MLE-28498 11.3.5 Test Fixes for Security Update

test-app/src/main/ml-config/security/roles/rest-evaluator.json

@@ -1,9 +1,7 @@
 {
   "role-name": "rest-evaluator",
   "description": "REST writer who can eval, invoke, or set a dynamic databases",
-  "role": [
-    "rest-writer"
-  ],
+  "role": ["rest-writer", "sparql-update-user"],
   "privilege": [
     {
       "privilege-name": "xdmp-eval",
@@ -49,6 +47,21 @@
       "privilege-name": "xdmp-get-session-field",
       "action": "http://marklogic.com/xdmp/privileges/xdmp-get-session-field",
       "kind": "execute"
+    },
+    {
+      "privilege-name": "xdmp-login",
+      "action": "http://marklogic.com/xdmp/privileges/xdmp-login",
+      "kind": "execute"
+    },
+    {
+      "privilege-name": "unprotected-collections",
+      "action": "http://marklogic.com/xdmp/privileges/unprotected-collections",
+      "kind": "execute"
+    },
+    {
+      "privilege-name": "xdmp-xslt-invoke",
+      "action": "http://marklogic.com/xdmp/privileges/xslt-invoke",
+      "kind": "execute"
     }
   ]
-}
+}

test-app/src/main/ml-config/security/roles/rest-invoke-user.json

@@ -0,0 +1,11 @@
+{
+  "role-name": "rest-invoke-user",
+  "description": "Role granting xdmp:login privilege needed for REST transform invocations with different-transaction isolation",
+  "privilege": [
+    {
+      "privilege-name": "xdmp-login",
+      "action": "http://marklogic.com/xdmp/privileges/xdmp-login",
+      "kind": "execute"
+    }
+  ]
+}

test-app/src/main/ml-config/security/users/rest-admin.json

@@ -3,6 +3,9 @@
   "description": "rest-admin user",
   "password": "x",
   "role": [
-    "rest-admin"
+    "rest-admin",
+    "rest-evaluator",
+    "rest-extension-user",
+    "sparql-update-user"
   ]
-}
+}

test-app/src/main/ml-config/security/users/rest-reader.json

@@ -2,7 +2,5 @@
   "user-name": "rest-reader",
   "description": "rest-reader user",
   "password": "x",
-  "role": [
-    "rest-reader"
-  ]
-}
+  "role": ["rest-reader", "rest-extension-user", "rest-invoke-user"]
+}

test-app/src/main/ml-config/security/users/rest-temporal-writer.json

@@ -2,7 +2,5 @@
   "user-name": "rest-temporal-writer",
   "description": "rest-writer user with temporal privileges",
   "password": "x",
-  "role": [
-    "rest-temporal-writer"
-  ]
-}
+  "role": ["rest-temporal-writer", "rest-extension-user"]
+}

test-app/src/main/ml-config/security/users/rest-transform-user.json

@@ -0,0 +1,4 @@
+{
+  "user-name": "rest-transform-user",
+  "role": ["rest-transform-internal", "rest-reader", "rest-invoke-user"]
+}

test-app/src/main/ml-config/security/users/rest-writer.json

@@ -5,6 +5,7 @@
   "role": [
     "rest-writer",
     "rest-evaluator",
-    "temporal-admin"
+    "temporal-admin",
+    "rest-extension-user"
   ]
 }

test-basic/documents-transform.js

@@ -187,7 +187,7 @@ describe('document transform', function(){
         documents.length.should.equal(1);
         documents[0].content.should.have.property('timestamp');
         documents[0].content.should.have.property('userName');
-        documents[0].content.userName.should.eql('rest-writer');
+        documents[0].content.userName.should.eql('rest-transform-user'); // MLE-28684: transforms now run as rest-transform-user
         done();
         })
       .catch(done);
@@ -202,7 +202,7 @@ describe('document transform', function(){
         documents.length.should.equal(1);
         documents[0].content.should.have.property('timestamp');
         documents[0].content.should.have.property('userName');
-        documents[0].content.userName.should.eql('rest-writer');
+        documents[0].content.userName.should.eql('rest-transform-user'); // MLE-28684: transforms now run as rest-transform-user
         done();
         })
       .catch(done);
@@ -221,7 +221,7 @@ describe('document transform', function(){
           documents.length.should.equal(1);
           documents[0].content.should.have.property('timestamp');
           documents[0].content.should.have.property('userName');
-          documents[0].content.userName.should.eql('rest-writer');
+          documents[0].content.userName.should.eql('rest-transform-user'); // MLE-28684: transforms now run as rest-transform-user
           done();
           })
         .catch(done);

test-complete/nodejs-dmsdk-readall-1.js

@@ -1,6 +1,6 @@
 /*
-* Copyright (c) 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
-*/
+ * Copyright (c) 2015-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+ */
 var fs     = require('fs');
 const path = require('path');
 
@@ -143,6 +143,7 @@ describe('readAll-tests-one', function () {
         function (err, arr) {
             if (err) {
                 done(err);
+                return;
             }
             arr.forEach(item => {
                 setTimeout(() => {
@@ -158,8 +159,8 @@ describe('readAll-tests-one', function () {
             for (var c of resulContents) {
                 expect(verifyCurrentContents(c)).to.be.true;
             }
+            done();
         });
-        done();
     });
 
     it('readAll one document with batch options', function (done) {
@@ -173,15 +174,16 @@ describe('readAll-tests-one', function () {
         function (err, arr) {
             if (err) {
                 done(err);
+                return;
             }
             arr.forEach(item => {
                 setTimeout(() => {
                     var i = 0; i++;
                 }, 3000);
                 expect(item.uri).to.equal('dmsdk.txt');
             });
+            done();
         });
-        done();
     });
 
     //Verify no errors when readAll has no Uris to read

test-complete/nodejs-transform-javascript.js

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+* Copyright (c) 2015-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 */
 var should = require('should');
 var fs = require('fs');
@@ -73,9 +73,10 @@ describe('Transform test with javascript', function () {
             result(function (response) {
                 //console.log(JSON.stringify(response, null, 4));
                 response[0].content.should.have.property('timestamp');
-                response[0].content.userName.should.equal('rest-reader');
+                response[0].content.userName.should.equal('rest-transform-user'); // MLE-28684: transforms now run as rest-transform-user
                 done();
-            }, done);
+            })
+            .catch(done);
     });
 
     it('should  query', function (done) {
@@ -130,9 +131,10 @@ describe('Transform test with javascript', function () {
             result(function (response) {
                 //console.log(JSON.stringify(response, null, 4));
                 response[0].content.should.have.property('timestamp');
-                response[0].content.userName.should.equal('rest-reader');
+                response[0].content.userName.should.equal('rest-transform-user'); // MLE-28684: transforms now run as rest-transform-user
                 done();
-            }, done);
+            })
+            .catch(done);
     });
     /*it('should modify during write', function(done){
     dbWriter.documents.write({