diff options
| author | Gregory Noma <gregory.noma@gmail.com> | 2021-06-17 10:59:33 -0400 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-06-17 16:34:45 +0000 |
| commit | 870f8af7b3052d0e866f3b24c7220fef1f9d66f5 (patch) | |
| tree | 081c2bbd48f932f84d07da0adb338759550f361e | |
| parent | d8484ccdb02cc9c13784385413722b5d00268081 (diff) | |
| download | mongo-870f8af7b3052d0e866f3b24c7220fef1f9d66f5.tar.gz | |
SERVER-57558 Include time-series collections in listCollections with authorizedCollections
| -rw-r--r-- | jstests/auth/list_collections_own_collections.js | 22 | ||||
| -rw-r--r-- | src/mongo/db/commands/list_collections.cpp | 32 |
2 files changed, 22 insertions, 32 deletions
diff --git a/jstests/auth/list_collections_own_collections.js b/jstests/auth/list_collections_own_collections.js index cb55c7b97dc..82c411125c8 100644 --- a/jstests/auth/list_collections_own_collections.js +++ b/jstests/auth/list_collections_own_collections.js @@ -204,27 +204,13 @@ function runSystemsBucketsTestOnConnection(conn, isMongod) { admin.logout(); - // TODO SERVER-57558 - mongod bug - if (!isMongod) { - runTestOnRole(db, "roleWithExactNamespacePrivilegesBuckets", [resFooTS]); - } - // TODO SERVER-57558 - mongod bug - if (!isMongod) { - runTestOnRole( - db, "roleWithExactNamespaceAndSystemPrivilegesBuckets", [resFooTS, resBarTS, resSBFoo]); - } else { - runTestOnRole(db, "roleWithExactNamespaceAndSystemPrivilegesBuckets", [resFooTS, resSBFoo]); - } + runTestOnRole(db, "roleWithExactNamespacePrivilegesBuckets", [resFooTS]); + runTestOnRole( + db, "roleWithExactNamespaceAndSystemPrivilegesBuckets", [resFooTS, resBarTS, resSBFoo]); - // TODO SERVER-57558 - mongod bug - if (!isMongod) { - runTestOnRole(db, "roleWithSystemBucketsInAnyDB", [resFooTS, resBarTS, resSBFoo]); - } else { - runTestOnRole(db, "roleWithSystemBucketsInAnyDB", [resFooTS, resSBFoo]); - } + runTestOnRole(db, "roleWithSystemBucketsInAnyDB", [resFooTS, resBarTS, resSBFoo]); runTestOnRole(db, "roleWithAnySystemBucketsInDB", [resFooTS, resBarTS, resSBFoo, resSBBar]); - runTestOnRole(db, "roleWithAnySystemBuckets", [resFooTS, resBarTS, resSBFoo, resSBBar]); } diff --git a/src/mongo/db/commands/list_collections.cpp b/src/mongo/db/commands/list_collections.cpp index e87d2945abb..326a59aebd4 100644 --- a/src/mongo/db/commands/list_collections.cpp +++ b/src/mongo/db/commands/list_collections.cpp @@ -395,23 +395,14 @@ public: } } else { auto perCollectionWork = [&](const CollectionPtr& collection) { - if (authorizedCollections && - (!as->isAuthorizedForAnyActionOnResource( - ResourcePattern::forExactNamespace(collection->ns())))) { - return true; - } - - BSONObj collBson = buildCollectionBson( - opCtx, collection, includePendingDrops, nameOnly); - if (!collBson.isEmpty()) { - _addWorkingSetMember( - opCtx, collBson, matcher.get(), ws.get(), root.get()); - } - if (collection && collection->getTimeseriesOptions() && !collection->ns().isDropPendingNamespace() && viewCatalog->lookupWithoutValidatingDurableViews( - opCtx, collection->ns().getTimeseriesViewNamespace().ns())) { + opCtx, collection->ns().getTimeseriesViewNamespace().ns()) && + (!authorizedCollections || + as->isAuthorizedForAnyActionOnResource( + ResourcePattern::forExactNamespace( + collection->ns().getTimeseriesViewNamespace())))) { // The time-series view for this buckets namespace exists, so add it // here while we have the collection options. _addWorkingSetMember( @@ -422,6 +413,19 @@ public: root.get()); } + if (authorizedCollections && + (!as->isAuthorizedForAnyActionOnResource( + ResourcePattern::forExactNamespace(collection->ns())))) { + return true; + } + + BSONObj collBson = buildCollectionBson( + opCtx, collection, includePendingDrops, nameOnly); + if (!collBson.isEmpty()) { + _addWorkingSetMember( + opCtx, collBson, matcher.get(), ws.get(), root.get()); + } + return true; }; |