From 80079a6a18a6384f35560ae2d4d7dac3f1686b53 Mon Sep 17 00:00:00 2001 From: Josh Meekhof Date: Thu, 25 Feb 2016 15:54:48 -0500 Subject: [PATCH] Created a seperate branch of logic to handle user and role association. --- deploy/lib/xquery/setup.xqy | 39 +++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/deploy/lib/xquery/setup.xqy b/deploy/lib/xquery/setup.xqy index cc4ca48a..5bf955e4 100644 --- a/deploy/lib/xquery/setup.xqy +++ b/deploy/lib/xquery/setup.xqy @@ -487,6 +487,7 @@ declare function setup:do-setup($import-config as element(configuration)+, $opti if(map:contains($optionsMap, "all") or map:contains($optionsMap, "privileges")) then setup:create-privileges($import-config) else (), if(map:contains($optionsMap, "all") or map:contains($optionsMap, "roles")) then setup:create-roles($import-config) else (), if(map:contains($optionsMap, "all") or map:contains($optionsMap, "users")) then setup:create-users($import-config) else (), + if(map:contains($optionsMap, "all") or map:contains($optionsMap, "users") or map:contains($optionsMap, "roles")) then setup:associate-users-with-roles($import-config) else (), if(map:contains($optionsMap, "all") or map:contains($optionsMap, "external-security")) then setup:create-external-security($import-config) else (), if(map:contains($optionsMap, "all") or map:contains($optionsMap, "external-security")) then setup:apply-external-security-settings($import-config) else (), if(map:contains($optionsMap, "all") or map:contains($optionsMap, "mimetypes")) then setup:create-mimetypes($import-config) else (), @@ -4482,6 +4483,31 @@ declare function setup:validate-roles( setup:validation-fail(fn:concat("Missing role: ", $role-name)) }; +declare function setup:associate-users-with-roles($import-config as element(configuration)) +{ + for $user in $import-config/sec:users/sec:user + let $user-name as xs:string := $user/sec:user-name + let $role-names as xs:string* := $user/sec:role-names/* + + let $eval-options := + + {$default-security} + different-transaction + + + return + if ($role-names) then + xdmp:eval( + 'import module namespace sec="http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; + declare variable $user-name as xs:string external; + declare variable $role-names as element() external; + sec:user-set-roles($user-name, $role-names/*)', + (xs:QName("user-name"), $user-name, + xs:QName("role-names"), {for $r in $role-names return {$r}}), + $eval-options) + else () +}; + declare function setup:create-users($import-config as element(configuration)) { for $user in $import-config/sec:users/sec:user @@ -4518,17 +4544,6 @@ declare function setup:create-users($import-config as element(configuration)) xs:QName("password"), fn:string($password)), $eval-options), - if ($role-names) then - xdmp:eval( - 'import module namespace sec="http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; - declare variable $user-name as xs:string external; - declare variable $role-names as element() external; - sec:user-set-roles($user-name, $role-names/*)', - (xs:QName("user-name"), $user-name, - xs:QName("role-names"), {for $r in $role-names return {$r}}), - $eval-options) - else (), - if ($permissions) then xdmp:eval( 'import module namespace sec="http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; @@ -4581,7 +4596,7 @@ declare function setup:create-users($import-config as element(configuration)) (xs:QName("user-name"), $user-name, xs:QName("description"), fn:string($description), xs:QName("password"), $password, - xs:QName("role-names"), {for $r in $role-names return {$r}}, + xs:QName("role-names"), , xs:QName("permissions"), , xs:QName("collections"), {for $c in $collections return {$c}}), $eval-options),