As someone coming at this from the other direction - I would like to allow dynamic execution of anything (given the appropriate passwords, of course). I am trying to implement something similar to eXide [1] to run on an Android phone.
…exciting!
I was surprised, but not too concerned, that "file:list('.')" requires create permission. I could not find this, or similar information in the Wiki. It would be a useful addition to document it there.
True; there are various functions that require create or admin permissions, and that should be properly documented in our function modules. In the given case, the restriction exists to prevent ordinary users from traversing through the file system of an external server unless they are allowed to create new databases from local resources. The restriction to four types of permissions (read, write, create, admin) is prone to such confusions, but we observed that things soon get worse if we try to extend this pattern by additional permissions without having more thoughts on what we try to attain. Various concepts have been discussed in the past, such as introducing database owners, roles, or security sandboxes.
I believe, at the Java level, these permissions are described using an annotation and I wonder if there would be value in surfacing these as a custom BaseX annotation in the module function stubs in etc\modules and even allowing their use with pure XQuery code?
That’s an interesting thought. Our team member Marcel is currently working on security annotations [1]; we may need to see if we can combine or extend them in a reasonable manner… Bit this could turn out to be a little bit tricky, because the proposed annotations don’t interact with the BaseX standard users/permissions. Instead, they were built to be allow users to log in on an application level (usually with RESTXQ).
Best, Christian