diff --git a/app/models/formats/ogr.js b/app/models/formats/ogr.js index 3e392907..8f6d1992 100644 --- a/app/models/formats/ogr.js +++ b/app/models/formats/ogr.js @@ -140,11 +140,7 @@ OgrFormat.prototype.toOGR = function(options, out_format, out_filename, callback + " port=" + dbport + " user=" + dbuser + " dbname=" + dbname - + " password=" + dbpass - + " tables=fake" // trick to skip query to geometry_columns (private) - // in turn breaks knowing SRID with gdal-0.10.1: - // http://github.com/CartoDB/CartoDB-SQL-API/issues/110 - + "", + + " password=" + dbpass, '-sql', ogrsql ]; diff --git a/test/acceptance/app.auth.test.js b/test/acceptance/app.auth.test.js index 83e5d75e..bfcda48c 100644 --- a/test/acceptance/app.auth.test.js +++ b/test/acceptance/app.auth.test.js @@ -14,6 +14,11 @@ suite('app.auth', function() { url: "/api/v1/sql?api_key=1234&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('app_auth_test1')", statusCode: 200 } + ,{ + desc: 'valid api key should allow delete in protected tables', + url: "/api/v1/sql?api_key=1234&q=DELETE%20FROM%20private_table%20WHERE%20name%3d'app_auth_test1'", + statusCode: 200 + } ,{ desc: 'invalid api key should NOT allow insert in protected tables', url: "/api/v1/sql?api_key=RAMBO&q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')", diff --git a/test/acceptance/app.test.js b/test/acceptance/app.test.js index 77a0e375..94c33137 100644 --- a/test/acceptance/app.test.js +++ b/test/acceptance/app.test.js @@ -962,7 +962,8 @@ var systemQueriesSuitesToTest = [ 'SELECT * FROM pg_attribute', 'SELECT * FROM PG_attribute', 'SELECT * FROM "pg_attribute"', - 'SELECT a.* FROM untitle_table_4 a,pg_attribute' + 'SELECT a.* FROM untitle_table_4 a,pg_attribute', + 'SELECT * FROM geometry_columns' ], api_key_works: true, no_api_key_works: false diff --git a/test/acceptance/export/kml.js b/test/acceptance/export/kml.js index 6abcdf4a..d74e600b 100644 --- a/test/acceptance/export/kml.js +++ b/test/acceptance/export/kml.js @@ -337,4 +337,53 @@ test('check point coordinates, authenticated', function(done){ }); }); + test('expects 1000 placemarks in public table', function(done){ + var numberOfRowsInPublicTable = 6, + seriesLimit = 200, + expectedRows = numberOfRowsInPublicTable * seriesLimit; + + assert.response(app, { + url: '/api/v1/sql', + data: querystring.stringify({ + q: "SELECT x, untitle_table_4.* FROM untitle_table_4, generate_series(1," + seriesLimit + ") x", + format: 'kml' + }), + headers: {host: 'vizzuality.cartodb.com', 'Content-Type': 'application/x-www-form-urlencoded' }, + method: 'POST' + }, + { + status: 200 + }, + function(res) { + assert.equal(res.body.match(//g).length, expectedRows); + done(); + } + ); + }); + + test('expects 1000 placemarks in private table using the API KEY', function(done){ + var numberOfRowsInPrivateTable = 5, + seriesLimit = 200, + expectedRows = numberOfRowsInPrivateTable * seriesLimit; + + assert.response(app, { + url: '/api/v1/sql', + data: querystring.stringify({ + q: "SELECT x, private_table.* FROM private_table, generate_series(1," + seriesLimit + ") x", + api_key: 1234, + format: 'kml' + }), + headers: {host: 'vizzuality.cartodb.com', 'Content-Type': 'application/x-www-form-urlencoded' }, + method: 'POST' + }, + { + status: 200 + }, + function(res) { + assert.equal(res.body.match(//g).length, expectedRows); + done(); + } + ); + }); + }); diff --git a/test/test.sql b/test/test.sql index 7f3f0d76..292e1f49 100644 --- a/test/test.sql +++ b/test/test.sql @@ -127,6 +127,9 @@ GRANT ALL ON TABLE spatial_ref_sys TO :TESTUSER, :PUBLICUSER; REVOKE ALL ON geometry_columns FROM public; GRANT ALL ON geometry_columns TO :TESTUSER; +GRANT ALL ON geography_columns TO :TESTUSER; +GRANT ALL ON geometry_columns TO :PUBLICUSER; +GRANT ALL ON geography_columns TO :PUBLICUSER; -- For https://github.com/CartoDB/CartoDB-SQL-API/issues/118 DROP TABLE IF EXISTS cpg_test;