diff --git a/examples/src/main/java/com/marklogic/client/example/handle/URIHandleExample.java b/examples/src/main/java/com/marklogic/client/example/handle/URIHandleExample.java index 9f6f5a9ea..1c5ba5955 100644 --- a/examples/src/main/java/com/marklogic/client/example/handle/URIHandleExample.java +++ b/examples/src/main/java/com/marklogic/client/example/handle/URIHandleExample.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. + * Copyright (c) 2010-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. */ package com.marklogic.client.example.handle; @@ -12,6 +12,7 @@ import com.marklogic.client.document.XMLDocumentManager; import com.marklogic.client.example.cookbook.Util; import com.marklogic.client.example.cookbook.Util.ExampleProperties; +import com.marklogic.client.io.DocumentMetadataHandle; import com.marklogic.client.io.InputStreamHandle; /** @@ -82,7 +83,11 @@ public static void setUpExample(XMLDocumentManager docMgr, String docId, String InputStreamHandle handle = new InputStreamHandle(); handle.set(docStream); - docMgr.write(docId, handle); + DocumentMetadataHandle metadata = new DocumentMetadataHandle(); + metadata.getPermissions().add("rest-writer", + DocumentMetadataHandle.Capability.READ, DocumentMetadataHandle.Capability.UPDATE); + + docMgr.write(docId, metadata, handle); } // clean up by deleting the documents for the example diff --git a/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/datamovement/functionaltests/StringQueryHostBatcherTest.java b/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/datamovement/functionaltests/StringQueryHostBatcherTest.java index 2fb85af21..cf396f600 100644 --- a/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/datamovement/functionaltests/StringQueryHostBatcherTest.java +++ b/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/datamovement/functionaltests/StringQueryHostBatcherTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. + * Copyright (c) 2010-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. */ package com.marklogic.client.datamovement.functionaltests; @@ -92,7 +92,7 @@ public static void setUpBeforeClass() throws Exception { }; addRangePathIndex(dbName, rangePaths); - createUserRolesWithPrevilages("test-eval", "xdbc:eval", "xdbc:eval-in", "xdmp:eval-in", "any-uri", "xdbc:invoke"); + createUserRolesWithPrevilages("test-eval", "xdbc:eval", "xdbc:eval-in", "xdmp:eval-in", "any-uri", "xdbc:invoke", "xdmp-login"); createRESTUser("eval-user", "x", "test-eval", "rest-admin", "rest-writer", "rest-reader", "rest-extension-user", "manage-user"); } diff --git a/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/fastfunctest/TestBulkWriteWithTransformations.java b/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/fastfunctest/TestBulkWriteWithTransformations.java index 71093cf73..53cdd8870 100644 --- a/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/fastfunctest/TestBulkWriteWithTransformations.java +++ b/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/fastfunctest/TestBulkWriteWithTransformations.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. + * Copyright (c) 2010-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. */ package com.marklogic.client.fastfunctest; @@ -54,7 +54,7 @@ public static void tearDownAfterClass() throws Exception { @BeforeEach public void setUp() throws Exception { // create new connection for each test below - createUserRolesWithPrevilages("test-eval", "xdbc:eval", "xdbc:eval-in", "xdmp:eval-in", "any-uri", "xdbc:invoke"); + createUserRolesWithPrevilages("test-eval", "xdbc:eval", "xdbc:eval-in", "xdmp:eval-in", "any-uri", "xdbc:invoke", "xdmp-login"); createRESTUser("eval-user", "x", "test-eval", "rest-admin", "rest-writer", "rest-reader"); client = newClientAsUser("eval-user", "x"); } diff --git a/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/fastfunctest/TestJSResourceExtensions.java b/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/fastfunctest/TestJSResourceExtensions.java index f79a761a8..6b77663ef 100644 --- a/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/fastfunctest/TestJSResourceExtensions.java +++ b/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/fastfunctest/TestJSResourceExtensions.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. + * Copyright (c) 2010-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. */ package com.marklogic.client.fastfunctest; @@ -112,7 +112,7 @@ public String deleteJSON(String docUri) { @BeforeAll public static void setUpBeforeClass() throws Exception { - createUserRolesWithPrevilages("test-eval", "xdbc:eval", "xdbc:eval-in", "xdmp:value", "xdmp:eval", "xdmp:eval-in", "any-uri", "xdbc:invoke"); + createUserRolesWithPrevilages("test-eval", "xdbc:eval", "xdbc:eval-in", "xdmp:value", "xdmp:eval", "xdmp:eval-in", "any-uri", "xdbc:invoke", "xdmp-login"); createRESTUser("eval-user", "x", "test-eval", "rest-admin", "rest-writer", "rest-reader", "rest-extension-user"); } diff --git a/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/functionaltest/TestBiTemporal.java b/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/functionaltest/TestBiTemporal.java index 1fdfe67d6..2cdf136b5 100644 --- a/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/functionaltest/TestBiTemporal.java +++ b/marklogic-client-api-functionaltests/src/test/java/com/marklogic/client/functionaltest/TestBiTemporal.java @@ -121,7 +121,7 @@ public static void tearDownAfterClass() throws Exception { @BeforeEach public void setUp() throws Exception { createUserRolesWithPrevilages("test-eval", "xdbc:eval", "xdbc:eval-in", "xdmp:eval-in", "any-uri", - "xdbc:invoke", "temporal:statement-set-system-time"); + "xdbc:invoke", "temporal:statement-set-system-time", "xdmp-login"); createRESTUser("eval-user", "x", "test-eval", "rest-admin", "rest-writer", "rest-reader", "temporal-admin"); adminClient = getDatabaseClient("rest-admin", "x", getConnType()); diff --git a/marklogic-client-api/src/main/java/com/marklogic/client/datamovement/ApplyTransformListener.java b/marklogic-client-api/src/main/java/com/marklogic/client/datamovement/ApplyTransformListener.java index 6935fa2dd..9d5972b2d 100644 --- a/marklogic-client-api/src/main/java/com/marklogic/client/datamovement/ApplyTransformListener.java +++ b/marklogic-client-api/src/main/java/com/marklogic/client/datamovement/ApplyTransformListener.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. + * Copyright (c) 2010-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. */ package com.marklogic.client.datamovement; @@ -253,10 +253,8 @@ public enum ApplyResult { REPLACE, /** Run the transform on each document, but ignore the value returned by - * the transform because the transform will do any necessary database - * modifications or other processing. For example, a transform might call - * out to an external REST service or perhaps write multiple additional - * documents. + * the transform because the transform will do any necessary other processing. + * For example, a transform might call out to an external REST service. */ IGNORE }; diff --git a/marklogic-client-api/src/test/java/com/marklogic/client/test/datamovement/ApplyTransformTest.java b/marklogic-client-api/src/test/java/com/marklogic/client/test/datamovement/ApplyTransformTest.java index db76a7719..72078c22b 100644 --- a/marklogic-client-api/src/test/java/com/marklogic/client/test/datamovement/ApplyTransformTest.java +++ b/marklogic-client-api/src/test/java/com/marklogic/client/test/datamovement/ApplyTransformTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. + * Copyright (c) 2010-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. */ package com.marklogic.client.test.datamovement; @@ -25,7 +25,9 @@ import java.util.List; import java.util.Random; import java.util.concurrent.atomic.AtomicInteger; +import java.util.concurrent.atomic.AtomicReference; +import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.fail; @@ -92,17 +94,19 @@ public void testResultIgnore() throws Exception { StructuredQueryDefinition query = sqb.value(sqb.jsonProperty("testProperty"), "test2"); ServerTransform transform = new ServerTransform(transformName2) .addParameter("newValue", "test2a"); + AtomicReference e = new AtomicReference<>(); ApplyTransformListener listener = new ApplyTransformListener() .withTransform(transform) - .withApplyResult(ApplyResult.IGNORE); + .withApplyResult(ApplyResult.IGNORE).onFailure((batch, throwable) -> e.set(throwable)); QueryBatcher batcher = moveMgr.newQueryBatcher(query) .onUrisReady(listener); JobTicket ticket = moveMgr.startJob( batcher ); batcher.awaitCompletion(); moveMgr.stopJob(ticket); + assertNotNull(e.get()); JsonNode docContents = docMgr.readAs(collection + "/test2.json", JsonNode.class); - assertEquals("test2a", docContents.get("testProperty").textValue() ); + assertEquals("test2", docContents.get("testProperty").textValue() ); } @Test diff --git a/test-app/src/main/ml-config/security/roles/java-test-xdmp-login.json b/test-app/src/main/ml-config/security/roles/java-test-xdmp-login.json new file mode 100644 index 000000000..e23c8407c --- /dev/null +++ b/test-app/src/main/ml-config/security/roles/java-test-xdmp-login.json @@ -0,0 +1,46 @@ +{ + "role-name": "java-test-xdmp-login", + "description": "Grants privileges required in ML 11 for invoking server-side transforms and resource extensions", + "privilege": [ + { + "privilege-name": "xdmp-login", + "action": "http://marklogic.com/xdmp/privileges/xdmp-login", + "kind": "execute" + }, + { + "privilege-name": "rest-reader", + "action": "http://marklogic.com/xdmp/privileges/rest-reader", + "kind": "execute" + }, + { + "privilege-name": "xdmp:xslt-eval", + "action": "http://marklogic.com/xdmp/privileges/xslt-eval", + "kind": "execute" + }, + { + "privilege-name": "xdmp:xslt-invoke", + "action": "http://marklogic.com/xdmp/privileges/xslt-invoke", + "kind": "execute" + }, + { + "privilege-name": "xdmp:invoke", + "action": "http://marklogic.com/xdmp/privileges/xdmp-invoke", + "kind": "execute" + }, + { + "privilege-name": "unprotected-uri", + "action": "http://marklogic.com/xdmp/privileges/unprotected-uri", + "kind": "execute" + }, + { + "privilege-name": "unprotected-collections", + "action": "http://marklogic.com/xdmp/privileges/unprotected-collections", + "kind": "execute" + }, + { + "privilege-name": "xdmp:value", + "action": "http://marklogic.com/xdmp/privileges/xdmp-value", + "kind": "execute" + } + ] +} diff --git a/test-app/src/main/ml-config/security/roles/test-rest-writer.json b/test-app/src/main/ml-config/security/roles/test-rest-writer.json index 09d3e69f9..156eb7355 100644 --- a/test-app/src/main/ml-config/security/roles/test-rest-writer.json +++ b/test-app/src/main/ml-config/security/roles/test-rest-writer.json @@ -1,21 +1,41 @@ { - "role-name": "test-rest-writer", - "description": "Role for test users that can write documents; does not inherit the OOTB rest-writer role so as to avoid having default permissions", - "privilege": [ - { - "privilege-name": "rest-writer", - "action": "http://marklogic.com/xdmp/privileges/rest-writer", - "kind": "execute" - }, - { - "privilege-name": "rest-reader", - "action": "http://marklogic.com/xdmp/privileges/rest-reader", - "kind": "execute" - }, - { - "privilege-name": "rest-tracer", - "action": "http://marklogic.com/xdmp/privileges/rest-tracer", - "kind": "execute" - } - ] -} \ No newline at end of file + "role-name": "test-rest-writer", + "description": "Role for test users that can write documents; does not inherit the OOTB rest-writer role so as to avoid having default permissions", + "privilege": [ + { + "privilege-name": "rest-writer", + "action": "http://marklogic.com/xdmp/privileges/rest-writer", + "kind": "execute" + }, + { + "privilege-name": "rest-reader", + "action": "http://marklogic.com/xdmp/privileges/rest-reader", + "kind": "execute" + }, + { + "privilege-name": "rest-tracer", + "action": "http://marklogic.com/xdmp/privileges/rest-tracer", + "kind": "execute" + }, + { + "privilege-name": "xdmp-login", + "action": "http://marklogic.com/xdmp/privileges/xdmp-login", + "kind": "execute" + }, + { + "privilege-name": "xdmp:invoke", + "action": "http://marklogic.com/xdmp/privileges/xdmp-invoke", + "kind": "execute" + }, + { + "privilege-name": "unprotected-uri", + "action": "http://marklogic.com/xdmp/privileges/unprotected-uri", + "kind": "execute" + }, + { + "privilege-name": "unprotected-collections", + "action": "http://marklogic.com/xdmp/privileges/unprotected-collections", + "kind": "execute" + } + ] +} diff --git a/test-app/src/main/ml-config/security/users/opticUser.json b/test-app/src/main/ml-config/security/users/opticUser.json index f2bd8b578..cc120735e 100644 --- a/test-app/src/main/ml-config/security/users/opticUser.json +++ b/test-app/src/main/ml-config/security/users/opticUser.json @@ -1,6 +1,6 @@ { "user-name": "opticUser", - "description": "user discription", + "description": "user description", "password": "0pt1c", "role": [ "tde-admin", @@ -12,4 +12,4 @@ "rest-extension-user", "manage-user" ] -} \ No newline at end of file +} diff --git a/test-app/src/main/ml-config/security/users/rest-admin.json b/test-app/src/main/ml-config/security/users/rest-admin.json index ec0921db4..6cdf8c9fb 100644 --- a/test-app/src/main/ml-config/security/users/rest-admin.json +++ b/test-app/src/main/ml-config/security/users/rest-admin.json @@ -1,9 +1,6 @@ { "user-name": "rest-admin", "description": "rest-admin user", - "role": [ - "rest-admin", - "java-test-delete-temporal" - ], + "role": ["rest-admin", "java-test-delete-temporal", "java-test-xdmp-login"], "password": "x" } diff --git a/test-app/src/main/ml-config/security/users/rest-evaluator.json b/test-app/src/main/ml-config/security/users/rest-evaluator.json index bb39fcb35..c2d5b3449 100644 --- a/test-app/src/main/ml-config/security/users/rest-evaluator.json +++ b/test-app/src/main/ml-config/security/users/rest-evaluator.json @@ -1,8 +1,6 @@ { "user-name": "rest-evaluator", "description": "Test user for the java-client-api-project", - "role": [ - "java-test-evaluator" - ], + "role": ["java-test-evaluator", "java-test-xdmp-login"], "password": "x" } diff --git a/test-app/src/main/ml-config/security/users/rest-transform-user.json b/test-app/src/main/ml-config/security/users/rest-transform-user.json new file mode 100644 index 000000000..591446bc3 --- /dev/null +++ b/test-app/src/main/ml-config/security/users/rest-transform-user.json @@ -0,0 +1,15 @@ +{ + "user-name": "rest-transform-user", + "description": "REST API transform execution user", + "password": "x", + "role": [ + "rest-transform-internal", + "rest-reader", + "rest-writer", + "java-test-xdmp-login" + ], + "permission": [ + { "role-name": "rest-reader", "capability": "read" }, + { "role-name": "rest-writer", "capability": "update" } + ] +} diff --git a/test-app/src/main/ml-config/security/users/rest-writer.json b/test-app/src/main/ml-config/security/users/rest-writer.json index 98ab00679..ba434365c 100644 --- a/test-app/src/main/ml-config/security/users/rest-writer.json +++ b/test-app/src/main/ml-config/security/users/rest-writer.json @@ -1,9 +1,6 @@ { "user-name": "rest-writer", "description": "rest-writer user", - "role": [ - "rest-writer", - "java-test-delete-graph" - ], + "role": ["rest-writer", "java-test-delete-graph", "java-test-xdmp-login"], "password": "x" } diff --git a/test-app/src/main/ml-config/security/users/writer-no-default-permissions.json b/test-app/src/main/ml-config/security/users/writer-no-default-permissions.json index 8748a1325..e6d56ea40 100644 --- a/test-app/src/main/ml-config/security/users/writer-no-default-permissions.json +++ b/test-app/src/main/ml-config/security/users/writer-no-default-permissions.json @@ -5,7 +5,8 @@ "test-rest-writer", "java-test-delete-graph", "rest-extension-user", - "rest-reader" + "rest-reader", + "java-test-xdmp-login" ], "password": "x" }