An open source multi-tool for exploring and publishing data
APACHE-2.0 License
Bot releases are hidden (Show)
This release focuses on performance, in particular against large tables, and introduces some minor breaking changes for CSS styling in Datasette plugins.
datasette --pdb
option now uses the ipdb debugger if it is installed. You can install it using datasette install ipdb
. Thanks, Tiago Ilieve. (#2342)metadata.json
contained nested objects. (#2403)?_trace=1
where it returned a blank page if the response was larger than 256KB. (#2404).dicts()
internal method on Results that returns a list of dictionaries representing the results from a SQL query: (#2414)
rows = (await db.execute("select * from t")).dicts()
"core"
on the element or a containing element, for example <form class="core">
. (#2415)<table class="rows-and-columns">
. (#2420)Published by simonw 2 months ago
-s/--setting
options could over-ride settings that were present in datasette.yml
. (#2389)/-/
, using the default index.html
template. This ensures that the information on that page is still accessible even if the Datasette homepage has been customized using a custom index.html
template, for example on sites like datasette.io. (#2393)json1
extension was not correctly detected on the /-/versions
page. Thanks, Seb Bacon. (#2326)Content-Type: application/json; charset=utf-8
. (#2384)metadata.yml
contained a queries
block. (#2386)Published by simonw 3 months ago
This alpha introduces significant changes to Datasette's Metadata system, some of which represent breaking changes in advance of the full 1.0 release. The new Upgrade guide document provides detailed coverage of those breaking changes and how they affect plugin authors and Datasette API consumers.
/databasename?sql=
interface and JSON API for executing arbitrary SQL queries can now be found at /databasename/-/query?sql=
. Requests with a ?sql=
parameter to the old endpoints will be redirected. Thanks, Alex Garcia. (#2360)IMMEDIATE
isolation level for SQLite. This should help avoid a rare SQLITE_BUSY
error that could occur when a transaction upgraded to a write mid-flight. (#2358)E-Tag
headers for static files. Thanks, Agustin Bacigalup. (#2306)z-index
that should avoid them being hidden by plugins. (#2311)<html lange="en">
attribute. Thanks, Charles Nepote. (#2348)datasette --root
produced a confusing error. (#2375)Published by simonw 4 months ago
Published by simonw 7 months ago
Each of the key concepts in Datasette now has an actions menu, which plugins can use to add additional functionality targeting that entity.
*_actions()
plugin hooks can now return an optional "description"
key, which will be displayed in the menu below the action label. (#2294)pragma_table_list
has been added to the allow-list of SQLite pragma functions supported by Datasette. select * from pragma_table_list()
is no longer blocked. (#2104)Published by simonw 8 months ago
Published by simonw 8 months ago
"replace": true
argument to the /db/table/-/insert
API now requires the actor to have the update-row
permission. (#2279)Published by simonw 8 months ago
The only changes in this alpha correspond to the way Datasette handles database transactions. (#2277)
transaction=True
parameter. This defaults to True
which means all functions executed using this method are now automatically wrapped in a transaction - previously the functions needed to roll transaction handling on their own, and many did not.transaction=False
to execute_write_fn()
if you want to manually handle transactions in your function.transaction=True
default.Published by simonw 8 months ago
This alpha release adds basic alter table support to the Datasette Write API and fixes a permissions bug relating to the /upsert
API endpoint.
The JSON write API can now be used to apply simple alter table schema changes, provided the acting actor has the new alter-table permission. (#2101)
The only alter operation supported so far is adding new columns to an existing table.
"rows"
, in the case where one of the later rows includes columns that were not present in the earlier batches. This requires the create-table
but not the alter-table
permission./db/-/create
is called with rows in a situation where the table may have been already created, an "alter": true
key can be included to indicate that any missing columns from the new rows should be added to the table. This requires the alter-table
permission."alter": true
, depending on the alter-table
permission.Operations that alter a table now fire the new alter-table event.
The /database/table/-/upsert API had a minor permissions bug, only affecting Datasette instances that had configured the insert-row
and update-row
permissions to apply to a specific table rather than the database or instance as a whole. Full details in issue #2262.
To avoid similar mistakes in the future the datasette.permission_allowed() method now specifies default=
as a keyword-only argument.
The datasette.permission_allowed() method previously consulted every plugin that implemented the permission_allowed() plugin hook and obeyed the opinion of the last plugin to return a value. (#2275)
Datasette now consults every plugin and checks to see if any of them returned False
(the veto rule), and if none of them did, it then checks to see if any of them returned True
.
This is explained at length in the new documentation covering How permissions are resolved.
usedforsecurity=False
, for compatibility with FIPS systems. (#2270)/-/threads
debug page now identifies the database in the name associated with each dedicated write thread. (#2265)/db/-/create
API now fires a insert-rows
event if rows were inserted after the table was created. (#2260)Published by simonw 9 months ago
This alpha release continues the migration of Datasette's configuration from metadata.yaml
to the new datasette.yaml
configuration file, introduces a new system for JavaScript plugins and adds several new plugin hooks.
See Datasette 1.0a8: JavaScript plugins, new plugin hooks and plugin configuration in datasette.yaml for an annotated version of these release notes.
Plugin configuration now lives in the datasette.yaml configuration file, passed to Datasette using the -c/--config
option. Thanks, Alex Garcia. (#2093)
datasette -c datasette.yaml
Where datasette.yaml
contains configuration that looks like this:
plugins:
datasette-cluster-map:
latitude_column: xlat
longitude_column: xlon
Previously plugins were configured in metadata.yaml
, which was confusing as plugin settings were unrelated to database and table metadata.
The -s/--setting
option can now be used to set plugin configuration as well. See Configuration via the command-line for details. (#2252)
The above YAML configuration example using -s/--setting
looks like this:
datasette mydatabase.db\
-s plugins.datasette-cluster-map.latitude_column xlat\
-s plugins.datasette-cluster-map.longitude_column xlon
The new /-/config
page shows the current instance configuration, after redacting keys that could contain sensitive data such as API keys or passwords. (#2254)
Existing Datasette installations may already have configuration set in metadata.yaml
that should be migrated to datasette.yaml
. To avoid breaking these installations, Datasette will silently treat table configuration, plugin configuration and allow blocks in metadata as if they had been specified in configuration instead. (#2247) (#2248) (#2249)
Note that the datasette publish
command has not yet been updated to accept a datasette.yaml
configuration file. This will be addressed in #2195 but for the moment you can include those settings in metadata.yaml
instead.
Datasette now includes a JavaScript plugins mechanism, allowing JavaScript to customize Datasette in a way that can collaborate with other plugins.
This provides two initial hooks, with more to come in the future:
makeAboveTablePanelConfigs() can add additional panels to the top of the table page.
makeColumnActions() can add additional actions to the column menu.
Thanks Cameron Yick for contributing this feature. (#2052)
New jinja2_environment_from_request(datasette, request, env) plugin hook, which can be used to customize the current Jinja environment based on the incoming request. This can be used to modify the template lookup path based on the incoming request hostname, among other things. (#2225)
New family of template slot plugin hooks: top_homepage
, top_database
, top_table
, top_row
, top_query
, top_canned_query
. Plugins can use these to provide additional HTML to be injected at the top of the corresponding pages. (#1191)
New track_event() mechanism for plugins to emit and receive events when certain events occur within Datasette. (#2240)
Plugins can register additional event classes using register_events(datasette).
They can then trigger those events with the datasette.track_event(event) internal method.
Plugins can subscribe to notifications of events using the track_event(datasette, event) plugin hook.
Datasette core now emits login
, logout
, create-token
, create-table
, drop-table
, insert-rows
, upsert-rows
, update-row
, delete-row
events, documented here.
New internal function for plugin authors: await db.execute_isolated_fn(fn), for creating a new SQLite connection, executing code and then closing that connection, all while preventing other code from writing to that particular database. This connection will not have the prepare_connection() plugin hook executed against it, allowing plugins to perform actions that might otherwise be blocked by existing connection configuration. (#2218)
Documentation describing how to write tests that use signed actor cookies using datasette.client.actor_cookie()
. (#1830)
Documentation on how to register a plugin for the duration of a test. (#2234)
The configuration documentation now shows examples of both YAML and JSON for each setting.
Datasette no longer attempts to run SQL queries in parallel when rendering a table page, as this was leading to some rare crashing bugs. (#2189)
Fixed warning: DeprecationWarning: pkg_resources is deprecated as an API
(#2057)
Fixed bug where ?_extra=columns
parameter returned an incorrectly shaped response. (#2230)
Published by simonw about 1 year ago
DATASETTE_LOAD_PLUGINS
environment variable for controlling which plugins are loaded by Datasette. (#2164)execute-sql
permission now implies that the actor can also view the database and instance. (#2169)Published by simonw about 1 year ago
view-table
restriction will imply the ability to view-database
for the database containing that table, and both view-table
and view-database
will imply view-instance
. Previously you needed to create a token with restrictions that explicitly listed view-instance
and view-database
and view-table
in order to view a table without getting a permission denied error. (#2102)datasette.yaml
(or .json
) configuration file, which can be specified using datasette -c path-to-file
. The goal here to consolidate settings, plugin configuration, permissions, canned queries, and other Datasette configuration into a single single file, separate from metadata.yaml
. The legacy settings.json
config file used for Configuration directory mode has been removed, and datasette.yaml
has a "settings"
section where the same settings key/value pairs can be included. In the next future alpha release, more configuration such as plugins/permissions/canned queries will be moved to the datasette.yaml
file. See #2093 for more details. Thanks, Alex Garcia.-s/--setting
option can now take dotted paths to nested settings. These will then be used to set or over-ride the same options as are present in the new configuration file. (#2156)--actor '{"id": "json-goes-here"}'
option for use with datasette --get
to treat the simulated request as being made by a specific actor, see datasette --get. (#2153)_internal
database has had some changes. It no longer shows up in the datasette.databases
list by default, and is now instead available to plugins using the datasette.get_internal_database()
. Plugins are invited to use this as a private database to store configuration and settings and secrets that should not be made visible through the default Datasette interface. Users can pass the new --internal internal.db
option to persist that internal database to disk. Thanks, Alex Garcia. (#2157).Published by simonw about 1 year ago
This alpha fixes a security issue with the /-/api
API explorer. On authenticated Datasette instances (instances protected using plugins such as datasette-auth-passwords) the API explorer interface could reveal the names of databases and tables within the protected instance. The data stored in those tables was not revealed.
For more information and workarounds, read the security advisory. The issue has been present in every previous alpha version of Datasette 1.0: versions 1.0a0, 1.0a1, 1.0a2 and 1.0a3.
Also in this alpha:
datasette plugins --requirements
option outputs a list of currently installed plugins in Python requirements.txt
format, useful for duplicating that installation elsewhere. (#2133)on_success_message_sql
field in their configuration, containing a SQL query that should be executed upon successful completion of the write operation in order to generate a message to be shown to the user. (#2138)Published by simonw about 1 year ago
This alpha release previews the updated design for Datasette's default JSON API. (#782)
The new default JSON representation for both table pages (/dbname/table.json
) and arbitrary SQL queries (/dbname.json?sql=...
) is now shaped like this:
{
"ok": true,
"rows": [
{
"id": 3,
"name": "Detroit"
},
{
"id": 2,
"name": "Los Angeles"
},
{
"id": 4,
"name": "Memnonia"
},
{
"id": 1,
"name": "San Francisco"
}
],
"truncated": false
}
Tables will include an additional "next"
key for pagination, which can be passed to ?_next=
to fetch the next page of results.
The various ?_shape=
options continue to work as before - see Different shapes for details.
A new ?_extra=
mechanism is available for tables, but has not yet been stabilized or documented. Details on that are available in #262.
error
and truncated
arguments, allowing them to display error messages and take into account truncated results. (#2130)render_cell()
plugin hook now also supports an optional request
argument. (#2007)Justfile
to support development workflows for Datasette using Just.datasette.render_template()
can now accepts a datasette.views.Context
subclass as an alternative to a dictionary. (#2127)datasette install -e path
option for editable installations, useful while developing plugins. (#2106)--cors
option Datasette now serves an Access-Control-Max-Age: 3600
header, ensuring CORS OPTIONS requests are repeated no more than once an hour. (#2079)_internal
database could display None
instead of null
for in-memory databases. (#1970)