Hi Danny, The function is a local function in a main module and that main module is in the Modules database which is configured as the location for modules for that app server.
The code in the module just calls a local function that reads a document by its URI, using fn:doc(uri). There is no problem reading the document from the main module using the local function if the document was inserted by the first user with their default permissions and an additional read permission for the secondary user. When I remove the read permission for the secondary user, the secondary user cannot view the document, as I would expect. What I was trying to do was to allow the secondary user to read the document under certain circumstances. Under these circumstances I would call the local function to do fn:doc via eval passing in the first user's user-id. This works fine if I grant xdmp:login to the secondary user via the admin console. What I was trying to do was to amp this function so that the secondary user only had xdmp:login for the duration of the local function. The exception just stated that the user needed the xdmp:login permission, which indicates to me that the amp did not work. The role I granted with the amp was the role of the first user. I've actually solved my problem in a different way, but I'm curious about what I might be doing wrong in creating the amp in case I need to do it in the future. FYI - the problem that I was trying to solve was that I wanted a certain class of documents to be excluded from search results but still be available by URI without having to modify the query. I solved this by placing the documents that should not be searchable in collection-1 and those that should be searchable both collection-1 and collection-2. I added an additional collection query to my search options to restrict results to collection-2. Bob Hi Robert, Here are a few comments and questions that may help lead to why it is not working.... I would not use the xquery-local-namespace for a module. It is generally reserved for local functions in main modules. Instead, define your own namespace. If you put this xqy in the Modules database, is your app server set up to use the Modules database for its modules? Also, does the document have the needed execute permissions? Can you be more specific about what does not work? Does is throw an exception? If so, what is the exception. What roles did you assign to the amp? What exactly is the code in details.xqy? -Danny _______________________________________________ General mailing list [email protected] http://xqzone.com/mailman/listinfo/general
