SERVER-8597 Fix AuthorizationManager unit test now that invalid roles no longer prevent privilege acquisition

author: Spencer T Brody <spencer@10gen.com> 2013-02-15 18:28:31 -0800
committer: Spencer T Brody <spencer@10gen.com> 2013-02-16 08:10:24 -0800
commit: 1bd8b84c64214356f482fa3164d88e664f585243 (patch)
tree: 470406a00ee118a40f91a6e7592adfe826d1f350
parent: 692090f1efd4a5a869abcddadefac1cdc5de69d0 (diff)
download: mongo-1bd8b84c64214356f482fa3164d88e664f585243.tar.gz
1 files changed, 23 insertions, 10 deletions
diff --git a/src/mongo/db/auth/authorization_manager_test.cpp b/src/mongo/db/auth/authorization_manager_test.cpp
index 044b21ca724..9df59339dab 100644
--- a/src/mongo/db/auth/authorization_manager_test.cpp
+++ b/src/mongo/db/auth/authorization_manager_test.cpp
@@ -131,68 +131,81 @@ namespace {
         ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::find)));
     }
 
-    TEST_F(PrivilegeDocumentParsing, VerifyRejectionOfInvalidRoleNames) {
-        ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet(
+    TEST_F(PrivilegeDocumentParsing, VerifyInvalidRoleGrantsNoPrivileges) {
+        ASSERT_OK(AuthorizationManager::buildPrivilegeSet(
                               "test",
                               user,
                               BSON("user" << "spencer" << "pwd" << "" <<
-                                   "roles" << BSON_ARRAY("read" << "frim")),
+                                   "roles" << BSON_ARRAY("frim")),
                               &privilegeSet));
         ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::find)));
     }
 
+    TEST_F(PrivilegeDocumentParsing, VerifyInvalidRoleStillAllowsOtherRoles) {
+        ASSERT_OK(AuthorizationManager::buildPrivilegeSet(
+                              "test",
+                              user,
+                              BSON("user" << "spencer" << "pwd" << "" <<
+                                   "roles" << BSON_ARRAY("read" << "frim")),
+                              &privilegeSet));
+        ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find)));
+    }
+
     TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterAdminRoleFromNonAdminDatabase) {
-        ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet(
+        ASSERT_OK(AuthorizationManager::buildPrivilegeSet(
                               "test",
                               user,
                               BSON("user" << "spencer" << "pwd" << "" <<
                                    "roles" << BSON_ARRAY("read" << "clusterAdmin")),
                               &privilegeSet));
-        ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::find)));
+        ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find)));
         ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::shutdown)));
         ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::dropDatabase)));
     }
 
     TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterReadFromNonAdminDatabase) {
-        ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet(
+        ASSERT_OK(AuthorizationManager::buildPrivilegeSet(
                               "test",
                               user,
                               BSON("user" << "spencer" << "pwd" << "" <<
                                    "roles" << BSON_ARRAY("read" << "readAnyDatabase")),
                               &privilegeSet));
-        ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::find)));
+        ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find)));
         ASSERT(!privilegeSet.hasPrivilege(Privilege("test2", ActionType::find)));
     }
 
     TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterReadWriteFromNonAdminDatabase) {
-        ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet(
+        ASSERT_OK(AuthorizationManager::buildPrivilegeSet(
                               "test",
                               user,
                               BSON("user" << "spencer" << "pwd" << "" <<
                                    "roles" << BSON_ARRAY("read" << "readWriteAnyDatabase")),
                               &privilegeSet));
+        ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find)));
         ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::insert)));
         ASSERT(!privilegeSet.hasPrivilege(Privilege("test2", ActionType::insert)));
     }
 
     TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterUserAdminFromNonAdminDatabase) {
-        ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet(
+        ASSERT_OK(AuthorizationManager::buildPrivilegeSet(
                               "test",
                               user,
                               BSON("user" << "spencer" << "pwd" << "" <<
                                    "roles" << BSON_ARRAY("read" << "userAdminAnyDatabase")),
                               &privilegeSet));
+        ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find)));
         ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::userAdmin)));
         ASSERT(!privilegeSet.hasPrivilege(Privilege("test2", ActionType::userAdmin)));
     }
 
     TEST_F(PrivilegeDocumentParsing, VerifyCannotGrantClusterDBAdminFromNonAdminDatabase) {
-        ASSERT_NOT_OK(AuthorizationManager::buildPrivilegeSet(
+        ASSERT_OK(AuthorizationManager::buildPrivilegeSet(
                               "test",
                               user,
                               BSON("user" << "spencer" << "pwd" << "" <<
                                    "roles" << BSON_ARRAY("read" << "dbAdminAnyDatabase")),
                               &privilegeSet));
+        ASSERT(privilegeSet.hasPrivilege(Privilege("test", ActionType::find)));
         ASSERT(!privilegeSet.hasPrivilege(Privilege("test", ActionType::clean)));
         ASSERT(!privilegeSet.hasPrivilege(Privilege("test2", ActionType::clean)));
     }
author	Spencer T Brody <spencer@10gen.com>	2013-02-15 18:28:31 -0800
committer	Spencer T Brody <spencer@10gen.com>	2013-02-16 08:10:24 -0800
commit	1bd8b84c64214356f482fa3164d88e664f585243 (patch)
tree	470406a00ee118a40f91a6e7592adfe826d1f350
parent	692090f1efd4a5a869abcddadefac1cdc5de69d0 (diff)
download	mongo-1bd8b84c64214356f482fa3164d88e664f585243.tar.gz