Plugin hooks#

Datasette plugins use plugin hooks to customize Datasette's behavior. These hooks are powered by the pluggy plugin system.

Each plugin can implement one or more hooks using the @hookimpl decorator against a function named that matches one of the hooks documented on this page.

When you implement a plugin hook you can accept any or all of the parameters that are documented as being passed to that hook.

For example, you can implement the render_cell plugin hook like this even though the full documented hook signature is render_cell(row, value, column, table, database, datasette):

@hookimpl
def render_cell(value, column):
    if column == "stars":
        return "*" * int(value)

prepare_connection(conn, database, datasette)#

conn - sqlite3 connection object

The connection that is being opened

database - string

The name of the database

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name)

This hook is called when a new SQLite database connection is created. You can use it to register custom SQL functions, aggregates and collations. For example:

from datasette import hookimpl
import random


@hookimpl
def prepare_connection(conn):
    conn.create_function(
        "random_integer", 2, random.randint
    )

This registers a SQL function called random_integer which takes two arguments and can be called like this:

select random_integer(1, 10);

Examples: datasette-jellyfish, datasette-jq, datasette-haversine, datasette-rure

prepare_jinja2_environment(env, datasette)#

env - jinja2 Environment

The template environment that is being prepared

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name)

This hook is called with the Jinja2 environment that is used to evaluate Datasette HTML templates. You can use it to do things like register custom template filters, for example:

from datasette import hookimpl


@hookimpl
def prepare_jinja2_environment(env):
    env.filters["uppercase"] = lambda u: u.upper()

You can now use this filter in your custom templates like so:

Table name: {{ table|uppercase }}

This function can return an awaitable function if it needs to run any async code.

Examples: datasette-edit-templates

extra_template_vars(template, database, table, columns, view_name, request, datasette)#

Extra template variables that should be made available in the rendered template context.

template - string

The template that is being rendered, e.g. database.html

database - string or None

The name of the database, or None if the page does not correspond to a database (e.g. the root page)

table - string or None

The name of the table, or None if the page does not correct to a table

columns - list of strings or None

The names of the database columns that will be displayed on this page. None if the page does not contain a table.

view_name - string

The name of the view being displayed. (index, database, table, and row are the most important ones.)

request - Request object or None

The current HTTP request. This can be None if the request object is not available.

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name)

This hook can return one of three different types:

Dictionary

If you return a dictionary its keys and values will be merged into the template context.

Function that returns a dictionary

If you return a function it will be executed. If it returns a dictionary those values will will be merged into the template context.

Function that returns an awaitable function that returns a dictionary

You can also return a function which returns an awaitable function which returns a dictionary.

Datasette runs Jinja2 in async mode, which means you can add awaitable functions to the template scope and they will be automatically awaited when they are rendered by the template.

Here's an example plugin that adds a "user_agent" variable to the template context containing the current request's User-Agent header:

@hookimpl
def extra_template_vars(request):
    return {"user_agent": request.headers.get("user-agent")}

This example returns an awaitable function which adds a list of hidden_table_names to the context:

@hookimpl
def extra_template_vars(datasette, database):
    async def hidden_table_names():
        if database:
            db = datasette.databases[database]
            return {
                "hidden_table_names": await db.hidden_table_names()
            }
        else:
            return {}

    return hidden_table_names

And here's an example which adds a sql_first(sql_query) function which executes a SQL statement and returns the first column of the first row of results:

@hookimpl
def extra_template_vars(datasette, database):
    async def sql_first(sql, dbname=None):
        dbname = (
            dbname
            or database
            or next(iter(datasette.databases.keys()))
        )
        result = await datasette.execute(dbname, sql)
        return result.rows[0][0]

    return {"sql_first": sql_first}

You can then use the new function in a template like so:

SQLite version: {{ sql_first("select sqlite_version()") }}

Examples: datasette-search-all, datasette-template-sql

extra_css_urls(template, database, table, columns, view_name, request, datasette)#

This takes the same arguments as extra_template_vars(...)

Return a list of extra CSS URLs that should be included on the page. These can take advantage of the CSS class hooks described in Custom pages and templates.

This can be a list of URLs:

from datasette import hookimpl


@hookimpl
def extra_css_urls():
    return [
        "https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css"
    ]

Or a list of dictionaries defining both a URL and an SRI hash:

@hookimpl
def extra_css_urls():
    return [
        {
            "url": "https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css",
            "sri": "sha384-9gVQ4dYFwwWSjIDZnLEWnxCjeSWFphJiwGPXr1jddIhOegiu1FwO5qRGvFXOdJZ4",
        }
    ]

This function can also return an awaitable function, useful if it needs to run any async code:

@hookimpl
def extra_css_urls(datasette):
    async def inner():
        db = datasette.get_database()
        results = await db.execute(
            "select url from css_files"
        )
        return [r[0] for r in results]

    return inner

Examples: datasette-cluster-map, datasette-vega

extra_js_urls(template, database, table, columns, view_name, request, datasette)#

This takes the same arguments as extra_template_vars(...)

This works in the same way as extra_css_urls() but for JavaScript. You can return a list of URLs, a list of dictionaries or an awaitable function that returns those things:

from datasette import hookimpl


@hookimpl
def extra_js_urls():
    return [
        {
            "url": "https://code.jquery.com/jquery-3.3.1.slim.min.js",
            "sri": "sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo",
        }
    ]

You can also return URLs to files from your plugin's static/ directory, if you have one:

@hookimpl
def extra_js_urls():
    return ["/-/static-plugins/your-plugin/app.js"]

Note that your-plugin here should be the hyphenated plugin name - the name that is displayed in the list on the /-/plugins debug page.

If your code uses JavaScript modules you should include the "module": True key. See Custom CSS and JavaScript for more details.

@hookimpl
def extra_js_urls():
    return [
        {
            "url": "/-/static-plugins/your-plugin/app.js",
            "module": True,
        }
    ]

Examples: datasette-cluster-map, datasette-vega

extra_body_script(template, database, table, columns, view_name, request, datasette)#

Extra JavaScript to be added to a <script> block at the end of the <body> element on the page.

This takes the same arguments as extra_template_vars(...)

The template, database, table and view_name options can be used to return different code depending on which template is being rendered and which database or table are being processed.

The datasette instance is provided primarily so that you can consult any plugin configuration options that may have been set, using the datasette.plugin_config(plugin_name) method documented above.

This function can return a string containing JavaScript, or a dictionary as described below, or a function or awaitable function that returns a string or dictionary.

Use a dictionary if you want to specify that the code should be placed in a <script type="module">...</script> element:

@hookimpl
def extra_body_script():
    return {
        "module": True,
        "script": "console.log('Your JavaScript goes here...')",
    }

This will add the following to the end of your page:

<script type="module">console.log('Your JavaScript goes here...')</script>

Example: datasette-cluster-map

publish_subcommand(publish)#

publish - Click publish command group

The Click command group for the datasette publish subcommand

This hook allows you to create new providers for the datasette publish command. Datasette uses this hook internally to implement the default cloudrun and heroku subcommands, so you can read their source to see examples of this hook in action.

Let's say you want to build a plugin that adds a datasette publish my_hosting_provider --api_key=xxx mydatabase.db publish command. Your implementation would start like this:

from datasette import hookimpl
from datasette.publish.common import (
    add_common_publish_arguments_and_options,
)
import click


@hookimpl
def publish_subcommand(publish):
    @publish.command()
    @add_common_publish_arguments_and_options
    @click.option(
        "-k",
        "--api_key",
        help="API key for talking to my hosting provider",
    )
    def my_hosting_provider(
        files,
        metadata,
        extra_options,
        branch,
        template_dir,
        plugins_dir,
        static,
        install,
        plugin_secret,
        version_note,
        secret,
        title,
        license,
        license_url,
        source,
        source_url,
        about,
        about_url,
        api_key,
    ):
        ...

Examples: datasette-publish-fly, datasette-publish-vercel

render_cell(row, value, column, table, database, datasette)#

Lets you customize the display of values within table cells in the HTML table view.

row - sqlite.Row

The SQLite row object that the value being rendered is part of

value - string, integer, float, bytes or None

The value that was loaded from the database

column - string

The name of the column being rendered

table - string or None

The name of the table - or None if this is a custom SQL query

database - string

The name of the database

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name), or to execute SQL queries.

If your hook returns None, it will be ignored. Use this to indicate that your hook is not able to custom render this particular value.

If the hook returns a string, that string will be rendered in the table cell.

If you want to return HTML markup you can do so by returning a jinja2.Markup object.

You can also return an awaitable function which returns a value.

Datasette will loop through all available render_cell hooks and display the value returned by the first one that does not return None.

Here is an example of a custom render_cell() plugin which looks for values that are a JSON string matching the following format:

{"href": "https://www.example.com/", "label": "Name"}

If the value matches that pattern, the plugin returns an HTML link element:

from datasette import hookimpl
import markupsafe
import json


@hookimpl
def render_cell(value):
    # Render {"href": "...", "label": "..."} as link
    if not isinstance(value, str):
        return None
    stripped = value.strip()
    if not (
        stripped.startswith("{") and stripped.endswith("}")
    ):
        return None
    try:
        data = json.loads(value)
    except ValueError:
        return None
    if not isinstance(data, dict):
        return None
    if set(data.keys()) != {"href", "label"}:
        return None
    href = data["href"]
    if not (
        href.startswith("/")
        or href.startswith("http://")
        or href.startswith("https://")
    ):
        return None
    return markupsafe.Markup(
        '<a href="{href}">{label}</a>'.format(
            href=markupsafe.escape(data["href"]),
            label=markupsafe.escape(data["label"] or "")
            or "&nbsp;",
        )
    )

Examples: datasette-render-binary, datasette-render-markdown, datasette-json-html

register_output_renderer(datasette)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name)

Registers a new output renderer, to output data in a custom format. The hook function should return a dictionary, or a list of dictionaries, of the following shape:

@hookimpl
def register_output_renderer(datasette):
    return {
        "extension": "test",
        "render": render_demo,
        "can_render": can_render_demo,  # Optional
    }

This will register render_demo to be called when paths with the extension .test (for example /database.test, /database/table.test, or /database/table/row.test) are requested.

render_demo is a Python function. It can be a regular function or an async def render_demo() awaitable function, depending on if it needs to make any asynchronous calls.

can_render_demo is a Python function (or async def function) which acepts the same arguments as render_demo but just returns True or False. It lets Datasette know if the current SQL query can be represented by the plugin - and hence influnce if a link to this output format is displayed in the user interface. If you omit the "can_render" key from the dictionary every query will be treated as being supported by the plugin.

When a request is received, the "render" callback function is called with zero or more of the following arguments. Datasette will inspect your callback function and pass arguments that match its function signature.

datasette - Datasette class

For accessing plugin configuration and executing queries.

columns - list of strings

The names of the columns returned by this query.

rows - list of sqlite3.Row objects

The rows returned by the query.

sql - string

The SQL query that was executed.

query_name - string or None

If this was the execution of a canned query, the name of that query.

database - string

The name of the database.

table - string or None

The table or view, if one is being rendered.

request - Request object

The current HTTP request.

view_name - string

The name of the current view being called. index, database, table, and row are the most important ones.

The callback function can return None, if it is unable to render the data, or a Response class that will be returned to the caller.

It can also return a dictionary with the following keys. This format is deprecated as-of Datasette 0.49 and will be removed by Datasette 1.0.

body - string or bytes, optional

The response body, default empty

content_type - string, optional

The Content-Type header, default text/plain

status_code - integer, optional

The HTTP status code, default 200

headers - dictionary, optional

Extra HTTP headers to be returned in the response.

An example of an output renderer callback function:

def render_demo():
    return Response.text("Hello World")

Here is a more complex example:

async def render_demo(datasette, columns, rows):
    db = datasette.get_database()
    result = await db.execute("select sqlite_version()")
    first_row = " | ".join(columns)
    lines = [first_row]
    lines.append("=" * len(first_row))
    for row in rows:
        lines.append(" | ".join(row))
    return Response(
        "\n".join(lines),
        content_type="text/plain; charset=utf-8",
        headers={"x-sqlite-version": result.first()[0]},
    )

And here is an example can_render function which returns True only if the query results contain the columns atom_id, atom_title and atom_updated:

def can_render_demo(columns):
    return {
        "atom_id",
        "atom_title",
        "atom_updated",
    }.issubset(columns)

Examples: datasette-atom, datasette-ics, datasette-geojson, datasette-copyable

register_routes(datasette)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name)

Register additional view functions to execute for specified URL routes.

Return a list of (regex, view_function) pairs, something like this:

from datasette import hookimpl, Response
import html


async def hello_from(request):
    name = request.url_vars["name"]
    return Response.html(
        "Hello from {}".format(html.escape(name))
    )


@hookimpl
def register_routes():
    return [(r"^/hello-from/(?P<name>.*)$", hello_from)]

The view functions can take a number of different optional arguments. The corresponding argument will be passed to your function depending on its named parameters - a form of dependency injection.

The optional view function arguments are as follows:

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name), or to execute SQL queries.

request - Request object

The current HTTP request.

scope - dictionary

The incoming ASGI scope dictionary.

send - function

The ASGI send function.

receive - function

The ASGI receive function.

The view function can be a regular function or an async def function, depending on if it needs to use any await APIs.

The function can either return a Response class or it can return nothing and instead respond directly to the request using the ASGI send function (for advanced uses only).

It can also raise the datasette.NotFound exception to return a 404 not found error, or the datasette.Forbidden exception for a 403 forbidden.

See Designing URLs for your plugin for tips on designing the URL routes used by your plugin.

Examples: datasette-auth-github, datasette-psutil

register_commands(cli)#

cli - the root Datasette Click command group

Use this to register additional CLI commands

Register additional CLI commands that can be run using datsette yourcommand .... This provides a mechanism by which plugins can add new CLI commands to Datasette.

This example registers a new datasette verify file1.db file2.db command that checks if the provided file paths are valid SQLite databases:

from datasette import hookimpl
import click
import sqlite3


@hookimpl
def register_commands(cli):
    @cli.command()
    @click.argument(
        "files", type=click.Path(exists=True), nargs=-1
    )
    def verify(files):
        "Verify that files can be opened by Datasette"
        for file in files:
            conn = sqlite3.connect(str(file))
            try:
                conn.execute("select * from sqlite_master")
            except sqlite3.DatabaseError:
                raise click.ClickException(
                    "Invalid database: {}".format(file)
                )

The new command can then be executed like so:

datasette verify fixtures.db

Help text (from the docstring for the function plus any defined Click arguments or options) will become available using:

datasette verify --help

Plugins can register multiple commands by making multiple calls to the @cli.command() decorator. Consult the Click documentation for full details on how to build a CLI command, including how to define arguments and options.

Note that register_commands() plugins cannot used with the --plugins-dir mechanism - they need to be installed into the same virtual environment as Datasette using pip install. Provided it has a setup.py file (see Packaging a plugin) you can run pip install directly against the directory in which you are developing your plugin like so:

pip install -e path/to/my/datasette-plugin

Examples: datasette-auth-passwords, datasette-verify

register_facet_classes()#

Return a list of additional Facet subclasses to be registered.

Warning

The design of this plugin hook is unstable and may change. See issue 830.

Each Facet subclass implements a new type of facet operation. The class should look like this:

class SpecialFacet(Facet):
    # This key must be unique across all facet classes:
    type = "special"

    async def suggest(self):
        # Use self.sql and self.params to suggest some facets
        suggested_facets = []
        suggested_facets.append(
            {
                "name": column,  # Or other unique name
                # Construct the URL that will enable this facet:
                "toggle_url": self.ds.absolute_url(
                    self.request,
                    path_with_added_args(
                        self.request, {"_facet": column}
                    ),
                ),
            }
        )
        return suggested_facets

    async def facet_results(self):
        # This should execute the facet operation and return results, again
        # using self.sql and self.params as the starting point
        facet_results = []
        facets_timed_out = []
        facet_size = self.get_facet_size()
        # Do some calculations here...
        for column in columns_selected_for_facet:
            try:
                facet_results_values = []
                # More calculations...
                facet_results_values.append(
                    {
                        "value": value,
                        "label": label,
                        "count": count,
                        "toggle_url": self.ds.absolute_url(
                            self.request, toggle_path
                        ),
                        "selected": selected,
                    }
                )
                facet_results.append(
                    {
                        "name": column,
                        "results": facet_results_values,
                        "truncated": len(facet_rows_results)
                        > facet_size,
                    }
                )
            except QueryInterrupted:
                facets_timed_out.append(column)

        return facet_results, facets_timed_out

See datasette/facets.py for examples of how these classes can work.

The plugin hook can then be used to register the new facet class like this:

@hookimpl
def register_facet_classes():
    return [SpecialFacet]

asgi_wrapper(datasette)#

Return an ASGI middleware wrapper function that will be applied to the Datasette ASGI application.

This is a very powerful hook. You can use it to manipulate the entire Datasette response, or even to configure new URL routes that will be handled by your own custom code.

You can write your ASGI code directly against the low-level specification, or you can use the middleware utilities provided by an ASGI framework such as Starlette.

This example plugin adds a x-databases HTTP header listing the currently attached databases:

from datasette import hookimpl
from functools import wraps


@hookimpl
def asgi_wrapper(datasette):
    def wrap_with_databases_header(app):
        @wraps(app)
        async def add_x_databases_header(
            scope, receive, send
        ):
            async def wrapped_send(event):
                if event["type"] == "http.response.start":
                    original_headers = (
                        event.get("headers") or []
                    )
                    event = {
                        "type": event["type"],
                        "status": event["status"],
                        "headers": original_headers
                        + [
                            [
                                b"x-databases",
                                ", ".join(
                                    datasette.databases.keys()
                                ).encode("utf-8"),
                            ]
                        ],
                    }
                await send(event)

            await app(scope, receive, wrapped_send)

        return add_x_databases_header

    return wrap_with_databases_header

Examples: datasette-cors, datasette-pyinstrument, datasette-total-page-time

startup(datasette)#

This hook fires when the Datasette application server first starts up. You can implement a regular function, for example to validate required plugin configuration:

@hookimpl
def startup(datasette):
    config = datasette.plugin_config("my-plugin") or {}
    assert (
        "required-setting" in config
    ), "my-plugin requires setting required-setting"

Or you can return an async function which will be awaited on startup. Use this option if you need to make any database queries:

@hookimpl
def startup(datasette):
    async def inner():
        db = datasette.get_database()
        if "my_table" not in await db.table_names():
            await db.execute_write(
                """
                create table my_table (mycol text)
            """
            )

    return inner

Potential use-cases:

  • Run some initialization code for the plugin

  • Create database tables that a plugin needs on startup

  • Validate the metadata configuration for a plugin on startup, and raise an error if it is invalid

Note

If you are writing unit tests for a plugin that uses this hook you will need to explicitly call await ds.invoke_startup() in your tests. An example:

@pytest.mark.asyncio
async def test_my_plugin():
    ds = Datasette([], metadata={})
    await ds.invoke_startup()
    # Rest of test goes here

Examples: datasette-saved-queries, datasette-init

canned_queries(datasette, database, actor)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name), or to execute SQL queries.

database - string

The name of the database.

actor - dictionary or None

The currently authenticated actor.

Use this hook to return a dictionary of additional canned query definitions for the specified database. The return value should be the same shape as the JSON described in the canned query documentation.

from datasette import hookimpl


@hookimpl
def canned_queries(datasette, database):
    if database == "mydb":
        return {
            "my_query": {
                "sql": "select * from my_table where id > :min_id"
            }
        }

The hook can alternatively return an awaitable function that returns a list. Here's an example that returns queries that have been stored in the saved_queries database table, if one exists:

from datasette import hookimpl


@hookimpl
def canned_queries(datasette, database):
    async def inner():
        db = datasette.get_database(database)
        if await db.table_exists("saved_queries"):
            results = await db.execute(
                "select name, sql from saved_queries"
            )
            return {
                result["name"]: {"sql": result["sql"]}
                for result in results
            }

    return inner

The actor parameter can be used to include the currently authenticated actor in your decision. Here's an example that returns saved queries that were saved by that actor:

from datasette import hookimpl


@hookimpl
def canned_queries(datasette, database, actor):
    async def inner():
        db = datasette.get_database(database)
        if actor is not None and await db.table_exists(
            "saved_queries"
        ):
            results = await db.execute(
                "select name, sql from saved_queries where actor_id = :id",
                {"id": actor["id"]},
            )
            return {
                result["name"]: {"sql": result["sql"]}
                for result in results
            }

    return inner

Example: datasette-saved-queries

actor_from_request(datasette, request)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name), or to execute SQL queries.

request - Request object

The current HTTP request.

This is part of Datasette's authentication and permissions system. The function should attempt to authenticate an actor (either a user or an API actor of some sort) based on information in the request.

If it cannot authenticate an actor, it should return None. Otherwise it should return a dictionary representing that actor.

Here's an example that authenticates the actor based on an incoming API key:

from datasette import hookimpl
import secrets

SECRET_KEY = "this-is-a-secret"


@hookimpl
def actor_from_request(datasette, request):
    authorization = (
        request.headers.get("authorization") or ""
    )
    expected = "Bearer {}".format(SECRET_KEY)

    if secrets.compare_digest(authorization, expected):
        return {"id": "bot"}

If you install this in your plugins directory you can test it like this:

$ curl -H 'Authorization: Bearer this-is-a-secret' http://localhost:8003/-/actor.json

Instead of returning a dictionary, this function can return an awaitable function which itself returns either None or a dictionary. This is useful for authentication functions that need to make a database query - for example:

from datasette import hookimpl


@hookimpl
def actor_from_request(datasette, request):
    async def inner():
        token = request.args.get("_token")
        if not token:
            return None
        # Look up ?_token=xxx in sessions table
        result = await datasette.get_database().execute(
            "select count(*) from sessions where token = ?",
            [token],
        )
        if result.first()[0]:
            return {"token": token}
        else:
            return None

    return inner

Examples: datasette-auth-tokens, datasette-auth-passwords

filters_from_request(request, database, table, datasette)#

request - Request object

The current HTTP request.

database - string

The name of the database.

table - string

The name of the table.

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name), or to execute SQL queries.

This hook runs on the table page, and can influence the where clause of the SQL query used to populate that page, based on query string arguments on the incoming request.

The hook should return an instance of datasette.filters.FilterArguments which has one required and three optional arguments:

return FilterArguments(
    where_clauses=["id > :max_id"],
    params={"max_id": 5},
    human_descriptions=["max_id is greater than 5"],
    extra_context={},
)

The arguments to the FilterArguments class constructor are as follows:

where_clauses - list of strings, required

A list of SQL fragments that will be inserted into the SQL query, joined by the and operator. These can include :named parameters which will be populated using data in params.

params - dictionary, optional

Additional keyword arguments to be used when the query is executed. These should match any :arguments in the where clauses.

human_descriptions - list of strings, optional

These strings will be included in the human-readable description at the top of the page and the page <title>.

extra_context - dictionary, optional

Additional context variables that should be made available to the table.html template when it is rendered.

This example plugin causes 0 results to be returned if ?_nothing=1 is added to the URL:

from datasette import hookimpl
from datasette.filters import FilterArguments


@hookimpl
def filters_from_request(self, request):
    if request.args.get("_nothing"):
        return FilterArguments(
            ["1 = 0"], human_descriptions=["NOTHING"]
        )

Example: datasette-leaflet-freedraw

permission_allowed(datasette, actor, action, resource)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name), or to execute SQL queries.

actor - dictionary

The current actor, as decided by actor_from_request(datasette, request).

action - string

The action to be performed, e.g. "edit-table".

resource - string or None

An identifier for the individual resource, e.g. the name of the table.

Called to check that an actor has permission to perform an action on a resource. Can return True if the action is allowed, False if the action is not allowed or None if the plugin does not have an opinion one way or the other.

Here's an example plugin which randomly selects if a permission should be allowed or denied, except for view-instance which always uses the default permission scheme instead.

from datasette import hookimpl
import random


@hookimpl
def permission_allowed(action):
    if action != "view-instance":
        # Return True or False at random
        return random.random() > 0.5
    # Returning None falls back to default permissions

This function can alternatively return an awaitable function which itself returns True, False or None. You can use this option if you need to execute additional database queries using await datasette.execute(...).

Here's an example that allows users to view the admin_log table only if their actor id is present in the admin_users table. It aso disallows arbitrary SQL queries for the staff.db database for all users.

@hookimpl
def permission_allowed(datasette, actor, action, resource):
    async def inner():
        if action == "execute-sql" and resource == "staff":
            return False
        if action == "view-table" and resource == (
            "staff",
            "admin_log",
        ):
            if not actor:
                return False
            user_id = actor["id"]
            return await datasette.get_database(
                "staff"
            ).execute(
                "select count(*) from admin_users where user_id = :user_id",
                {"user_id": user_id},
            )

    return inner

See built-in permissions for a full list of permissions that are included in Datasette core.

Example: datasette-permissions-sql

register_magic_parameters(datasette)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name).

Magic parameters can be used to add automatic parameters to canned queries. This plugin hook allows additional magic parameters to be defined by plugins.

Magic parameters all take this format: _prefix_rest_of_parameter. The prefix indicates which magic parameter function should be called - the rest of the parameter is passed as an argument to that function.

To register a new function, return it as a tuple of (string prefix, function) from this hook. The function you register should take two arguments: key and request, where key is the rest_of_parameter portion of the parameter and request is the current Request object.

This example registers two new magic parameters: :_request_http_version returning the HTTP version of the current request, and :_uuid_new which returns a new UUID:

from uuid import uuid4


def uuid(key, request):
    if key == "new":
        return str(uuid4())
    else:
        raise KeyError


def request(key, request):
    if key == "http_version":
        return request.scope["http_version"]
    else:
        raise KeyError


@hookimpl
def register_magic_parameters(datasette):
    return [
        ("request", request),
        ("uuid", uuid),
    ]

forbidden(datasette, request, message)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name), or to render templates or execute SQL queries.

request - Request object

The current HTTP request.

message - string

A message hinting at why the request was forbidden.

Plugins can use this to customize how Datasette responds when a 403 Forbidden error occurs - usually because a page failed a permission check, see Permissions.

If a plugin hook wishes to react to the error, it should return a Response object.

This example returns a redirect to a /-/login page:

from datasette import hookimpl
from urllib.parse import urlencode


@hookimpl
def forbidden(request, message):
    return Response.redirect(
        "/-/login?=" + urlencode({"message": message})
    )

The function can alternatively return an awaitable function if it needs to make any asynchronous method calls. This example renders a template:

from datasette import hookimpl, Response


@hookimpl
def forbidden(datasette):
    async def inner():
        return Response.html(
            await datasette.render_template(
                "render_message.html", request=request
            )
        )

    return inner

handle_exception(datasette, request, exception)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name), or to render templates or execute SQL queries.

request - Request object

The current HTTP request.

exception - Exception

The exception that was raised.

This hook is called any time an unexpected exception is raised. You can use it to record the exception.

If your handler returns a Response object it will be returned to the client in place of the default Datasette error page.

The handler can return a response directly, or it can return return an awaitable function that returns a response.

This example logs an error to Sentry and then renders a custom error page:

from datasette import hookimpl, Response
import sentry_sdk


@hookimpl
def handle_exception(datasette, exception):
    sentry_sdk.capture_exception(exception)

    async def inner():
        return Response.html(
            await datasette.render_template(
                "custom_error.html", request=request
            )
        )

    return inner

Example: datasette-sentry

table_actions(datasette, actor, database, table, request)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name), or to execute SQL queries.

actor - dictionary or None

The currently authenticated actor.

database - string

The name of the database.

table - string

The name of the table.

request - Request object or None

The current HTTP request. This can be None if the request object is not available.

This hook allows table actions to be displayed in a menu accessed via an action icon at the top of the table page. It should return a list of {"href": "...", "label": "..."} menu items.

It can alternatively return an async def awaitable function which returns a list of menu items.

This example adds a new table action if the signed in user is "root":

from datasette import hookimpl


@hookimpl
def table_actions(datasette, actor):
    if actor and actor.get("id") == "root":
        return [
            {
                "href": datasette.urls.path(
                    "/-/edit-schema/{}/{}".format(
                        database, table
                    )
                ),
                "label": "Edit schema for this table",
            }
        ]

Example: datasette-graphql

database_actions(datasette, actor, database, request)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name), or to execute SQL queries.

actor - dictionary or None

The currently authenticated actor.

database - string

The name of the database.

request - Request object

The current HTTP request.

This hook is similar to table_actions(datasette, actor, database, table, request) but populates an actions menu on the database page.

Example: datasette-graphql

skip_csrf(datasette, scope)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name), or to execute SQL queries.

scope - dictionary

The ASGI scope for the incoming HTTP request.

This hook can be used to skip CSRF protection for a specific incoming request. For example, you might have a custom path at /submit-comment which is designed to accept comments from anywhere, whether or not the incoming request originated on the site and has an accompanying CSRF token.

This example will disable CSRF protection for that specific URL path:

from datasette import hookimpl


@hookimpl
def skip_csrf(scope):
    return scope["path"] == "/submit-comment"

If any of the currently active skip_csrf() plugin hooks return True, CSRF protection will be skipped for the request.

get_metadata(datasette, key, database, table)#

datasette - Datasette class

You can use this to access plugin configuration options via datasette.plugin_config(your_plugin_name).

actor - dictionary or None

The currently authenticated actor.

database - string or None

The name of the database metadata is being asked for.

table - string or None

The name of the table.

key - string or None

The name of the key for which data is being asked for.

This hook is responsible for returning a dictionary corresponding to Datasette Metadata. This function is passed the database, table and key which were passed to the upstream internal request for metadata. Regardless, it is important to return a global metadata object, where "databases": [] would be a top-level key. The dictionary returned here, will be merged with, and overwritten by, the contents of the physical metadata.yaml if one is present.

Warning

The design of this plugin hook does not currently provide a mechanism for interacting with async code, and may change in the future. See issue 1384.

@hookimpl
def get_metadata(datasette, key, database, table):
    metadata = {
        "title": "This will be the Datasette landing page title!",
        "description": get_instance_description(datasette),
        "databases": [],
    }
    for db_name, db_data_dict in get_my_database_meta(
        datasette, database, table, key
    ):
        metadata["databases"][db_name] = db_data_dict
    # whatever we return here will be merged with any other plugins using this hook and
    # will be overwritten by a local metadata.yaml if one exists!
    return metadata

Example: datasette-remote-metadata plugin