Removes tables=fake wadus param in ogr2ogr command so it can go to
geometry_colums view to retrieve the column data type. This requires to grant permissions on geometry_columns and geography_columns to the public user.
This commit is contained in:
parent
7b9dbaf9f7
commit
2e3eeefd0f
@ -140,11 +140,7 @@ OgrFormat.prototype.toOGR = function(options, out_format, out_filename, callback
|
||||
+ " port=" + dbport
|
||||
+ " user=" + dbuser
|
||||
+ " dbname=" + dbname
|
||||
+ " password=" + dbpass
|
||||
+ " tables=fake" // trick to skip query to geometry_columns (private)
|
||||
// in turn breaks knowing SRID with gdal-0.10.1:
|
||||
// http://github.com/CartoDB/CartoDB-SQL-API/issues/110
|
||||
+ "",
|
||||
+ " password=" + dbpass,
|
||||
'-sql', ogrsql
|
||||
];
|
||||
|
||||
|
@ -14,6 +14,11 @@ suite('app.auth', function() {
|
||||
url: "/api/v1/sql?api_key=1234&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('app_auth_test1')",
|
||||
statusCode: 200
|
||||
}
|
||||
,{
|
||||
desc: 'valid api key should allow delete in protected tables',
|
||||
url: "/api/v1/sql?api_key=1234&q=DELETE%20FROM%20private_table%20WHERE%20name%3d'app_auth_test1'",
|
||||
statusCode: 200
|
||||
}
|
||||
,{
|
||||
desc: 'invalid api key should NOT allow insert in protected tables',
|
||||
url: "/api/v1/sql?api_key=RAMBO&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
|
||||
|
@ -962,7 +962,8 @@ var systemQueriesSuitesToTest = [
|
||||
'SELECT * FROM pg_attribute',
|
||||
'SELECT * FROM PG_attribute',
|
||||
'SELECT * FROM "pg_attribute"',
|
||||
'SELECT a.* FROM untitle_table_4 a,pg_attribute'
|
||||
'SELECT a.* FROM untitle_table_4 a,pg_attribute',
|
||||
'SELECT * FROM geometry_columns'
|
||||
],
|
||||
api_key_works: true,
|
||||
no_api_key_works: false
|
||||
|
@ -337,4 +337,53 @@ test('check point coordinates, authenticated', function(done){
|
||||
});
|
||||
});
|
||||
|
||||
test('expects 1000 placemarks in public table', function(done){
|
||||
var numberOfRowsInPublicTable = 6,
|
||||
seriesLimit = 200,
|
||||
expectedRows = numberOfRowsInPublicTable * seriesLimit;
|
||||
|
||||
assert.response(app, {
|
||||
url: '/api/v1/sql',
|
||||
data: querystring.stringify({
|
||||
q: "SELECT x, untitle_table_4.* FROM untitle_table_4, generate_series(1," + seriesLimit + ") x",
|
||||
format: 'kml'
|
||||
}),
|
||||
headers: {host: 'vizzuality.cartodb.com', 'Content-Type': 'application/x-www-form-urlencoded' },
|
||||
method: 'POST'
|
||||
},
|
||||
{
|
||||
status: 200
|
||||
},
|
||||
function(res) {
|
||||
assert.equal(res.body.match(/<Placemark>/g).length, expectedRows);
|
||||
done();
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
test('expects 1000 placemarks in private table using the API KEY', function(done){
|
||||
var numberOfRowsInPrivateTable = 5,
|
||||
seriesLimit = 200,
|
||||
expectedRows = numberOfRowsInPrivateTable * seriesLimit;
|
||||
|
||||
assert.response(app, {
|
||||
url: '/api/v1/sql',
|
||||
data: querystring.stringify({
|
||||
q: "SELECT x, private_table.* FROM private_table, generate_series(1," + seriesLimit + ") x",
|
||||
api_key: 1234,
|
||||
format: 'kml'
|
||||
}),
|
||||
headers: {host: 'vizzuality.cartodb.com', 'Content-Type': 'application/x-www-form-urlencoded' },
|
||||
method: 'POST'
|
||||
},
|
||||
{
|
||||
status: 200
|
||||
},
|
||||
function(res) {
|
||||
assert.equal(res.body.match(/<Placemark>/g).length, expectedRows);
|
||||
done();
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
});
|
||||
|
@ -127,6 +127,9 @@ GRANT ALL ON TABLE spatial_ref_sys TO :TESTUSER, :PUBLICUSER;
|
||||
|
||||
REVOKE ALL ON geometry_columns FROM public;
|
||||
GRANT ALL ON geometry_columns TO :TESTUSER;
|
||||
GRANT ALL ON geography_columns TO :TESTUSER;
|
||||
GRANT ALL ON geometry_columns TO :PUBLICUSER;
|
||||
GRANT ALL ON geography_columns TO :PUBLICUSER;
|
||||
|
||||
-- For https://github.com/CartoDB/CartoDB-SQL-API/issues/118
|
||||
DROP TABLE IF EXISTS cpg_test;
|
||||
|
Loading…
Reference in New Issue
Block a user