`search_path` for `default_public` API key

Question

`search_path` for `default_public` API key

Closed this issue 7 years ago · 1 comments

We’re detecting some unexpected (for us) values for search_path with default_public:

$ curl https://juanignaciosl.carto.com/api/v2/sql -d "api_key=default_public" -d "q=show search_path"
{"rows":[{"search_path":"juanignaciosl, cartodb, cdb_dataservices_client, public"}],"time":0.006,"fields":{"search_path":{"type":"string"}},"total_rows":1}
$ curl https://juanignaciosl.carto.com/api/v2/sql -d "api_key=XXX" -d "q=show search_path"
{"rows":[{"search_path":"juanignaciosl, cartodb, cdb_dataservices_client, public"}],"time":0.001,"fields":{"search_path":{"type":"string"}},"total_rows":1}
$ curl https://juanignaciosl10.carto.com/api/v2/sql -d "api_key=default_public" -d "q=show search_path"
{"rows":[{"search_path":"\"$user\",public,cartodb"}],"time":0.003,"fields":{"search_path":{"type":"string"}},"total_rows":1}
$ curl https://juanignaciosl10.carto.com/api/v2/sql -d "api_key=XXX" -d "q=show search_path"
{"rows":[{"search_path":"public, cartodb, cdb_dataservices_client, public"}],"time":0.002,"fields":{"search_path":{"type":"string"}},"total_rows":1}
$ curl https://cartoframes.carto.com/api/v2/sql -d "api_key=default_public" -d "q=show search_path"
{"rows":[{"search_path":"\"$user\",public,cartodb"}],"time":0.006,"fields":{"search_path":{"type":"string"}},"total_rows":1}
$ curl https://cartoframes.carto.com/api/v2/sql -d "api_key=XXX" -d "q=show search_path"
{"rows":[{"search_path":"public, cartodb, cdb_dataservices_client, public"}],"time":0.002,"fields":{"search_path":{"type":"string"}},"total_rows":1}

("XXX" means "the valid master key")

public was expected to be the first search_path entry for non-organization users, which have the username as first entry.

As you see, for organization users (at least for juanignaciosl@team) querying with default_public returns the username in the search_path. Nevertheless, for non-organization users, it contains "$user" instead. Bug or feature?

cc @dgaubert @rochoa

PS: with a normal ("non-master") API key works as expected:

$ curl https://juanignaciosl.carto.com/api/v2/sql -d "api_key=YYY" -d "q=show search_path"
{"rows":[{"search_path":"juanignaciosl, cartodb, cdb_dataservices_client, public"}],"time":0.008,"fields":{"search_path":{"type":"string"}},"total_rows":1}%
$ curl https://juanignaciosl10.carto.com/api/v2/sql -d "api_key=YYY" -d "q=show search_path"
{"rows":[{"search_path":"public, cartodb, cdb_dataservices_client, public"}],"time":0.005,"fields":{"search_path":{"type":"string"}},"total_rows":1}

Answer 1 · 2018-05-03T08:26:54.000Z

Moved, as it's related to role creation: CartoDB/cartodb/issues/13918