I have a strange situation here. I am trying to build an application that sends http get request to the MarkLogic server. It hits the XQuery code that perform search:search(""). I am passing empty query to the search so the default relevant results are returned.
And I am using Roxy for deployment.
When I call the typical Roxy deployment function by the command -
ml local deploy content.
It loads all the document and later when I hit localhost:7040, I get the results as expected. So far so good.
Now, I override Roxy's existing method deploy_content and define my new method that calls an XQuery function, which performs xdmp:document-load() to load all the data to the content database. Here is the code snippet -
declare function loadTS:load($path) {
let $result :=
for $d in xdmp:filesystem-directory($path)//dir:entry
let $log := xdmp:log(fn:concat("$d-->",xdmp:describe($d)))
return xdmp:document-load($d//dir:pathname,
<options xmlns="xdmp:document-load">
<uri>{fn:concat("/",$d//dir:filename)}</uri>
<permissions>{xdmp:default-permissions()}</permissions>
<format>xml</format>
<collections>
<collection>all</collection>
</collections>
</options>)
return $result
};
Now, when I hit the application I get 0 result, while the same code works fine from query console. I think this is related to roles and privileges concept because when I provide the admin role to the newly created user from roxy I get the result as expected. I do not want to provide admin role to the default users that will be using my application later on. So what modification I need to do in terms of roles, privileges and authentication that will solve my problem?
Note: when I hit localhost:7040 it doesn't ask for authentication.
ml.app-role:xyz-role
Is there a function to get all the default permissions under this user's role.
This is the user used for app server as it's more a vanilla install.
The user used for query console is admin.
I ran the command xdmp:document-get-permissions() to one of the load document but it returned empty sequence.
xdmp:document-get-permissions("/a-ha+Take-on-Me.xml").
authentication-method=application-level
You state alot, but you never mention anything much about the security side of things:
To fast track this help, I'll answer assuming a very vanilla install of ML and Roxy:
Your code above uses the default permissions of the user through Roxy. If admin, then there may be no default permissions because admin circumvents almost all security (including even needing a write permission on documents).
The big thing to look at is : xdmp:document-get-permissions() on one of the documents.
Anser the following question: Does your application user have read access to the document? If not, adjust your approach above to insert documents with more appropriate permissions).
No longin needed? That is because you have set the login to application level and are likely using just the default user from Roxy. Need authentication? Change to digest and define more users/roles in the Roxt xml config.
What roles are needed? Well, you need at least one user (non-admin) with trights to use your aplpication and read and write access to your documents. Explainig more than that will make too many assumptions. You need to understand the security model and make your own choices. But as an example, create 'user1' with a password and a role 'user1' and also give this access to the role for your app user as defined with Roxy and set authentication to digest. Now you have authentication and a user that can use your app with a password. Change your document load script above to give read/write access of loaded documents to the user1 role.
Now you have an app with:
This will give you the absolute basics. It is still not production ready, because your default user (non login app user) should have minimum priviliges and the rest moved to your login user, for example.
Not enough to fix things? Answer the questions I mention above and there will be more for people to assist with.