Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
460 views
in Technique[技术] by (71.8m points)

marklogic - Why is admin needed to see the semantics library for a REST extension?

I'm getting the following error when calling a library function through a REST extension:

{
    "errorResponse": {
        "statusCode": 500,
        "status": "Internal Server Error",
        "messageCode": "INTERNAL ERROR",
        "message": "RESTAPI-INVALIDREQ: (err:FOER0000) Invalid request:  reason: Extension citedByCount or a dependency does not exist: XDMP-MODNOTFOUND: (err:XQST0059) xdmp:annotation(xdmp:function(fn:QName("http://marklogic.com/rest-api/resource/citedByCount","post"), "/marklogic.rest.resource/citedByCount/assets/resource.xqy"), xs:QName("rapi:transaction-mode")) -- Module /opt/MarkLogic/Modules/MarkLogic/semantics.xqy not found . See the MarkLogic server error log for further detail."
    }
}

Key part: "Module /opt/MarkLogic/Modules/MarkLogic/semantics.xqy not found".

If I call the function in Query Console as below, it works:

xdmp:eval(
  '
    import module namespace some = "http://example.org/some-lib" at "/lib/some-lib.xqy";
    some:my-func("abc")
  ',
  map:entry("userId", xdmp:user("my-user"))
)

If I call the same function from a REST extension, like so:

xquery version "1.0-ml";

module namespace resource = "http://marklogic.com/rest-api/resource/someResource";

import module namespace some = "http://example.org/some-lib" at "/lib/some-lib.xqy";

declare namespace rapi = "http://marklogic.com/rest-api";

declare %rapi:transaction-mode("update") function post(
  $context as map:map,
  $params  as map:map,
  $input   as document-node()*
) as document-node()*
{
  some:my-func("abc")
};

then I get the error above when called with my-user. That user has a role; if I grant that role every other role and privilege except admin, I get the error. If I grant admin, it works fine.

The library has this import:

import module namespace sem = "http://marklogic.com/semantics" at "/MarkLogic/semantics.xqy";

and calls the following sem functions:

  • sem:iri
  • sem:sparql
  • sem:graph-delete
  • sem:triple
  • sem:rdf-insert

Any ideas on why this happens?

question from:https://stackoverflow.com/questions/65830220/why-is-admin-needed-to-see-the-semantics-library-for-a-rest-extension

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

This answer from Erik Hennum had the key tip:

For the permissions to work, the main module and each library in the dependency chain must be executable by at least one role assigned to the user (where assignment includes inheritance and amping).

@ehennum followed that up with a reference to the rest-extension-user role.

I added "rest-extension-user,read,rest-extension-user,execute" to ml-gradle's mlModulePermissions property and it worked.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...