Check whether we have not right permissions on the read only database

ckan · Aug 29, 2012 · 00a7f80 · 00a7f80
1 parent 0b279e9
commit 00a7f80
Showing 1 changed file with 43 additions and 1 deletion.
diff --git a/ckanext/datastore/plugin.py b/ckanext/datastore/plugin.py
@@ -1,9 +1,15 @@
+import logging
+import pylons
+from sqlalchemy.exc import ProgrammingError
 import ckan.plugins as p
 import ckanext.datastore.logic.action as action
 import ckanext.datastore.logic.auth as auth
 import ckanext.datastore.db as db
 import ckan.logic as logic
 
+log = logging.getLogger(__name__)
+_get_or_bust = logic.get_or_bust
+
 
 class DatastoreException(Exception):
     pass
@@ -28,7 +34,7 @@ def configure(self, config):
         ## to resource dict.  Not using IAction extension as this prevents other plugins
         ## from having a custom resource_read.
 
-        # TODO: check correct pg settings
+        self._check_read_permissions()     
 
         # Make sure actions are cached
         resource_show = p.toolkit.get_action('resource_show')
@@ -60,6 +66,42 @@ def new_resource_show(context, data_dict):
             new_resource_show._datastore_wrapped = True
             logic._actions['resource_show'] = new_resource_show
 
+    def _check_read_permissions(self):
+        '''
+        Check whether the right permissions are set for the read only user.
+        A table is created by the write user to test the read only user.
+        '''
+        write_connection = db._get_engine(None, 
+            {'connection_url': pylons.config['ckan.datastore_write_url']}).connect()
+        write_connection.execute("CREATE TABLE foo (id INTEGER NOT NULL, name VARCHAR)")
+
+        read_connection = db._get_engine(None, 
+            {'connection_url': pylons.config['ckan.datastore_read_url']}).connect()
+        read_trans = read_connection.begin()
+
+        statements = [
+            "CREATE TABLE bar (id INTEGER NOT NULL, name VARCHAR)", 
+            "INSERT INTO foo VALUES (1, 'okfn')"
+        ]
+
+        try:
+            for sql in statements:
+                read_trans = read_connection.begin()
+                try:
+                    read_connection.execute(sql)
+                except ProgrammingError, e:
+                    if 'permission denied' not in str(e):
+                        raise
+                else:
+                    log.info("Connection url {}"
+                        .format(pylons.config['ckan.datastore_read_url']))
+                    raise Exception("Write permissions on read-only database.")
+                finally:
+                    read_trans.rollback()
+        except Exception:
+            raise
+        finally:
+            write_connection.execute("DROP TABLE foo")
 
     def get_actions(self):
         available_actions = {'datastore_create': action.datastore_create,