Mercurial > hg > ChinaGisRestApi

changeset 33:355b1fa2d78f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added meta permissions check
author casties
date Tue, 31 Aug 2010 14:20:24 +0200
parents c732c2ff61d9
children c237699c4752
files RestDbInterface.py
diffstat 1 files changed, 21 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/RestDbInterface.py	Tue Aug 31 11:47:46 2010 +0200
+++ b/RestDbInterface.py	Tue Aug 31 14:20:24 2010 +0200
@@ -164,6 +164,15 @@
             cur.close()
             return None
 
+    def checkTableMetaPermission(self,action,schema,table,user=None):
+        """returns if the requested action on the table is allowed"""
+        logging.debug("checktablemetapermissions action=%s schema=%s table=%s user=%s"%(action,schema,table,user))
+        if user is None:
+            user = self.REQUEST.get('AUTHENTICATED_USER',None)
+        logging.debug("user=%s"%user)
+        # TODO: what now?
+        return True
+
     def setTableMetaTypes(self,schema,table,fields):
         """sets the GIS meta information for table"""
         logging.debug("settablemetatypes schema=%s, table=%s, fields=%s"%(schema,table,fields))
@@ -423,13 +432,18 @@
                 
             sqlFields.append({'name':name, 'type':type, 'sqltype':sqltype})
             
-        self.executeSQL('drop table if exists "%s"."%s"'%(schema,table),hasResult=False)
-        fieldString = ", ".join(['"%s" %s'%(f['name'],f['sqltype']) for f in sqlFields])
-        sqlString = 'create table "%s"."%s" (%s)'%(schema,table,fieldString)
-        logging.debug("createemptytable: SQL=%s"%sqlString)
-        self.executeSQL(sqlString,hasResult=False)
-        self.setTableMetaTypes(schema,table,sqlFields)
-        return sqlFields
+        if self.checkTableMetaPermission("create", schema, table):
+            self.executeSQL('drop table if exists "%s"."%s"'%(schema,table),hasResult=False)
+            fieldString = ", ".join(['"%s" %s'%(f['name'],f['sqltype']) for f in sqlFields])
+            sqlString = 'create table "%s"."%s" (%s)'%(schema,table,fieldString)
+            logging.debug("createemptytable: SQL=%s"%sqlString)
+            self.executeSQL(sqlString,hasResult=False)
+            self.setTableMetaTypes(schema,table,sqlFields)
+            return sqlFields
+        else:
+            logging.warning("create table not allowed!")
+            # throw exception?
+            return None
     
     def createTableFromXML(self,schema,table,data, fields=None):
         """create or replace a table with the given XML data"""