DEVEXP-546: Scaffold new roles using privileges instead of OOTB roles

marklogic · Aug 29, 2023 · 4119b25 · 4119b25
1 parent 1c3e5f3
commit 4119b25
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/main/java/com/marklogic/appdeployer/scaffold/ScaffoldGenerator.java b/src/main/java/com/marklogic/appdeployer/scaffold/ScaffoldGenerator.java
@@ -139,8 +139,9 @@ protected ObjectNode buildReaderRole(String appName) {
 		node.put("role-name", appName + "-reader");
 		node.put("description", "Can view documents, but not edit");
 		ArrayNode array = node.putArray("role");
-		array.add("rest-reader");
 		array.add(appName + "-nobody");
+		array = node.putArray("privilege");
+		array.add(buildPrivilege("rest-reader", "http://marklogic.com/xdmp/privileges/rest-reader", "execute"));
 		return node;
 	}
 
@@ -149,9 +150,9 @@ protected ObjectNode buildWriterRole(String appName) {
 		node.put("role-name", appName + "-writer");
 		node.put("description", "Can read and write documents");
 		ArrayNode array = node.putArray("role");
-		array.add("rest-writer");
 		array.add(appName + "-reader");
 		array = node.putArray("privilege");
+		array.add(buildPrivilege("rest-writer", "http://marklogic.com/xdmp/privileges/rest-writer", "execute"));
 		array.add(buildPrivilege("any-uri", "http://marklogic.com/xdmp/privileges/any-uri", "execute"));
 		array.add(buildPrivilege("unprotected-collections", "http://marklogic.com/xdmp/privileges/unprotected-collections", "execute"));
 		return node;