Sharing v2: comment-space ACLs + share dialog embed#22
Open
asg017 wants to merge 7 commits into
Open
Conversation
Define a comments-owned `comment-space` acl resource (independent of host-resource ACLs), a canonical target->(parent,child) 2-level encoding helper, resource-scoped comment-view/post/moderate actions, and Reader/Commenter/Moderator roles (Moderator manage=True). Granularity (Q#15): start per-table (child=None); row targets fold onto the table space. ROW_LEVEL_SPACES flips on per-row spaces without changing callers. Adds acl + datasette-share as local editable dev deps. Refs: research-sharing/todo/phase-09-comments/01-comment-space-resource-and-encoding.md, research-sharing/09-datasette-comments.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Rewrite check_permission to be resource-aware: each endpoint derives its target -> (parent,child) via target_to_resource and authorizes against the comment-space acl resource. Reads require comment-view, posts/reactions comment-post, and resolve/delete now require comment-moderate (closing the old "anyone with access can resolve any thread" hole). Thread creation stays a coarse instance-level write gate (like paper's global create action), then seeds the creator a Moderator grant on the new space (access.py) so follow-up posts pass the per-space check. Cross-space aggregate/directory endpoints (activity feed, @mention autocomplete, profile activity, activity page) use a coarse check_global gate. The two legacy global actions are retired as the primary gate (kept as an optional coarse gate). Refs: research-sharing/todo/phase-09-comments/02-permission-migration.md, research-sharing/09-datasette-comments.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Default commenting access is CLOSED (DECISIONS.md): a new comment space seeds only the creating actor as Moderator; _signed_in is NOT auto-granted. A deployment can opt into the legacy "anyone signed in can comment" behaviour with plugins.datasette-comments.default-commenting-access: open (grants _signed_in Commenter). Adds an idempotent startup backfill that seeds creator Moderator (+ the chosen default) for spaces that already have threads, so commenting isn't accidentally disabled on upgrade. _ensure_acl_ready makes grants robust against plugin startup ordering (creates acl tables / rebuilds the roles registry if needed). Refs: research-sharing/todo/phase-09-comments/03-creator-grant-and-default-access.md, research-sharing/09-datasette-comments.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Author resolution now goes through datasette.actors_from_ids (owned by datasette-user-profiles) instead of the private get_profile import: comment authors render with the same names/avatars as everywhere else, and agent authors resolve to kind=agent (🤖) for free. Adds kind to the Author model. @mention autocomplete + activity-search author filter now call the profiles search API (GET /-/profiles/api/search), ranked/limited server-side, with the deprecated datasette_comments_users hook kept as a fallback only (documented deprecated in hookspecs). Drops the hard private cross-plugin import. Refs: research-sharing/todo/phase-09-comments/04-directory-consolidation.md, research-sharing/09-datasette-comments.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Embed datasette-share's framework-agnostic <datasette-share-dialog resource-type="comment-space"> from comments' Preact content script: a "Who can comment?" button on the space-scoped (table/row) views opens the Svelte custom element in a modal, gated on can_manage (the actor holds comment-moderate on the space). The backend exposes the comment-space (parent, child) + can_manage + actor via window.DATASETTE_COMMENTS_META and includes the datasette-share bundle (via datasette_share_assets) only on those views. parent/child use the same target encoding as task 01. CSRF: datasette 1.0a30 replaced token CSRF with the header-based CrossOriginProtectionMiddleware (Sec-Fetch-Site/Origin). Same-origin fetch writes are accepted with NO token, so comments' POSTs (and the dialog's acl writes) need no token plumbing. We still expose the legacy csrftoken() for the element's optional back-compat attribute and verify token-less writes succeed. Refs: research-sharing/todo/phase-09-comments/05-share-embed-and-csrf.md, research-sharing/09-datasette-comments.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Update the comments plugin to consume the renamed share package: distribution datasette-share -> datasette-acl-share, module datasette_share -> datasette_acl_share, and custom element tag datasette-share-dialog -> datasette-acl-share-dialog. Frontend bundles under static/gen/ were regenerated via vite build (gitignored, not part of this commit). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sibling checkout renamed datasette-share -> datasette-acl-share; update the [tool.uv.sources] editable path to ../datasette-acl-share. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Lands the
sharing-v2migration for comments:<datasette-acl-share-dialog>from datasette-acl-share in the share manager.Part of the cross-repo document-sharing unification.
🤖 Generated with Claude Code