[ckan-dev] DataStore permission problems

Florian.Brucker at it.karlsruhe.de Florian.Brucker at it.karlsruhe.de
Wed Jun 14 15:21:54 UTC 2017


Dear Matt,

it is indeed a private dataset. Querying a public dataset works as 
expected. Thanks for the tip!

IMHO it might be acceptable if I cannot query private resources via the 
DataStore API (even if I own them and have authenticated myself using my 
API-key), but in that case I should get a meaningful, permissions-related 
error and not a 500. I've updated the issue you've linked to (
https://github.com/ckan/ckan/issues/1954).


Best regards,
Florian



"ckan-dev" <ckan-dev-bounces at lists.okfn.org> schrieb am 14.06.2017 
15:21:45:

> Von: Matthew Fullerton <matt.fullerton at gmail.com>
> An: CKAN Development Discussions <ckan-dev at lists.okfn.org>, 
> Datum: 14.06.2017 15:22
> Betreff: Re: [ckan-dev] DataStore permission problems
> Gesendet von: "ckan-dev" <ckan-dev-bounces at lists.okfn.org>
> 
> Dear Florian,
> Is it a private dataset?
> 
> https://lists.okfn.org/pipermail/ckan-dev/2017-February/010781.html
> 
> -Matt
> 
> On 14 June 2017 at 14:26, <Florian.Brucker at it.karlsruhe.de> wrote:
> Hello everybody, 
> 
> I'm running into permission problems when trying to get information 
> about a resource via the DataStore API. 
> 
> The resource in question has successfully been uploaded to the 
> DataStore via the DataPusher as I can see from the "DataStore" tab 
> when editing the resource. However, when I try to query the 
> DataStore about the resource via the API I get an internal server 
> error (HTTP 500): 
> 
> 
> $ http POST https://transparenz.karlsruhe.de/api/3/action/datastore_info
> id=50b5a6e3-76ee-43e1-908d-b6dd63e77b5d Authorization:XXX 
> 
> HTTP/1.1 500 Internal Server Error 
> Connection: keep-alive 
> Content-Length: 175 
> Content-Type: text/html; charset=utf8 
> Date: Wed, 14 Jun 2017 12:08:44 GMT 
> Server: nginx/1.11.2 
> Strict-Transport-Security: max-age=31536000 
> Vary: X-Forwarded-Proto,X-Forwarded-Port 
> 
>     <html> 
>     <head> 
>     <title>Server Error</title> 
>     
>     </head> 
>     <body> 
>     <h1>Server Error</h1> 
>     An internal server error occurred 
>     
>     </body> 
>     </html> 
> 
> 
> The Apache logs then say 
> 
> 
> Error - <class 'sqlalchemy.exc.ProgrammingError'>: 
> (ProgrammingError) permission denied for relation 
> 50b5a6e3-76ee-43e1-908d-b6dd63e77b5d 
>  '\\n            SELECT count(_id) FROM "50b5a6e3-76ee-43e1-908d-
> b6dd63e77b5d";\\n        ' {} 
> 
> 
> I have set the database permissions as described in the 
> documentation via "paster datastore set-permissions ...". psql tells me: 

> 
> 
> postgres=# \l datastore_default 
>                                             Liste der Datenbanken 
>        Name        |  Eigentümer  | Kodierung | Sortierfolge | 
> Zeichentyp  |       Zugriffsprivilegien         
> -------------------+--------------+-----------+--------------
> +-------------+---------------------------------- 
>  datastore_default | ckan_default | UTF8      | en_US.UTF-8  | 
> en_US.UTF-8 | ckan_default=CTc/ckan_default   + 
>                    |              |           |              |      
>       | =Tc/ckan_default                + 
>                    |              |           |              |      
>       | datastore_default=c/ckan_default 
> 
> 
> 
> Finally, in my production.ini I have 
> 
> 
> ckan.datastore.write_url = postgresql://
> ckan_default:XXX at transparenz.karlsruhe.de/datastore_default 
> ckan.datastore.read_url = postgresql://
> datastore_default:XXX at transparenz.karlsruhe.de/datastore_default 
> 
> 
> This is on CKAN 2.6.2 and PostgreSQL 9.5. 
> 
> Any ideas what could be the problem? 
> 
> 
> Best regards, 
> Florian 
> 
> 
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev

> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20170614/6e79841a/attachment-0003.html>


More information about the ckan-dev mailing list