Make public PostgreSQL user name a configuration parameter
Closes #56. Updates documentation and tests and example config files
This commit is contained in:
parent
2abb136258
commit
8d2347af99
1
NEWS.md
1
NEWS.md
@ -3,6 +3,7 @@
|
||||
* Still set a meaningful X-Cache-Channel with cache_policy=persist (#105)
|
||||
* Fix wrong projection in KML exports for manually altered tables (#116)
|
||||
* Set KML folder name to the requested filename (#115)
|
||||
* Make public PostgreSQL user name a configuration parameter (#56)
|
||||
|
||||
1.6.0 - 2013-10-02
|
||||
------------------
|
||||
|
@ -38,7 +38,8 @@ Make sure redis is running and knows about active cartodb user.
|
||||
|
||||
Make sure your PostgreSQL server is running, is accessible on
|
||||
the host and port specified in the <environment> file, has
|
||||
a 'publicuser' role and trusts user authentication from localhost
|
||||
a 'publicuser' role (or whatever you set ``db_pubuser`` configuration
|
||||
directive to) and trusts user authentication from localhost
|
||||
connections.
|
||||
|
||||
``` bash
|
||||
|
@ -38,6 +38,9 @@ var express = require('express')
|
||||
, formats = require(global.settings.app_root + '/app/models/formats')
|
||||
;
|
||||
|
||||
// Set default configuration
|
||||
global.settings.db_pubuser = global.settings.db_pubuser || "publicuser";
|
||||
|
||||
var tableCache = LRU({
|
||||
// store no more than these many items in the cache
|
||||
max: global.settings.tableCacheMax || 8192,
|
||||
|
@ -14,7 +14,7 @@ var bakingExports = {};
|
||||
function userid_to_dbuser(user_id) {
|
||||
if ( _.isString(user_id) )
|
||||
return _.template(global.settings.db_user, {user_id: user_id});
|
||||
return "publicuser" // FIXME: make configurable
|
||||
return global.settings.db_pubuser;
|
||||
};
|
||||
|
||||
|
||||
|
@ -87,7 +87,7 @@ var PSQL = function(user_id, db) {
|
||||
if (!_.isString(user_id) && !_.isString(db)) throw new Error(error_text);
|
||||
|
||||
var me = {
|
||||
public_user: "publicuser"
|
||||
public_user: global.settings.db_pubuser
|
||||
, user_id: user_id
|
||||
, db: db
|
||||
};
|
||||
|
@ -6,6 +6,8 @@ module.exports.node_socket_timeout = 600000;
|
||||
module.exports.environment = 'development';
|
||||
module.exports.db_base_name = 'cartodb_dev_user_<%= user_id %>_db';
|
||||
module.exports.db_user = 'development_cartodb_user_<%= user_id %>';
|
||||
// Name of the anonymous PostgreSQL user
|
||||
module.exports.db_pubuser = 'publicuser';
|
||||
module.exports.db_host = 'localhost';
|
||||
module.exports.db_port = '5432';
|
||||
// Max database connections in the pool
|
||||
|
@ -6,6 +6,8 @@ module.exports.node_socket_timeout = 600000;
|
||||
module.exports.environment = 'production';
|
||||
module.exports.db_base_name = 'cartodb_user_<%= user_id %>_db';
|
||||
module.exports.db_user = 'cartodb_user_<%= user_id %>';
|
||||
// Name of the anonymous PostgreSQL user
|
||||
module.exports.db_pubuser = 'publicuser';
|
||||
module.exports.db_host = 'localhost';
|
||||
module.exports.db_port = '6432';
|
||||
// Max database connections in the pool
|
||||
|
@ -6,6 +6,8 @@ module.exports.node_socket_timeout = 600000;
|
||||
module.exports.environment = 'staging';
|
||||
module.exports.db_base_name = 'cartodb_staging_user_<%= user_id %>_db';
|
||||
module.exports.db_user = 'cartodb_staging_user_<%= user_id %>';
|
||||
// Name of the anonymous PostgreSQL user
|
||||
module.exports.db_pubuser = 'publicuser';
|
||||
module.exports.db_host = 'localhost';
|
||||
module.exports.db_port = '6432';
|
||||
// Max database connections in the pool
|
||||
|
@ -6,6 +6,8 @@ module.exports.node_socket_timeout = 600000;
|
||||
module.exports.environment = 'test';
|
||||
module.exports.db_base_name = 'cartodb_test_user_<%= user_id %>_db';
|
||||
module.exports.db_user = 'test_cartodb_user_<%= user_id %>';
|
||||
// Name of the anonymous PostgreSQL user
|
||||
module.exports.db_pubuser = 'publicuser';
|
||||
module.exports.db_host = 'localhost';
|
||||
module.exports.db_port = '5432';
|
||||
// Max database connections in the pool
|
||||
|
@ -17,6 +17,9 @@ PGHOST=`grep \.db_host ${TESTENV} | sed "s/.*= *'\([^']*\)'.*/\1/"`
|
||||
echo "PGHOST: [$PGHOST]"
|
||||
PGPORT=`grep \.db_port ${TESTENV} | sed "s/.*=[\t ]*'\([^']*\)'.*/\1/"`
|
||||
echo "PGPORT: [$PGPORT]"
|
||||
public_user=`grep \.db_pubuser ${TESTENV} | sed "s/.*= *'\([^']*\)'.*/\1/"`
|
||||
[ -z "${public_user}" ] && public_user=publicuser
|
||||
echo "PUBLICUSER: [${public_user}]"
|
||||
|
||||
|
||||
TEST_DB="cartodb_test_user_1_db"
|
||||
@ -33,7 +36,7 @@ die() {
|
||||
echo "preparing postgres..."
|
||||
dropdb ${TEST_DB} # 2> /dev/null # error expected if doesn't exist, but not otherwise
|
||||
createdb -Ttemplate_postgis -EUTF8 ${TEST_DB} || die "Could not create test database"
|
||||
psql -f test.sql ${TEST_DB}
|
||||
cat test.sql | sed "s/:PUBLICUSER/${public_user}/" | psql ${TEST_DB}
|
||||
psql -f support/CDB_QueryStatements.sql ${TEST_DB}
|
||||
psql -f support/CDB_QueryTables.sql ${TEST_DB}
|
||||
|
||||
|
@ -112,15 +112,15 @@ CREATE INDEX test_table_the_geom_webmercator_idx_p ON private_table USING gist (
|
||||
|
||||
|
||||
|
||||
CREATE USER publicuser WITH PASSWORD '';
|
||||
CREATE USER :PUBLICUSER WITH PASSWORD '';
|
||||
CREATE USER test_cartodb_user_1 WITH PASSWORD '';
|
||||
|
||||
GRANT ALL ON TABLE untitle_table_4 TO test_cartodb_user_1;
|
||||
GRANT SELECT ON TABLE untitle_table_4 TO publicuser;
|
||||
GRANT SELECT ON TABLE untitle_table_4 TO :PUBLICUSER;
|
||||
GRANT ALL ON TABLE private_table TO test_cartodb_user_1;
|
||||
GRANT ALL ON SEQUENCE test_table_cartodb_id_seq_p TO test_cartodb_user_1;
|
||||
|
||||
GRANT ALL ON TABLE spatial_ref_sys TO test_cartodb_user_1, publicuser;
|
||||
GRANT ALL ON TABLE spatial_ref_sys TO test_cartodb_user_1, :PUBLICUSER;
|
||||
|
||||
REVOKE ALL ON geometry_columns FROM public;
|
||||
GRANT ALL ON geometry_columns TO test_cartodb_user_1;
|
||||
|
@ -4,6 +4,8 @@ var _ = require('underscore')
|
||||
, PSQL = require('../../app/models/psql')
|
||||
, assert = require('assert');
|
||||
|
||||
var public_user = global.settings.db_pubuser;
|
||||
|
||||
suite('psql', function() {
|
||||
|
||||
test('test throws error if no args passed to constructor', function(){
|
||||
@ -28,7 +30,7 @@ test('test instantiate with just db constructor', function(){
|
||||
|
||||
test('test username returns default user if not set', function(){
|
||||
var pg = new PSQL(null, 'my_database');
|
||||
assert.equal(pg.username(), "publicuser");
|
||||
assert.equal(pg.username(), public_user);
|
||||
});
|
||||
|
||||
test('test username returns interpolated user if set', function(){
|
||||
@ -76,9 +78,9 @@ test('test private user can execute INSERT on db', function(done){
|
||||
});
|
||||
});
|
||||
|
||||
test('test publicuser can execute SELECT on enabled tables', function(done){
|
||||
test('test public user can execute SELECT on enabled tables', function(done){
|
||||
var pg = new PSQL("1");
|
||||
var sql = "DROP TABLE IF EXISTS distributors2; CREATE TABLE distributors2 (id integer, name varchar(40), UNIQUE(name)); GRANT SELECT ON distributors2 TO publicuser;";
|
||||
var sql = "DROP TABLE IF EXISTS distributors2; CREATE TABLE distributors2 (id integer, name varchar(40), UNIQUE(name)); GRANT SELECT ON distributors2 TO " + public_user + ";";
|
||||
pg.query(sql, function(err, result){
|
||||
pg = new PSQL(null, 'cartodb_test_user_1_db');
|
||||
pg.query("SELECT count(*) FROM distributors2", function(err, result){
|
||||
@ -88,9 +90,9 @@ test('test publicuser can execute SELECT on enabled tables', function(done){
|
||||
});
|
||||
});
|
||||
|
||||
test('test publicuser cannot execute INSERT on db', function(done){
|
||||
test('test public user cannot execute INSERT on db', function(done){
|
||||
var pg = new PSQL("1");
|
||||
var sql = "DROP TABLE IF EXISTS distributors3; CREATE TABLE distributors3 (id integer, name varchar(40), UNIQUE(name)); GRANT SELECT ON distributors3 TO publicuser;";
|
||||
var sql = "DROP TABLE IF EXISTS distributors3; CREATE TABLE distributors3 (id integer, name varchar(40), UNIQUE(name)); GRANT SELECT ON distributors3 TO " + public_user + ";";
|
||||
pg.query(sql, function(err, result){
|
||||
|
||||
pg = new PSQL(null, 'cartodb_test_user_1_db'); //anonymous user
|
||||
|
Loading…
Reference in New Issue
Block a user