Merge branch 'master' into medusa-improvements

Conflicts: lib/cartodb/server_options.js
2015-02-06 12:01:28 +01:00 · 2015-02-06 12:01:28 +01:00 · 6bd967e9fb
commit 6bd967e9fb
parent c17af23a40 13f5fda1b8
6 changed files with 72 additions and 72 deletions
--- a/docs/Map-API.md
+++ b/docs/Map-API.md
@ -646,6 +646,32 @@ curl -X GET 'https://documentation.cartodb.com/api/v1/map/named/:template_name?a
 }
 ```

+### Use with CartoDB.js
+Named maps can be used with CartoDB.js by specifying a named map in a layer source as follows. Named maps are treated almost the same as other layer source types in most other ways.
+
+```js
+var layerSource = {
+  user_name: '{your_user_name}', 
+  type: 'namedmap', 
+  named_map: { 
+    name: '{template_name}', 
+	layers: [{ 
+	  layer_name: "layer1", 
+      interactivity: "column1, column2, ..." 
+	}] 
+  } 
+}
+
+cartodb.createLayer('map_dom_id',layerSource)
+  .addTo(map_object);
+
+```
+
+[CartoDB.js](http://docs.cartodb.com/cartodb-platform/cartodb-js.html) has methods for accessing your named maps.
+
+1. [layer.setParams()](http://docs.cartodb.com/cartodb-platform/cartodb-js.html#layersetparamskey-value) allows you to change the template variables (in the placeholders object) via JavaScript 
+2. [layer.setAuthToken()](http://docs.cartodb.com/cartodb-platform/cartodb-js.html#layersetauthtokenauthtoken) allows you to set the auth tokens to create the layer
+
 ##Static Maps API

 The Static Maps API can be initiated using both named and anonymous maps using the 'layergroupid' token. The API can be used to create static images of parts of maps and thumbnails for use in web design, graphic design, print, field work, and many other applications that require standard image formats.
--- a/lib/cartodb/api/query_tables_api.js
+++ b/lib/cartodb/api/query_tables_api.js
@ -13,27 +13,6 @@ var affectedTableRegexCache = {

 module.exports = QueryTablesApi;

-QueryTablesApi.prototype.getLastUpdatedTime = function (username, api_key, tableNames, callback) {
-    var sql = 'SELECT EXTRACT(EPOCH FROM max(updated_at)) as max FROM CDB_TableMetadata m WHERE m.tabname = any (ARRAY['+
-        tableNames.map(function(t) { return "'" + t + "'::regclass"; }).join(',') +
-        '])';
-
-    // call sql api
-    sqlApi.query(username, api_key, sql, function(err, rows){
-        if (err){
-            var msg = err.message ? err.message : err;
-            callback(new Error('could not find last updated timestamp: ' + msg));
-            return;
-        }
-        // when the table has not updated_at means it hasn't been changed so a default last_updated is set
-        var last_updated = 0;
-        if(rows.length !== 0) {
-            last_updated = rows[0].max || 0;
-        }
-
-        callback(null, last_updated*1000);
-    });
-};

 QueryTablesApi.prototype.getAffectedTablesInQuery = function (username, options, sql, callback) {

--- a/lib/cartodb/cartodb_windshaft.js
+++ b/lib/cartodb/cartodb_windshaft.js
@ -203,26 +203,11 @@ var CartodbWindshaft = function(serverOptions) {

    /**
     * Helper API to allow per table tile cache (and sql cache) to be invalidated remotely.
-     * TODO: Move?
+     * Keep endpoint for backwards compatibility
     */
    ws.del(serverOptions.base_url + '/flush_cache', function(req, res){
-        if ( req.profiler && req.profiler.statsd_client ) {
-          req.profiler.start('windshaft-cartodb.flush_cache');
-        }
        ws.doCORS(res);
-        Step(
-            function flushCache(){
-                serverOptions.flushCache(req, serverOptions.cache_enabled ? Cache : null, this);
-            },
-            function sendResponse(err, data){
-                if (err){
-                    ws.sendError(res, {error: err.message}, 500, 'DELETE CACHE', err);
-                    //ws.sendResponse(res, [500]);
-                } else {
-                    ws.sendResponse(res, [{status: 'ok'}, 200]);
-                }
-            }
-        );
+        ws.sendResponse(res, [{status: 'ok'}, 200]);
    });

    var healthCheck = new HealthCheck(cartoData, Windshaft.tilelive);
--- a/lib/cartodb/server_options.js
+++ b/lib/cartodb/server_options.js
@ -1,6 +1,5 @@
 var _ = require('underscore');
 var Step = require('step');
-var Cache = require('./cache_validator');
 var QueryTablesApi = require('./api/query_tables_api');
 var crypto = require('crypto');
 var LZMA = require('lzma').LZMA;
@ -853,34 +852,6 @@ module.exports = function(redisPool) {
        );
    };

-    /**
-     * Helper to clear out tile cache on request
-     * @param req
-     * @param callback
-     */
-    me.flushCache = function(req, Cache, callback){
-        var that = this;
-
-        Step(
-            function getParams(){
-                // this is mostly to compute req.params.dbname
-                that.req2params(req, this);
-            },
-            function flushInternalCache(err){
-                // TODO: implement this, see
-                // http://github.com/Vizzuality/Windshaft-cartodb/issues/73
-                return true;
-            },
-            function flushVarnishCache(err){
-                if (err) { callback(err); return; }
-                if(Cache) {
-                  Cache.invalidate_db(req.params.dbname, req.params.table);
-                }
-                callback(null, true);
-            }
-        );
-    };
-
    /*******************************************************************************************************************
     * Private methods
     ******************************************************************************************************************/
--- a/lib/cartodb/template_maps.js
+++ b/lib/cartodb/template_maps.js
@ -44,11 +44,6 @@ function TemplateMaps(redis_pool, opts) {

  // User templates (HASH:tpl_id->tpl_val)
  this.key_usr_tpl = dot.template("map_tpl|{{=it.owner}}");
-
-  // User template locks (HASH:tpl_id->ctime)
-  this.key_usr_tpl_lck = dot.template("map_tpl|{{=it.owner}}|locks");
-
-  this.lock_ttl = this.opts['lock_ttl'] || 5000;
 }

 util.inherits(TemplateMaps, EventEmitter);
--- a/test/acceptance/multilayer.js
+++ b/test/acceptance/multilayer.js
@ -1368,6 +1368,50 @@ suite('multilayer:postgres=' + cdbQueryTablesFromPostgresEnabledValue, function(
    });


+    test("it's not possible to override authorization with a crafted layergroup", function(done) {
+
+        var layergroup =  {
+            version: '1.0.0',
+            layers: [
+                {
+                    options: {
+                        sql: 'select * from test_table_private_1',
+                        cartocss: '#layer { marker-fill:red; }',
+                        cartocss_version: '2.3.0',
+                        interactivity: 'cartodb_id'
+                    }
+                }
+            ],
+            template: {
+                auth: {
+                    method: "open"
+                },
+                name: "open"
+            }
+        };
+
+        assert.response(
+            server,
+            {
+                url: '/api/v1/map?signer=localhost',
+                method: 'POST',
+                headers: {
+                    host: 'localhost',
+                    'Content-Type': 'application/json'
+                },
+                data: JSON.stringify(layergroup)
+            },
+            {
+                status: 403
+            },
+            function(res, err) {
+                assert.ok(res.body.match(/permission denied for relation test_table_private_1/));
+                done();
+            }
+        );
+    });
+
+
    suiteTeardown(function(done) {

        // This test will add map_style records, like