[ckan-dev] Datastore & filestore via API

Mon Aug 13 14:04:16 UTC 2012

> This is the logged error when I try to post a file to the filestore with
> ckan.add_package_resource
> (it creates the resource and its metadata, but the file isn't loaded
> anywhere):
>
> 2012-08-08 15:52:35,186 DEBUG [pylons.controllers.core] Looking for
> u'upload_handle' method to handle the request
> 2012-08-08 15:52:35,187 DEBUG [pylons.controllers.core] Calling
> 'upload_handle' method with keyword args: **{}
> 2012-08-08 15:52:35,194 DEBUG [pylons.controllers.util] Aborting
> request, status: 401, detail: '', headers: None, comment: None
> 2012-08-08 15:52:35,194 DEBUG [pylons.controllers.core] 'upload_handle'
> method raised HTTPException: HTTPUnauthorized (code: 401)
> Traceback (most recent call last):
>    File
> "/home/ckan/pyenv/local/lib/python2.7/site-packages/pylons/controllers/core.py",
> line 107, in _inspect_call
>      result = self._perform_call(func, args)
>    File
> "/home/ckan/pyenv/local/lib/python2.7/site-packages/pylons/controllers/core.py",
> line 60, in _perform_call
>      return func(**args)
>    File "/home/ckan/pyenv/src/ckan/ckan/controllers/storage.py", line
> 133, in upload_handle
>      authorize('POST', BUCKET, label, c.userobj, self.ofs)
>    File "/home/ckan/pyenv/src/ckan/ckan/controllers/storage.py", line
> 99, in authorize
>      abort(401)
>    File "/home/ckan/pyenv/src/ckan/ckan/lib/base.py", line 48, in abort
>      comment=comment)
>    File
> "/home/ckan/pyenv/local/lib/python2.7/site-packages/pylons/controllers/util.py",
> line 196, in abort
>      raise exc.exception
> HTTPUnauthorized: This server could not verify that you are authorized
> to access the document you requested. Either you supplied the wrong
> credentials (e.g., bad password), or your browser does not understand
> how to supply the credentials required.

I'm having a different problem with uploading files using ckanclient, so 
I can't test things, but here's a guess:

This looks like the user whose API key you're supplying is not 
authorized to upload files to the dataset you're trying to upload to.

If you do `paster roles` in the terminal, it'll print out a list of 
roles and a list or rights for each role, like this:

editor              read-site, read-user, create-user, edit, 
create-package, create-group, create-authorization-group, read, file-upload
anon_editor         edit, create-package, create-user, read-user, 
read-site, read, file-upload
reader              read-site, read-user, create-user, read

As you can see in my example, the editor and anon_editor have the 
file-upload right.

Now if you do `paster rights` it'll print all the roles that each user 
has for each object. The logged_in user is a user whose rights apply to 
anyone who is logged in (or supplies an API key with their API post):

paster rights | grep logged_in

User logged_in -> is editor on -> Package my-dataset
User logged_in -> is editor on -> Package warandpeace
User logged_in -> is reader on -> Group david
User logged_in -> is editor on -> System system
User logged_in -> is reader on -> Group roger
User logged_in -> is editor on -> Package annakarenina

In my case, since the logged_in user has the editor role for my-dataset, 
warandpeace and annakarenina, and the editor role includes the 
file-upload right, any logged in user should be authorized to upload 
files to those datasets.

I can also do:

paster rights | grep seanh

to see what specific rights my user account has.

You can find the documentation for all this rights and roles stuff here:

http://docs.ckan.org/en/ckan-1.7.1/authorization.html