions ?","closed_by":{"login":"ctsrc","id":36199671,"node_id":"MDQ6VXNlcjM2MTk5Njcx","avatar_url":"https://avatars.githubusercontent.com/u/36199671?v=4","gravatar_id":"","url":"https://api.github.com/users/ctsrc","html_url":"https://github.com/ctsrc","followers_url":"https://api.github.com/users/ctsrc/followers","following_url":"https://api.github.com/users/ctsrc/following{/other_user}","gists_url":"https://api.github.com/users/ctsrc/gists{/gist_id}","starred_url":"https://api.github.com/users/ctsrc/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ctsrc/subscriptions","organizations_url":"https://api.github.com/users/ctsrc/orgs","repos_url":"https://api.github.com/users/ctsrc/repos","events_url":"https://api.github.com/users/ctsrc/events{/privacy}","received_events_url":"https://api.github.com/users/ctsrc/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/simonw/datasette/issues/2126/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/simonw/datasette/issues/2126/timeline","performed_via_github_app":null,"state_reason":"completed","pinned_comment":null}