From a37213d7a65036aa87783c0d2b0fbacd17c4ca17 Mon Sep 17 00:00:00 2001 From: joetsoi Date: Mon, 16 Dec 2013 13:05:37 +0000 Subject: [PATCH] [#1374] fix datastore _read_connection_has_correct_privileges remove the read connection, and use the write connection with the username of the read connection to test if the priviliges are correct --- ckanext/datastore/plugin.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/ckanext/datastore/plugin.py b/ckanext/datastore/plugin.py index a99eedc4076..6df49d3dd07 100644 --- a/ckanext/datastore/plugin.py +++ b/ckanext/datastore/plugin.py @@ -1,5 +1,7 @@ import logging +import sqlalchemy.engine.url as sa_url + import ckan.plugins as p import ckanext.datastore.logic.action as action import ckanext.datastore.logic.auth as auth @@ -190,8 +192,7 @@ def _read_connection_has_correct_privileges(self): ''' write_connection = db._get_engine( {'connection_url': self.write_url}).connect() - read_connection = db._get_engine( - {'connection_url': self.read_url}).connect() + read_connection_user = sa_url.make_url(self.read_url).username drop_foo_sql = u'DROP TABLE IF EXISTS _foo' @@ -199,18 +200,18 @@ def _read_connection_has_correct_privileges(self): try: try: - write_connection.execute(u'CREATE TABLE _foo ()') + write_connection.execute(u'CREATE TEMP TABLE _foo ()') for privilege in ['INSERT', 'UPDATE', 'DELETE']: - test_privilege_sql = u"SELECT has_table_privilege('_foo', '{privilege}')" - sql = test_privilege_sql.format(privilege=privilege) - have_privilege = read_connection.execute(sql).first()[0] + test_privilege_sql = u"SELECT has_table_privilege('{user}', '_foo', '{privilege}')" + sql = test_privilege_sql.format(user=read_connection_user, + privilege=privilege) + have_privilege = write_connection.execute(sql).first()[0] if have_privilege: return False finally: write_connection.execute(drop_foo_sql) finally: write_connection.close() - read_connection.close() return True def _create_alias_table(self):