Plugin hooks¶
Datasette plugins use plugin hooks to customize Datasette's behavior. These hooks are powered by the pluggy plugin system.
Each plugin can implement one or more hooks using the @hookimpl
decorator against a function named that matches one of the hooks documented on this page.
When you implement a plugin hook you can accept any or all of the parameters that are documented as being passed to that hook.
For example, you can implement the render_cell
plugin hook like this even though the full documented hook signature is render_cell(row, value, column, table, database, datasette)
:
@hookimpl
def render_cell(value, column):
if column == "stars":
return "*" * int(value)
prepare_connection(conn, database, datasette)¶
conn
- sqlite3 connection objectThe connection that is being opened
database
- stringThe name of the database
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
This hook is called when a new SQLite database connection is created. You can use it to register custom SQL functions, aggregates and collations. For example:
from datasette import hookimpl
import random
@hookimpl
def prepare_connection(conn):
conn.create_function(
"random_integer", 2, random.randint
)
This registers a SQL function called random_integer
which takes two
arguments and can be called like this:
select random_integer(1, 10);
Examples: datasette-jellyfish, datasette-jq, datasette-haversine, datasette-rure
prepare_jinja2_environment(env, datasette)¶
env
- jinja2 EnvironmentThe template environment that is being prepared
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
This hook is called with the Jinja2 environment that is used to evaluate Datasette HTML templates. You can use it to do things like register custom template filters, for example:
from datasette import hookimpl
@hookimpl
def prepare_jinja2_environment(env):
env.filters["uppercase"] = lambda u: u.upper()
You can now use this filter in your custom templates like so:
Table name: {{ table|uppercase }}
This function can return an awaitable function if it needs to run any async code.
Examples: datasette-edit-templates
extra_template_vars(template, database, table, columns, view_name, request, datasette)¶
Extra template variables that should be made available in the rendered template context.
template
- stringThe template that is being rendered, e.g.
database.html
database
- string or NoneThe name of the database, or
None
if the page does not correspond to a database (e.g. the root page)table
- string or NoneThe name of the table, or
None
if the page does not correct to a tablecolumns
- list of strings or NoneThe names of the database columns that will be displayed on this page.
None
if the page does not contain a table.view_name
- stringThe name of the view being displayed. (
index
,database
,table
, androw
are the most important ones.)request
- Request object or NoneThe current HTTP request. This can be
None
if the request object is not available.datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
This hook can return one of three different types:
- Dictionary
If you return a dictionary its keys and values will be merged into the template context.
- Function that returns a dictionary
If you return a function it will be executed. If it returns a dictionary those values will will be merged into the template context.
- Function that returns an awaitable function that returns a dictionary
You can also return a function which returns an awaitable function which returns a dictionary.
Datasette runs Jinja2 in async mode, which means you can add awaitable functions to the template scope and they will be automatically awaited when they are rendered by the template.
Here's an example plugin that adds a "user_agent"
variable to the template context containing the current request's User-Agent header:
@hookimpl
def extra_template_vars(request):
return {"user_agent": request.headers.get("user-agent")}
This example returns an awaitable function which adds a list of hidden_table_names
to the context:
@hookimpl
def extra_template_vars(datasette, database):
async def hidden_table_names():
if database:
db = datasette.databases[database]
return {
"hidden_table_names": await db.hidden_table_names()
}
else:
return {}
return hidden_table_names
And here's an example which adds a sql_first(sql_query)
function which executes a SQL statement and returns the first column of the first row of results:
@hookimpl
def extra_template_vars(datasette, database):
async def sql_first(sql, dbname=None):
dbname = (
dbname
or database
or next(iter(datasette.databases.keys()))
)
result = await datasette.execute(dbname, sql)
return result.rows[0][0]
return {"sql_first": sql_first}
You can then use the new function in a template like so:
SQLite version: {{ sql_first("select sqlite_version()") }}
Examples: datasette-search-all, datasette-template-sql
extra_css_urls(template, database, table, columns, view_name, request, datasette)¶
This takes the same arguments as extra_template_vars(...)
Return a list of extra CSS URLs that should be included on the page. These can take advantage of the CSS class hooks described in Custom pages and templates.
This can be a list of URLs:
from datasette import hookimpl
@hookimpl
def extra_css_urls():
return [
"https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css"
]
Or a list of dictionaries defining both a URL and an SRI hash:
@hookimpl
def extra_css_urls():
return [
{
"url": "https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css",
"sri": "sha384-9gVQ4dYFwwWSjIDZnLEWnxCjeSWFphJiwGPXr1jddIhOegiu1FwO5qRGvFXOdJZ4",
}
]
This function can also return an awaitable function, useful if it needs to run any async code:
@hookimpl
def extra_css_urls(datasette):
async def inner():
db = datasette.get_database()
results = await db.execute(
"select url from css_files"
)
return [r[0] for r in results]
return inner
Examples: datasette-cluster-map, datasette-vega
extra_js_urls(template, database, table, columns, view_name, request, datasette)¶
This takes the same arguments as extra_template_vars(...)
This works in the same way as extra_css_urls()
but for JavaScript. You can
return a list of URLs, a list of dictionaries or an awaitable function that returns those things:
from datasette import hookimpl
@hookimpl
def extra_js_urls():
return [
{
"url": "https://code.jquery.com/jquery-3.3.1.slim.min.js",
"sri": "sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo",
}
]
You can also return URLs to files from your plugin's static/
directory, if
you have one:
@hookimpl
def extra_js_urls():
return ["/-/static-plugins/your-plugin/app.js"]
Note that your-plugin
here should be the hyphenated plugin name - the name that is displayed in the list on the /-/plugins
debug page.
If your code uses JavaScript modules you should include the "module": True
key. See Custom CSS and JavaScript for more details.
@hookimpl
def extra_js_urls():
return [
{
"url": "/-/static-plugins/your-plugin/app.js",
"module": True,
}
]
Examples: datasette-cluster-map, datasette-vega
extra_body_script(template, database, table, columns, view_name, request, datasette)¶
Extra JavaScript to be added to a <script>
block at the end of the <body>
element on the page.
This takes the same arguments as extra_template_vars(...)
The template
, database
, table
and view_name
options can be used to return different code depending on which template is being rendered and which database or table are being processed.
The datasette
instance is provided primarily so that you can consult any plugin configuration options that may have been set, using the datasette.plugin_config(plugin_name)
method documented above.
This function can return a string containing JavaScript, or a dictionary as described below, or a function or awaitable function that returns a string or dictionary.
Use a dictionary if you want to specify that the code should be placed in a <script type="module">...</script>
element:
@hookimpl
def extra_body_script():
return {
"module": True,
"script": "console.log('Your JavaScript goes here...')",
}
This will add the following to the end of your page:
<script type="module">console.log('Your JavaScript goes here...')</script>
Example: datasette-cluster-map
publish_subcommand(publish)¶
publish
- Click publish command groupThe Click command group for the
datasette publish
subcommand
This hook allows you to create new providers for the datasette publish
command. Datasette uses this hook internally to implement the default cloudrun
and heroku
subcommands, so you can read
their source
to see examples of this hook in action.
Let's say you want to build a plugin that adds a datasette publish my_hosting_provider --api_key=xxx mydatabase.db
publish command. Your implementation would start like this:
from datasette import hookimpl
from datasette.publish.common import (
add_common_publish_arguments_and_options,
)
import click
@hookimpl
def publish_subcommand(publish):
@publish.command()
@add_common_publish_arguments_and_options
@click.option(
"-k",
"--api_key",
help="API key for talking to my hosting provider",
)
def my_hosting_provider(
files,
metadata,
extra_options,
branch,
template_dir,
plugins_dir,
static,
install,
plugin_secret,
version_note,
secret,
title,
license,
license_url,
source,
source_url,
about,
about_url,
api_key,
): ...
Examples: datasette-publish-fly, datasette-publish-vercel
render_cell(row, value, column, table, database, datasette)¶
Lets you customize the display of values within table cells in the HTML table view.
row
-sqlite.Row
The SQLite row object that the value being rendered is part of
value
- string, integer, float, bytes or NoneThe value that was loaded from the database
column
- stringThe name of the column being rendered
table
- string or NoneThe name of the table - or
None
if this is a custom SQL querydatabase
- stringThe name of the database
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
, or to execute SQL queries.
If your hook returns None
, it will be ignored. Use this to indicate that your hook is not able to custom render this particular value.
If the hook returns a string, that string will be rendered in the table cell.
If you want to return HTML markup you can do so by returning a jinja2.Markup
object.
You can also return an awaitable function which returns a value.
Datasette will loop through all available render_cell
hooks and display the value returned by the first one that does not return None
.
Here is an example of a custom render_cell()
plugin which looks for values that are a JSON string matching the following format:
{"href": "https://www.example.com/", "label": "Name"}
If the value matches that pattern, the plugin returns an HTML link element:
from datasette import hookimpl
import markupsafe
import json
@hookimpl
def render_cell(value):
# Render {"href": "...", "label": "..."} as link
if not isinstance(value, str):
return None
stripped = value.strip()
if not (
stripped.startswith("{") and stripped.endswith("}")
):
return None
try:
data = json.loads(value)
except ValueError:
return None
if not isinstance(data, dict):
return None
if set(data.keys()) != {"href", "label"}:
return None
href = data["href"]
if not (
href.startswith("/")
or href.startswith("http://")
or href.startswith("https://")
):
return None
return markupsafe.Markup(
'<a href="{href}">{label}</a>'.format(
href=markupsafe.escape(data["href"]),
label=markupsafe.escape(data["label"] or "")
or " ",
)
)
Examples: datasette-render-binary, datasette-render-markdown, datasette-json-html
register_output_renderer(datasette)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
Registers a new output renderer, to output data in a custom format. The hook function should return a dictionary, or a list of dictionaries, of the following shape:
@hookimpl
def register_output_renderer(datasette):
return {
"extension": "test",
"render": render_demo,
"can_render": can_render_demo, # Optional
}
This will register render_demo
to be called when paths with the extension .test
(for example /database.test
, /database/table.test
, or /database/table/row.test
) are requested.
render_demo
is a Python function. It can be a regular function or an async def render_demo()
awaitable function, depending on if it needs to make any asynchronous calls.
can_render_demo
is a Python function (or async def
function) which accepts the same arguments as render_demo
but just returns True
or False
. It lets Datasette know if the current SQL query can be represented by the plugin - and hence influnce if a link to this output format is displayed in the user interface. If you omit the "can_render"
key from the dictionary every query will be treated as being supported by the plugin.
When a request is received, the "render"
callback function is called with zero or more of the following arguments. Datasette will inspect your callback function and pass arguments that match its function signature.
datasette
- Datasette classFor accessing plugin configuration and executing queries.
columns
- list of stringsThe names of the columns returned by this query.
rows
- list ofsqlite3.Row
objectsThe rows returned by the query.
sql
- stringThe SQL query that was executed.
query_name
- string or NoneIf this was the execution of a canned query, the name of that query.
database
- stringThe name of the database.
table
- string or NoneThe table or view, if one is being rendered.
request
- Request objectThe current HTTP request.
view_name
- stringThe name of the current view being called.
index
,database
,table
, androw
are the most important ones.
The callback function can return None
, if it is unable to render the data, or a Response class that will be returned to the caller.
It can also return a dictionary with the following keys. This format is deprecated as-of Datasette 0.49 and will be removed by Datasette 1.0.
body
- string or bytes, optionalThe response body, default empty
content_type
- string, optionalThe Content-Type header, default
text/plain
status_code
- integer, optionalThe HTTP status code, default 200
headers
- dictionary, optionalExtra HTTP headers to be returned in the response.
An example of an output renderer callback function:
def render_demo():
return Response.text("Hello World")
Here is a more complex example:
async def render_demo(datasette, columns, rows):
db = datasette.get_database()
result = await db.execute("select sqlite_version()")
first_row = " | ".join(columns)
lines = [first_row]
lines.append("=" * len(first_row))
for row in rows:
lines.append(" | ".join(row))
return Response(
"\n".join(lines),
content_type="text/plain; charset=utf-8",
headers={"x-sqlite-version": result.first()[0]},
)
And here is an example can_render
function which returns True
only if the query results contain the columns atom_id
, atom_title
and atom_updated
:
def can_render_demo(columns):
return {
"atom_id",
"atom_title",
"atom_updated",
}.issubset(columns)
Examples: datasette-atom, datasette-ics, datasette-geojson, datasette-copyable
register_routes(datasette)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
Register additional view functions to execute for specified URL routes.
Return a list of (regex, view_function)
pairs, something like this:
from datasette import hookimpl, Response
import html
async def hello_from(request):
name = request.url_vars["name"]
return Response.html(
"Hello from {}".format(html.escape(name))
)
@hookimpl
def register_routes():
return [(r"^/hello-from/(?P<name>.*)$", hello_from)]
The view functions can take a number of different optional arguments. The corresponding argument will be passed to your function depending on its named parameters - a form of dependency injection.
The optional view function arguments are as follows:
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
, or to execute SQL queries.request
- Request objectThe current HTTP request.
scope
- dictionaryThe incoming ASGI scope dictionary.
send
- functionThe ASGI send function.
receive
- functionThe ASGI receive function.
The view function can be a regular function or an async def
function, depending on if it needs to use any await
APIs.
The function can either return a Response class or it can return nothing and instead respond directly to the request using the ASGI send
function (for advanced uses only).
It can also raise the datasette.NotFound
exception to return a 404 not found error, or the datasette.Forbidden
exception for a 403 forbidden.
See Designing URLs for your plugin for tips on designing the URL routes used by your plugin.
Examples: datasette-auth-github, datasette-psutil
register_commands(cli)¶
cli
- the root Datasette Click command groupUse this to register additional CLI commands
Register additional CLI commands that can be run using datsette yourcommand ...
. This provides a mechanism by which plugins can add new CLI commands to Datasette.
This example registers a new datasette verify file1.db file2.db
command that checks if the provided file paths are valid SQLite databases:
from datasette import hookimpl
import click
import sqlite3
@hookimpl
def register_commands(cli):
@cli.command()
@click.argument(
"files", type=click.Path(exists=True), nargs=-1
)
def verify(files):
"Verify that files can be opened by Datasette"
for file in files:
conn = sqlite3.connect(str(file))
try:
conn.execute("select * from sqlite_master")
except sqlite3.DatabaseError:
raise click.ClickException(
"Invalid database: {}".format(file)
)
The new command can then be executed like so:
datasette verify fixtures.db
Help text (from the docstring for the function plus any defined Click arguments or options) will become available using:
datasette verify --help
Plugins can register multiple commands by making multiple calls to the @cli.command()
decorator. Consult the Click documentation for full details on how to build a CLI command, including how to define arguments and options.
Note that register_commands()
plugins cannot used with the --plugins-dir mechanism - they need to be installed into the same virtual environment as Datasette using pip install
. Provided it has a setup.py
file (see Packaging a plugin) you can run pip install
directly against the directory in which you are developing your plugin like so:
pip install -e path/to/my/datasette-plugin
Examples: datasette-auth-passwords, datasette-verify
register_facet_classes()¶
Return a list of additional Facet subclasses to be registered.
Warning
The design of this plugin hook is unstable and may change. See issue 830.
Each Facet subclass implements a new type of facet operation. The class should look like this:
class SpecialFacet(Facet):
# This key must be unique across all facet classes:
type = "special"
async def suggest(self):
# Use self.sql and self.params to suggest some facets
suggested_facets = []
suggested_facets.append(
{
"name": column, # Or other unique name
# Construct the URL that will enable this facet:
"toggle_url": self.ds.absolute_url(
self.request,
path_with_added_args(
self.request, {"_facet": column}
),
),
}
)
return suggested_facets
async def facet_results(self):
# This should execute the facet operation and return results, again
# using self.sql and self.params as the starting point
facet_results = []
facets_timed_out = []
facet_size = self.get_facet_size()
# Do some calculations here...
for column in columns_selected_for_facet:
try:
facet_results_values = []
# More calculations...
facet_results_values.append(
{
"value": value,
"label": label,
"count": count,
"toggle_url": self.ds.absolute_url(
self.request, toggle_path
),
"selected": selected,
}
)
facet_results.append(
{
"name": column,
"results": facet_results_values,
"truncated": len(facet_rows_results)
> facet_size,
}
)
except QueryInterrupted:
facets_timed_out.append(column)
return facet_results, facets_timed_out
See datasette/facets.py for examples of how these classes can work.
The plugin hook can then be used to register the new facet class like this:
@hookimpl
def register_facet_classes():
return [SpecialFacet]
asgi_wrapper(datasette)¶
Return an ASGI middleware wrapper function that will be applied to the Datasette ASGI application.
This is a very powerful hook. You can use it to manipulate the entire Datasette response, or even to configure new URL routes that will be handled by your own custom code.
You can write your ASGI code directly against the low-level specification, or you can use the middleware utilities provided by an ASGI framework such as Starlette.
This example plugin adds a x-databases
HTTP header listing the currently attached databases:
from datasette import hookimpl
from functools import wraps
@hookimpl
def asgi_wrapper(datasette):
def wrap_with_databases_header(app):
@wraps(app)
async def add_x_databases_header(
scope, receive, send
):
async def wrapped_send(event):
if event["type"] == "http.response.start":
original_headers = (
event.get("headers") or []
)
event = {
"type": event["type"],
"status": event["status"],
"headers": original_headers
+ [
[
b"x-databases",
", ".join(
datasette.databases.keys()
).encode("utf-8"),
]
],
}
await send(event)
await app(scope, receive, wrapped_send)
return add_x_databases_header
return wrap_with_databases_header
Examples: datasette-cors, datasette-pyinstrument, datasette-total-page-time
startup(datasette)¶
This hook fires when the Datasette application server first starts up. You can implement a regular function, for example to validate required plugin configuration:
@hookimpl
def startup(datasette):
config = datasette.plugin_config("my-plugin") or {}
assert (
"required-setting" in config
), "my-plugin requires setting required-setting"
Or you can return an async function which will be awaited on startup. Use this option if you need to make any database queries:
@hookimpl
def startup(datasette):
async def inner():
db = datasette.get_database()
if "my_table" not in await db.table_names():
await db.execute_write(
"""
create table my_table (mycol text)
"""
)
return inner
Potential use-cases:
Run some initialization code for the plugin
Create database tables that a plugin needs on startup
Validate the metadata configuration for a plugin on startup, and raise an error if it is invalid
Note
If you are writing unit tests for a plugin that uses this hook and doesn't exercise Datasette by sending
any simulated requests through it you will need to explicitly call await ds.invoke_startup()
in your tests. An example:
@pytest.mark.asyncio
async def test_my_plugin():
ds = Datasette()
await ds.invoke_startup()
# Rest of test goes here
Examples: datasette-saved-queries, datasette-init
canned_queries(datasette, database, actor)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
, or to execute SQL queries.database
- stringThe name of the database.
actor
- dictionary or NoneThe currently authenticated actor.
Use this hook to return a dictionary of additional canned query definitions for the specified database. The return value should be the same shape as the JSON described in the canned query documentation.
from datasette import hookimpl
@hookimpl
def canned_queries(datasette, database):
if database == "mydb":
return {
"my_query": {
"sql": "select * from my_table where id > :min_id"
}
}
The hook can alternatively return an awaitable function that returns a list. Here's an example that returns queries that have been stored in the saved_queries
database table, if one exists:
from datasette import hookimpl
@hookimpl
def canned_queries(datasette, database):
async def inner():
db = datasette.get_database(database)
if await db.table_exists("saved_queries"):
results = await db.execute(
"select name, sql from saved_queries"
)
return {
result["name"]: {"sql": result["sql"]}
for result in results
}
return inner
The actor parameter can be used to include the currently authenticated actor in your decision. Here's an example that returns saved queries that were saved by that actor:
from datasette import hookimpl
@hookimpl
def canned_queries(datasette, database, actor):
async def inner():
db = datasette.get_database(database)
if actor is not None and await db.table_exists(
"saved_queries"
):
results = await db.execute(
"select name, sql from saved_queries where actor_id = :id",
{"id": actor["id"]},
)
return {
result["name"]: {"sql": result["sql"]}
for result in results
}
return inner
Example: datasette-saved-queries
actor_from_request(datasette, request)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
, or to execute SQL queries.request
- Request objectThe current HTTP request.
This is part of Datasette's authentication and permissions system. The function should attempt to authenticate an actor (either a user or an API actor of some sort) based on information in the request.
If it cannot authenticate an actor, it should return None
. Otherwise it should return a dictionary representing that actor.
Here's an example that authenticates the actor based on an incoming API key:
from datasette import hookimpl
import secrets
SECRET_KEY = "this-is-a-secret"
@hookimpl
def actor_from_request(datasette, request):
authorization = (
request.headers.get("authorization") or ""
)
expected = "Bearer {}".format(SECRET_KEY)
if secrets.compare_digest(authorization, expected):
return {"id": "bot"}
If you install this in your plugins directory you can test it like this:
$ curl -H 'Authorization: Bearer this-is-a-secret' http://localhost:8003/-/actor.json
Instead of returning a dictionary, this function can return an awaitable function which itself returns either None
or a dictionary. This is useful for authentication functions that need to make a database query - for example:
from datasette import hookimpl
@hookimpl
def actor_from_request(datasette, request):
async def inner():
token = request.args.get("_token")
if not token:
return None
# Look up ?_token=xxx in sessions table
result = await datasette.get_database().execute(
"select count(*) from sessions where token = ?",
[token],
)
if result.first()[0]:
return {"token": token}
else:
return None
return inner
Example: datasette-auth-tokens
filters_from_request(request, database, table, datasette)¶
request
- Request objectThe current HTTP request.
database
- stringThe name of the database.
table
- stringThe name of the table.
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
, or to execute SQL queries.
This hook runs on the table page, and can influence the where
clause of the SQL query used to populate that page, based on query string arguments on the incoming request.
The hook should return an instance of datasette.filters.FilterArguments
which has one required and three optional arguments:
return FilterArguments(
where_clauses=["id > :max_id"],
params={"max_id": 5},
human_descriptions=["max_id is greater than 5"],
extra_context={},
)
The arguments to the FilterArguments
class constructor are as follows:
where_clauses
- list of strings, requiredA list of SQL fragments that will be inserted into the SQL query, joined by the
and
operator. These can include:named
parameters which will be populated using data inparams
.params
- dictionary, optionalAdditional keyword arguments to be used when the query is executed. These should match any
:arguments
in the where clauses.human_descriptions
- list of strings, optionalThese strings will be included in the human-readable description at the top of the page and the page
<title>
.extra_context
- dictionary, optionalAdditional context variables that should be made available to the
table.html
template when it is rendered.
This example plugin causes 0 results to be returned if ?_nothing=1
is added to the URL:
from datasette import hookimpl
from datasette.filters import FilterArguments
@hookimpl
def filters_from_request(self, request):
if request.args.get("_nothing"):
return FilterArguments(
["1 = 0"], human_descriptions=["NOTHING"]
)
Example: datasette-leaflet-freedraw
permission_allowed(datasette, actor, action, resource)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
, or to execute SQL queries.actor
- dictionaryThe current actor, as decided by actor_from_request(datasette, request).
action
- stringThe action to be performed, e.g.
"edit-table"
.resource
- string or NoneAn identifier for the individual resource, e.g. the name of the table.
Called to check that an actor has permission to perform an action on a resource. Can return True
if the action is allowed, False
if the action is not allowed or None
if the plugin does not have an opinion one way or the other.
Here's an example plugin which randomly selects if a permission should be allowed or denied, except for view-instance
which always uses the default permission scheme instead.
from datasette import hookimpl
import random
@hookimpl
def permission_allowed(action):
if action != "view-instance":
# Return True or False at random
return random.random() > 0.5
# Returning None falls back to default permissions
This function can alternatively return an awaitable function which itself returns True
, False
or None
. You can use this option if you need to execute additional database queries using await datasette.execute(...)
.
Here's an example that allows users to view the admin_log
table only if their actor id
is present in the admin_users
table. It aso disallows arbitrary SQL queries for the staff.db
database for all users.
@hookimpl
def permission_allowed(datasette, actor, action, resource):
async def inner():
if action == "execute-sql" and resource == "staff":
return False
if action == "view-table" and resource == (
"staff",
"admin_log",
):
if not actor:
return False
user_id = actor["id"]
return await datasette.get_database(
"staff"
).execute(
"select count(*) from admin_users where user_id = :user_id",
{"user_id": user_id},
)
return inner
See built-in permissions for a full list of permissions that are included in Datasette core.
Example: datasette-permissions-sql
register_magic_parameters(datasette)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
.
Magic parameters can be used to add automatic parameters to canned queries. This plugin hook allows additional magic parameters to be defined by plugins.
Magic parameters all take this format: _prefix_rest_of_parameter
. The prefix indicates which magic parameter function should be called - the rest of the parameter is passed as an argument to that function.
To register a new function, return it as a tuple of (string prefix, function)
from this hook. The function you register should take two arguments: key
and request
, where key
is the rest_of_parameter
portion of the parameter and request
is the current Request object.
This example registers two new magic parameters: :_request_http_version
returning the HTTP version of the current request, and :_uuid_new
which returns a new UUID:
from uuid import uuid4
def uuid(key, request):
if key == "new":
return str(uuid4())
else:
raise KeyError
def request(key, request):
if key == "http_version":
return request.scope["http_version"]
else:
raise KeyError
@hookimpl
def register_magic_parameters(datasette):
return [
("request", request),
("uuid", uuid),
]
forbidden(datasette, request, message)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
, or to render templates or execute SQL queries.request
- Request objectThe current HTTP request.
message
- stringA message hinting at why the request was forbidden.
Plugins can use this to customize how Datasette responds when a 403 Forbidden error occurs - usually because a page failed a permission check, see Permissions.
If a plugin hook wishes to react to the error, it should return a Response object.
This example returns a redirect to a /-/login
page:
from datasette import hookimpl
from urllib.parse import urlencode
@hookimpl
def forbidden(request, message):
return Response.redirect(
"/-/login?=" + urlencode({"message": message})
)
The function can alternatively return an awaitable function if it needs to make any asynchronous method calls. This example renders a template:
from datasette import hookimpl, Response
@hookimpl
def forbidden(datasette):
async def inner():
return Response.html(
await datasette.render_template(
"render_message.html", request=request
)
)
return inner
handle_exception(datasette, request, exception)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
, or to render templates or execute SQL queries.request
- Request objectThe current HTTP request.
exception
-Exception
The exception that was raised.
This hook is called any time an unexpected exception is raised. You can use it to record the exception.
If your handler returns a Response
object it will be returned to the client in place of the default Datasette error page.
The handler can return a response directly, or it can return return an awaitable function that returns a response.
This example logs an error to Sentry and then renders a custom error page:
from datasette import hookimpl, Response
import sentry_sdk
@hookimpl
def handle_exception(datasette, exception):
sentry_sdk.capture_exception(exception)
async def inner():
return Response.html(
await datasette.render_template(
"custom_error.html", request=request
)
)
return inner
Example: datasette-sentry
table_actions(datasette, actor, database, table, request)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
, or to execute SQL queries.actor
- dictionary or NoneThe currently authenticated actor.
database
- stringThe name of the database.
table
- stringThe name of the table.
request
- Request object or NoneThe current HTTP request. This can be
None
if the request object is not available.
This hook allows table actions to be displayed in a menu accessed via an action icon at the top of the table page. It should return a list of {"href": "...", "label": "..."}
menu items.
It can alternatively return an async def
awaitable function which returns a list of menu items.
This example adds a new table action if the signed in user is "root"
:
from datasette import hookimpl
@hookimpl
def table_actions(datasette, actor, database, table):
if actor and actor.get("id") == "root":
return [
{
"href": datasette.urls.path(
"/-/edit-schema/{}/{}".format(
database, table
)
),
"label": "Edit schema for this table",
}
]
Example: datasette-graphql
database_actions(datasette, actor, database, request)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
, or to execute SQL queries.actor
- dictionary or NoneThe currently authenticated actor.
database
- stringThe name of the database.
request
- Request objectThe current HTTP request.
This hook is similar to table_actions(datasette, actor, database, table, request) but populates an actions menu on the database page.
Example: datasette-graphql
skip_csrf(datasette, scope)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
, or to execute SQL queries.scope
- dictionaryThe ASGI scope for the incoming HTTP request.
This hook can be used to skip CSRF protection for a specific incoming request. For example, you might have a custom path at /submit-comment
which is designed to accept comments from anywhere, whether or not the incoming request originated on the site and has an accompanying CSRF token.
This example will disable CSRF protection for that specific URL path:
from datasette import hookimpl
@hookimpl
def skip_csrf(scope):
return scope["path"] == "/submit-comment"
If any of the currently active skip_csrf()
plugin hooks return True
, CSRF protection will be skipped for the request.
get_metadata(datasette, key, database, table)¶
datasette
- Datasette classYou can use this to access plugin configuration options via
datasette.plugin_config(your_plugin_name)
.actor
- dictionary or NoneThe currently authenticated actor.
database
- string or NoneThe name of the database metadata is being asked for.
table
- string or NoneThe name of the table.
key
- string or NoneThe name of the key for which data is being asked for.
This hook is responsible for returning a dictionary corresponding to Datasette Metadata. This function is passed the database
, table
and key
which were passed to the upstream internal request for metadata. Regardless, it is important to return a global metadata object, where "databases": []
would be a top-level key. The dictionary returned here, will be merged with, and overwritten by, the contents of the physical metadata.yaml
if one is present.
Warning
The design of this plugin hook does not currently provide a mechanism for interacting with async code, and may change in the future. See issue 1384.
@hookimpl
def get_metadata(datasette, key, database, table):
metadata = {
"title": "This will be the Datasette landing page title!",
"description": get_instance_description(datasette),
"databases": [],
}
for db_name, db_data_dict in get_my_database_meta(
datasette, database, table, key
):
metadata["databases"][db_name] = db_data_dict
# whatever we return here will be merged with any other plugins using this hook and
# will be overwritten by a local metadata.yaml if one exists!
return metadata
Example: datasette-remote-metadata plugin