Best practices for writing extensions
Follow CKAN’s coding standards
See Contributing guide.
Use the plugins toolkit instead of importing CKAN
Try to limit your extension to interacting with CKAN only through CKAN’s plugin interfaces and plugins toolkit. It’s a good idea to keep your extension code separate from CKAN as much as possible, so that internal changes in CKAN from one release to the next don’t break your extension.
Don’t edit CKAN’s database tables
An extension can create its own tables in the CKAN database, but it should not write to core CKAN tables directly, add columns to core tables, or use foreign keys against core tables.
Don’t automatically modify the database structure
If your extension uses custom database tables then it needs to modify the database structure, for example to add the tables after its installation or to migrate them after an update. These modifications should not be performed automatically when the extension is loaded, since this can lead to dead-locks and other problems.
Use migrations when introducing new models
Any new model provided by extension must use migration script for creating and updating relevant tables. As well as core tables, extensions should provide revisioned workflow for reproducing correct state of DB. There are few convenient tools available in CKAN for this purpose:
New migration script can be created via CLI interface:
ckan generate migration -p PLUGIN_NAME -m 'MIGRATION MESSAGE'
One should take care and use actual plugin’s name, not extension name instead of PLUGIN_NAME. This may become important when an extension provides multiple plugins, which contain migration scripts. If those scripts should be applied independently(i.e., there is no sense in particular migrations, unless specific plugin is enabled),
-p/--plugin
option gives you enough control. Otherwise, if extenson named ckanext-ext contains just single plugin ext, command for new migration will look like ckan generate migration -p ext.Migration scripts are created under EXTENSION_ROOT/ckanext/EXTENSION_NAME/migration/PLUGIN_NAME/versions. Once created, migration script contains empty upgrade and downgrade function, which need to be updated according to desired changes. More details abailable in Alembic documentation.
Apply migration script with:
ckan db upgrade -p PLUGIN_NAME
This command will check current state of DB and apply only required migrations, so it’s idempotent.
Revert changes introduced by plugin’s migration scripts with:
ckan db downgrade -p PLUGIN_NAME
Implement each plugin class in a separate Python module
This keeps CKAN’s plugin loading order simple, see ckan.plugins.
Avoid name clashes
Many of the names you pick for your identifiers and files must be unique in relation to the names used by core CKAN and other extensions. To avoid conflicts you should prefix any public name that your extension introduces with the name of your extension. For example:
The names of configuration settings introduced by your extension should have the form
my_extension.my_config_setting
.The names of templates and template snippets introduced by your extension should begin with the name of your extension:
snippets/my_extension_useful_snippet.html
If you have add a lot of templates you can also put them into a separate folder named after your extension instead.
The names of template helper functions introduced by your extension should begin with the name of your extension. For example:
def get_helpers(self): '''Register the most_popular_groups() function above as a template helper function. ''' # Template helper function names should begin with the name of the # extension they belong to, to avoid clashing with functions from # other extensions. return {'example_theme_most_popular_groups': most_popular_groups}
The names of JavaScript modules introduced by your extension should begin with the name of your extension. For example
assets/example_theme_popover.js
:// Enable JavaScript's strict mode. Strict mode catches some common // programming errors and throws exceptions, prevents some unsafe actions from // being taken, and disables some confusing and bad JavaScript features. "use strict"; ckan.module('example_theme_popover', function ($) { return { initialize: function () { console.log("I've been initialized for element: ", this.el); } }; });
The names of API action functions introduced by your extension should begin with the name of your extension. For example
my_extension_foobarize_everything
.The names of background job queues introduced by your extension should begin with the name of your extension. For example
my_extension:super-special-job-queue
.
In some situations, a resource may even be shared between multiple CKAN instances, which requires an even higher degree of uniqueness for the corresponding names. In that case, you should also prefix your identifiers with the CKAN site ID, which is available via
try:
# CKAN 2.7 and later
from ckan.common import config
except ImportError:
# CKAN 2.6 and earlier
from pylons import config
site_id = config[u'ckan.site_id']
Currently this only affects the Redis database:
All keys in the Redis database created by your extension should be prefixed with both the CKAN site ID and your extension’s name.
Internationalize user-visible strings
All user-visible strings should be internationalized, see String internationalization.
Add third party libraries to requirements.txt
If your extension requires third party libraries, rather than
adding them to setup.py
, they should be added
to requirements.txt
, which can be installed with:
pip install -r requirements.txt
To prevent accidental breakage of your extension through backwards-incompatible behaviour of newer versions of your dependencies, their versions should be pinned, such as:
requests==2.7.0
On the flip side, be mindful that this could also create version conflicts with requirements of considerably newer or older extensions.
Implementing CSRF protection
CKAN 2.10 introduces CSRF protection for all the frontend forms. Extensions are currently excluded from the CSRF protection to give time to update them, but CSRF protection will be enforced in the future.
To add CSRF protection to your extensions add the following helper call to your form templates:
<form class="dataset-form form-horizontal" method="post" enctype="multipart/form-data">
{{ h.csrf_input() }}
If your extension needs to support older CKAN versions, use the following:
<form class="dataset-form form-horizontal" method="post" enctype="multipart/form-data">
{{ h.csrf_input() if 'csrf_input' in h }}
Forms that are submitted via JavaScript modules also need to submit the CSRF token, here’s an example of how to append it to an existing form:
// Get the csrf value from the page meta tag
var csrf_value = $('meta[name=_csrf_token]').attr('content')
// Create the hidden input
var hidden_csrf_input = $('<input name="_csrf_token" type="hidden" value="'+csrf_value+'">')
// Insert the hidden input at the beginning of the form
hidden_csrf_input.prependTo(form)
API calls performed from JavaScript modules from the UI (which use cookie-based authentication) should also include the token, in this case in the X-CSRFToken
header. CKAN Modules using the builtin client) to perform API calls will have the header added automatically. If you are performing API calls directly from a UI module you will need to add the header yourself.