Closed torfsen closed 5 years ago
After some debugging, here is what's happening:
reset_db
completely clears the database. This includes all user accounts.package_create
is special, because package_create
allows anonymous access under some circumstances. As a result, the auth logic for package_create
only checks whether a user is given in the context, but not whether that user actually exists. Hence, when ckanapi passes along the site user in the context, package_create
succeeds although that site user doesn't actually exist in the DB anymore.resource_create
always requires an actually existing user, so this call fails because the site user has been removed from the DB by reset_db
.ckanapi.LocalCKAN
instance is created before any action functions are called. This in turn calls LocalCKAN.get_site_username
, which calls CKAN's get_site_user
, which (undocumentedly) recreates the site user if it doesn't exist. Hence authorization for the site user works again (until reset_db
is called the next time).As a workaround, I'm now calling LocalCKAN.get_site_username
after calling reset_db
, and this seems to work fine.
I don't think that this is a problem in CKANAPI, hence I will close this issue.
I'm using
ckanapi.LocalCKAN
for the tests of one of our CKAN extensions, and I'm running into problems when I callckan.tests.helpers.reset_db
inbetween test cases: afterwards, some (but not all) action function calls made via ckanapi raiseNotAuthorized
.Here is a script that reproduces the issue for me (you can probably ignore the setup of the CKAN environment, it's required to be able to run this in a standalone script). The script expects the path of a CKAN INI as a parameter.
The first call to
create_pkg_and_res
works as expected, but the second one (after thereset_db
) raisesNotAuthorized
when callingresource_create
:Interestingly, the second call to
package_create
does not raise an exception.When the
reset_db
call is removed, both calls tocreate_pkg_and_res
succeed.I'm running CKAN 2.7.2 and ckanapi 4.1.