[ckan-dev] DataStore permission problems
Florian.Brucker at it.karlsruhe.de
Florian.Brucker at it.karlsruhe.de
Wed Jun 14 15:21:54 UTC 2017
Dear Matt,
it is indeed a private dataset. Querying a public dataset works as
expected. Thanks for the tip!
IMHO it might be acceptable if I cannot query private resources via the
DataStore API (even if I own them and have authenticated myself using my
API-key), but in that case I should get a meaningful, permissions-related
error and not a 500. I've updated the issue you've linked to (
https://github.com/ckan/ckan/issues/1954).
Best regards,
Florian
"ckan-dev" <ckan-dev-bounces at lists.okfn.org> schrieb am 14.06.2017
15:21:45:
> Von: Matthew Fullerton <matt.fullerton at gmail.com>
> An: CKAN Development Discussions <ckan-dev at lists.okfn.org>,
> Datum: 14.06.2017 15:22
> Betreff: Re: [ckan-dev] DataStore permission problems
> Gesendet von: "ckan-dev" <ckan-dev-bounces at lists.okfn.org>
>
> Dear Florian,
> Is it a private dataset?
>
> https://lists.okfn.org/pipermail/ckan-dev/2017-February/010781.html
>
> -Matt
>
> On 14 June 2017 at 14:26, <Florian.Brucker at it.karlsruhe.de> wrote:
> Hello everybody,
>
> I'm running into permission problems when trying to get information
> about a resource via the DataStore API.
>
> The resource in question has successfully been uploaded to the
> DataStore via the DataPusher as I can see from the "DataStore" tab
> when editing the resource. However, when I try to query the
> DataStore about the resource via the API I get an internal server
> error (HTTP 500):
>
>
> $ http POST https://transparenz.karlsruhe.de/api/3/action/datastore_info
> id=50b5a6e3-76ee-43e1-908d-b6dd63e77b5d Authorization:XXX
>
> HTTP/1.1 500 Internal Server Error
> Connection: keep-alive
> Content-Length: 175
> Content-Type: text/html; charset=utf8
> Date: Wed, 14 Jun 2017 12:08:44 GMT
> Server: nginx/1.11.2
> Strict-Transport-Security: max-age=31536000
> Vary: X-Forwarded-Proto,X-Forwarded-Port
>
> <html>
> <head>
> <title>Server Error</title>
>
> </head>
> <body>
> <h1>Server Error</h1>
> An internal server error occurred
>
> </body>
> </html>
>
>
> The Apache logs then say
>
>
> Error - <class 'sqlalchemy.exc.ProgrammingError'>:
> (ProgrammingError) permission denied for relation
> 50b5a6e3-76ee-43e1-908d-b6dd63e77b5d
> '\\n SELECT count(_id) FROM "50b5a6e3-76ee-43e1-908d-
> b6dd63e77b5d";\\n ' {}
>
>
> I have set the database permissions as described in the
> documentation via "paster datastore set-permissions ...". psql tells me:
>
>
> postgres=# \l datastore_default
> Liste der Datenbanken
> Name | Eigentümer | Kodierung | Sortierfolge |
> Zeichentyp | Zugriffsprivilegien
> -------------------+--------------+-----------+--------------
> +-------------+----------------------------------
> datastore_default | ckan_default | UTF8 | en_US.UTF-8 |
> en_US.UTF-8 | ckan_default=CTc/ckan_default +
> | | | |
> | =Tc/ckan_default +
> | | | |
> | datastore_default=c/ckan_default
>
>
>
> Finally, in my production.ini I have
>
>
> ckan.datastore.write_url = postgresql://
> ckan_default:XXX at transparenz.karlsruhe.de/datastore_default
> ckan.datastore.read_url = postgresql://
> datastore_default:XXX at transparenz.karlsruhe.de/datastore_default
>
>
> This is on CKAN 2.6.2 and PostgreSQL 9.5.
>
> Any ideas what could be the problem?
>
>
> Best regards,
> Florian
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20170614/6e79841a/attachment-0003.html>
More information about the ckan-dev
mailing list