From b84ca46399c28eaa597a2483ad21be5602eedc6d Mon Sep 17 00:00:00 2001 From: philipwright <95368282+phil198@users.noreply.github.com> Date: Thu, 2 Oct 2025 14:20:53 +0100 Subject: [PATCH 01/15] adding error codes for ABAC metadata function --- modules/ROOT/content-nav.adoc | 3 +++ modules/ROOT/pages/errors/gql-errors/42N0D.adoc | 15 +++++++++++++++ modules/ROOT/pages/errors/gql-errors/42N0E.adoc | 15 +++++++++++++++ modules/ROOT/pages/errors/gql-errors/42N0F.adoc | 15 +++++++++++++++ modules/ROOT/pages/errors/gql-errors/index.adoc | 12 ++++++++++++ 5 files changed, 60 insertions(+) create mode 100644 modules/ROOT/pages/errors/gql-errors/42N0D.adoc create mode 100644 modules/ROOT/pages/errors/gql-errors/42N0E.adoc create mode 100644 modules/ROOT/pages/errors/gql-errors/42N0F.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 62efe6d8..f3e2c8ee 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -278,6 +278,9 @@ **** xref:errors/gql-errors/42N09.adoc[] **** xref:errors/gql-errors/42N0A.adoc[] **** xref:errors/gql-errors/42N0B.adoc[] +**** xref:errors/gql-errors/42N0D.adoc[] +**** xref:errors/gql-errors/42N0E.adoc[] +**** xref:errors/gql-errors/42N0F.adoc[] **** xref:errors/gql-errors/42N10.adoc[] **** xref:errors/gql-errors/42N11.adoc[] **** xref:errors/gql-errors/42N12.adoc[] diff --git a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc new file mode 100644 index 00000000..5aeae452 --- /dev/null +++ b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc @@ -0,0 +1,15 @@ += 42N0D + + +== Status description + +error: syntax error or access rule violation - cannot call function from this context. The function `{ <> }` cannot be called from the current context. It can only be used `{ <> }`. + + + +ifndef::backend-pdf[] +[discrete.glossary] +== Glossary + +include::partial$glossary.adoc[] +endif::[] \ No newline at end of file diff --git a/modules/ROOT/pages/errors/gql-errors/42N0E.adoc b/modules/ROOT/pages/errors/gql-errors/42N0E.adoc new file mode 100644 index 00000000..3ccc5346 --- /dev/null +++ b/modules/ROOT/pages/errors/gql-errors/42N0E.adoc @@ -0,0 +1,15 @@ += 42N0D + + +== Status description + +error: syntax error or access rule violation - cannot call function without metadata. The function `{ <> }` cannot be called without metadata. + + + +ifndef::backend-pdf[] +[discrete.glossary] +== Glossary + +include::partial$glossary.adoc[] +endif::[] \ No newline at end of file diff --git a/modules/ROOT/pages/errors/gql-errors/42N0F.adoc b/modules/ROOT/pages/errors/gql-errors/42N0F.adoc new file mode 100644 index 00000000..dcdf4cf0 --- /dev/null +++ b/modules/ROOT/pages/errors/gql-errors/42N0F.adoc @@ -0,0 +1,15 @@ += 42N0D + + +== Status description + +error: syntax error or access rule violation - cannot call function without metadata for realm. The function `{ <> }` cannot be called without metadata for realm: { <> }. + + + +ifndef::backend-pdf[] +[discrete.glossary] +== Glossary + +include::partial$glossary.adoc[] +endif::[] \ No newline at end of file diff --git a/modules/ROOT/pages/errors/gql-errors/index.adoc b/modules/ROOT/pages/errors/gql-errors/index.adoc index d9ebd090..a1497778 100644 --- a/modules/ROOT/pages/errors/gql-errors/index.adoc +++ b/modules/ROOT/pages/errors/gql-errors/index.adoc @@ -1142,6 +1142,18 @@ Status description:: error: syntax error or access rule violation - invalid shar Status description:: error: syntax error or access rule violation - cannot replace sharded database. The database identified by `{ <>1 }` is sharded. Drop the database `{ <>2 }` before recreating. +=== xref:errors/gql-errors/42N0D.adoc[42N0D] + +Status description:: error: syntax error or access rule violation - cannot call function from this context. The function `{ <> }` cannot be called from the current context. It can only be used `{ <> }`. + +=== xref:errors/gql-errors/42N0E.adoc[42N0E] + +Status description:: error: syntax error or access rule violation - cannot call function without metadata. The function `{ <> }` cannot be called without metadata. + +=== xref:errors/gql-errors/42N0F.adoc[42N0F] + +Status description:: error: syntax error or access rule violation - cannot call function without metadata for realm. The function `{ <> }` cannot be called without metadata for realm: { <> }. + === xref:errors/gql-errors/42N10.adoc[42N10] Status description:: error: syntax error or access rule violation - no such role. A role with the name `{ <> }` was not found. Verify that the spelling is correct. From ec9aa26082e770d9023b42451a111a50342e1f1a Mon Sep 17 00:00:00 2001 From: Phil Wright <95368282+phil198@users.noreply.github.com> Date: Fri, 3 Oct 2025 14:28:30 +0100 Subject: [PATCH 02/15] Update modules/ROOT/pages/errors/gql-errors/42N0E.adoc Co-authored-by: Therese Magnusson --- modules/ROOT/pages/errors/gql-errors/42N0E.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0E.adoc b/modules/ROOT/pages/errors/gql-errors/42N0E.adoc index 3ccc5346..f19bca99 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0E.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0E.adoc @@ -1,4 +1,4 @@ -= 42N0D += 42N0E == Status description From 1e42e44f2803c43e5f98c09143754ab94629d2a5 Mon Sep 17 00:00:00 2001 From: Phil Wright <95368282+phil198@users.noreply.github.com> Date: Fri, 3 Oct 2025 14:28:40 +0100 Subject: [PATCH 03/15] Update modules/ROOT/pages/errors/gql-errors/42N0F.adoc Co-authored-by: Therese Magnusson --- modules/ROOT/pages/errors/gql-errors/42N0F.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0F.adoc b/modules/ROOT/pages/errors/gql-errors/42N0F.adoc index dcdf4cf0..2f5dcc28 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0F.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0F.adoc @@ -1,4 +1,4 @@ -= 42N0D += 42N0F == Status description From cdf66dd2fcf89c2c850b1d8a15f16de7fec85637 Mon Sep 17 00:00:00 2001 From: philipwright <95368282+phil198@users.noreply.github.com> Date: Fri, 3 Oct 2025 14:49:42 +0100 Subject: [PATCH 04/15] pr review comment --- modules/ROOT/pages/errors/gql-errors/42N0D.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc index 5aeae452..13487c3d 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc @@ -5,6 +5,11 @@ error: syntax error or access rule violation - cannot call function from this context. The function `{ <> }` cannot be called from the current context. It can only be used `{ <> }`. +== Explanation +This function cannot be called in the particular context. The function can only be used in the specified context. + +== Example scenario +For example, calling an internal security function from a user query. ifndef::backend-pdf[] From 0d04352d62c292670e0111fa89745500e5545eaf Mon Sep 17 00:00:00 2001 From: philipwright <95368282+phil198@users.noreply.github.com> Date: Tue, 7 Oct 2025 14:51:56 +0100 Subject: [PATCH 05/15] pr review comment --- modules/ROOT/pages/errors/gql-errors/42N0E.adoc | 4 ++++ modules/ROOT/pages/errors/gql-errors/42N0F.adoc | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0E.adoc b/modules/ROOT/pages/errors/gql-errors/42N0E.adoc index f19bca99..4f82c51f 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0E.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0E.adoc @@ -5,7 +5,11 @@ error: syntax error or access rule violation - cannot call function without metadata. The function `{ <> }` cannot be called without metadata. +== Explanation +This error occurs when the metadata required by the function is missing from the context supplied. This is an internal error which would only ever appear in the logs. +== Example scenario +A function is called without the required metadata. ifndef::backend-pdf[] [discrete.glossary] diff --git a/modules/ROOT/pages/errors/gql-errors/42N0F.adoc b/modules/ROOT/pages/errors/gql-errors/42N0F.adoc index 2f5dcc28..d55de654 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0F.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0F.adoc @@ -5,7 +5,11 @@ error: syntax error or access rule violation - cannot call function without metadata for realm. The function `{ <> }` cannot be called without metadata for realm: { <> }. +== Explanation +This error occurs when the metadata for a specific security realm is missing from the context supplied. This is an internal error which would only ever appear in the logs. +== Example scenario +A function is called with a metadata dictionary, but there is no entry for the required realm. ifndef::backend-pdf[] [discrete.glossary] From a309515ff117a2a83dbbe239626ce878ef821b9e Mon Sep 17 00:00:00 2001 From: philipwright <95368282+phil198@users.noreply.github.com> Date: Thu, 9 Oct 2025 09:37:33 +0100 Subject: [PATCH 06/15] reverting changes to auto-generated index.adoc --- modules/ROOT/pages/errors/gql-errors/index.adoc | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/modules/ROOT/pages/errors/gql-errors/index.adoc b/modules/ROOT/pages/errors/gql-errors/index.adoc index a1497778..d9ebd090 100644 --- a/modules/ROOT/pages/errors/gql-errors/index.adoc +++ b/modules/ROOT/pages/errors/gql-errors/index.adoc @@ -1142,18 +1142,6 @@ Status description:: error: syntax error or access rule violation - invalid shar Status description:: error: syntax error or access rule violation - cannot replace sharded database. The database identified by `{ <>1 }` is sharded. Drop the database `{ <>2 }` before recreating. -=== xref:errors/gql-errors/42N0D.adoc[42N0D] - -Status description:: error: syntax error or access rule violation - cannot call function from this context. The function `{ <> }` cannot be called from the current context. It can only be used `{ <> }`. - -=== xref:errors/gql-errors/42N0E.adoc[42N0E] - -Status description:: error: syntax error or access rule violation - cannot call function without metadata. The function `{ <> }` cannot be called without metadata. - -=== xref:errors/gql-errors/42N0F.adoc[42N0F] - -Status description:: error: syntax error or access rule violation - cannot call function without metadata for realm. The function `{ <> }` cannot be called without metadata for realm: { <> }. - === xref:errors/gql-errors/42N10.adoc[42N10] Status description:: error: syntax error or access rule violation - no such role. A role with the name `{ <> }` was not found. Verify that the spelling is correct. From b50c299c42df207af98edc84fe67d55a22370b7e Mon Sep 17 00:00:00 2001 From: Phil Wright <95368282+phil198@users.noreply.github.com> Date: Thu, 9 Oct 2025 09:38:54 +0100 Subject: [PATCH 07/15] Update modules/ROOT/pages/errors/gql-errors/42N0F.adoc Co-authored-by: Reneta Popova --- modules/ROOT/pages/errors/gql-errors/42N0F.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0F.adoc b/modules/ROOT/pages/errors/gql-errors/42N0F.adoc index d55de654..aa756f01 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0F.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0F.adoc @@ -1,3 +1,4 @@ +:page-role: new-2025.10 = 42N0F From cab18472e4a9828f04822acf1bd55080c4979a56 Mon Sep 17 00:00:00 2001 From: Phil Wright <95368282+phil198@users.noreply.github.com> Date: Thu, 9 Oct 2025 09:39:03 +0100 Subject: [PATCH 08/15] Update modules/ROOT/pages/errors/gql-errors/42N0D.adoc Co-authored-by: Reneta Popova --- modules/ROOT/pages/errors/gql-errors/42N0D.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc index 13487c3d..2f6fb4f6 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc @@ -1,3 +1,4 @@ +:page-role: new-2025.10 = 42N0D From cb99a235cdf404610d7ac2e2fcdea51aca5af1de Mon Sep 17 00:00:00 2001 From: Phil Wright <95368282+phil198@users.noreply.github.com> Date: Thu, 9 Oct 2025 09:39:15 +0100 Subject: [PATCH 09/15] Update modules/ROOT/pages/errors/gql-errors/42N0E.adoc Co-authored-by: Reneta Popova --- modules/ROOT/pages/errors/gql-errors/42N0E.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0E.adoc b/modules/ROOT/pages/errors/gql-errors/42N0E.adoc index 4f82c51f..9d2d5b51 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0E.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0E.adoc @@ -1,3 +1,4 @@ +:page-role: new-2025.10 = 42N0E From 9fa34b41686137e261f52527724ea897bb6bd43c Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 9 Oct 2025 12:29:03 +0200 Subject: [PATCH 10/15] Update modules/ROOT/pages/errors/gql-errors/42N0D.adoc Co-authored-by: Phil Wright <95368282+phil198@users.noreply.github.com> --- modules/ROOT/pages/errors/gql-errors/42N0D.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc index 2f6fb4f6..db03caa9 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc @@ -7,7 +7,8 @@ error: syntax error or access rule violation - cannot call function from this context. The function `{ <> }` cannot be called from the current context. It can only be used `{ <> }`. == Explanation -This function cannot be called in the particular context. The function can only be used in the specified context. +This error is thrown when a function is called from a context that is not allowed for that function. +For example, if you try to call `abac.oidc.user_attribuge()` from a regular Cypher query, you will get this error, because it is not supported in user Cypher queries and can only be called from within `AUTH RULE` creation or alteration commands. == Example scenario For example, calling an internal security function from a user query. From 987fe4f22d3ad118833b693618b1cced363c80d8 Mon Sep 17 00:00:00 2001 From: Phil Wright <95368282+phil198@users.noreply.github.com> Date: Thu, 9 Oct 2025 16:07:24 +0100 Subject: [PATCH 11/15] Update modules/ROOT/pages/errors/gql-errors/42N0D.adoc Co-authored-by: Therese Magnusson --- modules/ROOT/pages/errors/gql-errors/42N0D.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc index db03caa9..a2019633 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc @@ -8,7 +8,7 @@ error: syntax error or access rule violation - cannot call function from this co == Explanation This error is thrown when a function is called from a context that is not allowed for that function. -For example, if you try to call `abac.oidc.user_attribuge()` from a regular Cypher query, you will get this error, because it is not supported in user Cypher queries and can only be called from within `AUTH RULE` creation or alteration commands. +For example, if you try to call `abac.oidc.user_attribute()` from a regular Cypher query, you will get this error, because it is not supported in user Cypher queries and can only be called from within `AUTH RULE` creation or alteration commands. == Example scenario For example, calling an internal security function from a user query. From e18285f00c7379f7557273ef94ffda57bf5833f0 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 13 Oct 2025 11:51:03 +0200 Subject: [PATCH 12/15] Apply suggestion from @phil198 Co-authored-by: Phil Wright <95368282+phil198@users.noreply.github.com> --- modules/ROOT/pages/errors/gql-errors/42N0D.adoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc index a2019633..ac603bf7 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc @@ -8,10 +8,9 @@ error: syntax error or access rule violation - cannot call function from this co == Explanation This error is thrown when a function is called from a context that is not allowed for that function. -For example, if you try to call `abac.oidc.user_attribute()` from a regular Cypher query, you will get this error, because it is not supported in user Cypher queries and can only be called from within `AUTH RULE` creation or alteration commands. == Example scenario -For example, calling an internal security function from a user query. +If you try to call an internal security function like `abac.oidc.user_attribute()` from a regular Cypher query, you will get this error, because it is not supported in user Cypher queries and can only be called from within `AUTH RULE` creation or alteration commands. ifndef::backend-pdf[] From 702607708c1803714f2c98c9018837d12fb0b8c9 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 13 Oct 2025 11:53:34 +0200 Subject: [PATCH 13/15] Update modules/ROOT/pages/errors/gql-errors/42N0D.adoc --- modules/ROOT/pages/errors/gql-errors/42N0D.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc index ac603bf7..3aaf4e07 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0D.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0D.adoc @@ -10,7 +10,9 @@ error: syntax error or access rule violation - cannot call function from this co This error is thrown when a function is called from a context that is not allowed for that function. == Example scenario -If you try to call an internal security function like `abac.oidc.user_attribute()` from a regular Cypher query, you will get this error, because it is not supported in user Cypher queries and can only be called from within `AUTH RULE` creation or alteration commands. + +Try to call an internal security function like `abac.oidc.user_attribute()` from a regular Cypher query. +You will get this error because it is not supported in user Cypher queries and can only be called from within `AUTH RULE` creation or alteration commands. ifndef::backend-pdf[] From da277439e086658154b7c65af03c7da3c12a7e9f Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 13 Oct 2025 11:57:46 +0200 Subject: [PATCH 14/15] Update modules/ROOT/pages/errors/gql-errors/42N0F.adoc --- modules/ROOT/pages/errors/gql-errors/42N0F.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/errors/gql-errors/42N0F.adoc b/modules/ROOT/pages/errors/gql-errors/42N0F.adoc index aa756f01..b888c73e 100644 --- a/modules/ROOT/pages/errors/gql-errors/42N0F.adoc +++ b/modules/ROOT/pages/errors/gql-errors/42N0F.adoc @@ -4,7 +4,7 @@ == Status description -error: syntax error or access rule violation - cannot call function without metadata for realm. The function `{ <> }` cannot be called without metadata for realm: { <> }. +error: syntax error or access rule violation - cannot call function without metadata for realm. The function `{ <> }` cannot be called without metadata for realm: `{ <> }`. == Explanation This error occurs when the metadata for a specific security realm is missing from the context supplied. This is an internal error which would only ever appear in the logs. From 132a7bdf0e77c75422e44d2a43ded2b834f169cb Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 13 Oct 2025 11:07:37 +0100 Subject: [PATCH 15/15] regenerate the index file --- modules/ROOT/pages/errors/gql-errors/index.adoc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/ROOT/pages/errors/gql-errors/index.adoc b/modules/ROOT/pages/errors/gql-errors/index.adoc index d9ebd090..07917e37 100644 --- a/modules/ROOT/pages/errors/gql-errors/index.adoc +++ b/modules/ROOT/pages/errors/gql-errors/index.adoc @@ -1142,6 +1142,21 @@ Status description:: error: syntax error or access rule violation - invalid shar Status description:: error: syntax error or access rule violation - cannot replace sharded database. The database identified by `{ <>1 }` is sharded. Drop the database `{ <>2 }` before recreating. +[role=label--new-2025.10] +=== xref:errors/gql-errors/42N0D.adoc[42N0D] + +Status description:: error: syntax error or access rule violation - cannot call function from this context. The function `{ <> }` cannot be called from the current context. It can only be used `{ <> }`. + +[role=label--new-2025.10] +=== xref:errors/gql-errors/42N0E.adoc[42N0E] + +Status description:: error: syntax error or access rule violation - cannot call function without metadata. The function `{ <> }` cannot be called without metadata. + +[role=label--new-2025.10] +=== xref:errors/gql-errors/42N0F.adoc[42N0F] + +Status description:: error: syntax error or access rule violation - cannot call function without metadata for realm. The function `{ <> }` cannot be called without metadata for realm: `{ <> }`. + === xref:errors/gql-errors/42N10.adoc[42N10] Status description:: error: syntax error or access rule violation - no such role. A role with the name `{ <> }` was not found. Verify that the spelling is correct.