[#652] We have to wrap the GRANT/REVOKE in a transaction to make it work

ckan · Apr 23, 2013 · 43c578e · 43c578e
1 parent c626c00
commit 43c578e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 9 deletions.
diff --git a/ckanext/datastore/db.py b/ckanext/datastore/db.py
@@ -1146,6 +1146,7 @@ def _get_read_only_user(data_dict):
 
 
 def _change_privilege(context, data_dict, what):
+    ''' We need a transaction for this code to work '''
     read_only_user = _get_read_only_user(data_dict)
     if what == 'REVOKE':
         sql = u'REVOKE SELECT ON TABLE "{0}" FROM "{1}"'.format(
@@ -1177,8 +1178,10 @@ def make_private(context, data_dict):
         data_dict['resource_id']))
     engine = _get_engine(context, data_dict)
     context['connection'] = engine.connect()
+    trans = context['connection'].begin()
     try:
         _change_privilege(context, data_dict, 'REVOKE')
+        trans.commit()
     finally:
         context['connection'].close()
 
@@ -1188,7 +1191,9 @@ def make_public(context, data_dict):
         data_dict['resource_id']))
     engine = _get_engine(context, data_dict)
     context['connection'] = engine.connect()
+    trans = context['connection'].begin()
     try:
         _change_privilege(context, data_dict, 'GRANT')
+        trans.commit()
     finally:
         context['connection'].close()
diff --git a/ckanext/datastore/tests/test_search.py b/ckanext/datastore/tests/test_search.py
@@ -571,15 +571,6 @@ def test_read_private(self):
             'resource_id': self.data['resource_id'],
             'connection_url': config['ckan.datastore.write_url']}
         p.toolkit.get_action('datastore_make_private')(context, data_dict)
-        '''
-        data = {'resource_id': self.data['resource_id']}
-        postparams = json.dumps(data)
-        auth = {'Authorization': str(self.sysadmin_user.apikey)}
-        res = self.app.post('/api/action/datastore_make_private', params=postparams,
-                            extra_environ=auth)
-        res_dict = json.loads(res.body)
-        assert res_dict['success'] is True
-        '''
         query = 'SELECT * FROM "{0}"'.format(self.data['resource_id'])
         data = {'sql': query}
         postparams = json.dumps(data)
@@ -589,3 +580,6 @@ def test_read_private(self):
         res_dict = json.loads(res.body)
         assert res_dict['success'] is False
         assert res_dict['error']['__type'] == 'Authorization Error'
+
+        # make it public for the other tests
+        p.toolkit.get_action('datastore_make_public')(context, data_dict)