diff options
author | A. Jesse Jiryu Davis <jesse@mongodb.com> | 2019-04-19 13:52:12 -0400 |
---|---|---|
committer | A. Jesse Jiryu Davis <jesse@mongodb.com> | 2019-04-24 10:47:53 -0400 |
commit | f202c4c1ba24b9f561e8b11dac5b04fa0eeb4919 (patch) | |
tree | ceedc4c78d52590629e81e3aa77bec774dab27a1 /jstests/auth/autocomplete_auth.js | |
parent | 66fcbb20e58550e652dd95449c696f17ad2f9ce2 (diff) | |
download | mongo-f202c4c1ba24b9f561e8b11dac5b04fa0eeb4919.tar.gz |
SERVER-35638 Short timeout to autocomplete collection names
Also resolves SERVER-40736, test autocompletion of collection names for users
without the listCollections permission.
Diffstat (limited to 'jstests/auth/autocomplete_auth.js')
-rw-r--r-- | jstests/auth/autocomplete_auth.js | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/jstests/auth/autocomplete_auth.js b/jstests/auth/autocomplete_auth.js new file mode 100644 index 00000000000..5e15cae3718 --- /dev/null +++ b/jstests/auth/autocomplete_auth.js @@ -0,0 +1,51 @@ +/** + * Tests that when a user who lacks the listCollections privilege types 'db.<tab>' in the shell, + * autocompletion shows the collections on which she has permissions. + * + * @tags: [ + * assumes_superuser_permissions, + * assumes_write_concern_unchanged, + * creates_and_authenticates_user, + * requires_auth, + * requires_non_retryable_commands, + * ] + */ + +// Get shell's global scope. +const self = this; + +(function() { + 'use strict'; + + const testName = jsTest.name(); + const conn = MongoRunner.runMongod({auth: ''}); + const admin = conn.getDB('admin'); + admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles}); + assert(admin.auth('admin', 'pass')); + + admin.getSiblingDB(testName).createRole({ + role: 'coachTicket', + privileges: [{resource: {db: testName, collection: 'coachClass'}, actions: ['find']}], + roles: [] + }); + + admin.getSiblingDB(testName).createUser( + {user: 'coachPassenger', pwd: 'password', roles: ['coachTicket']}); + + const testDB = conn.getDB(testName); + testDB.coachClass.insertOne({}); + testDB.businessClass.insertOne({}); + + // Must use 'db' to test autocompletion. + self.db = new Mongo(conn.host).getDB(testName); + assert(db.auth('coachPassenger', 'password')); + const authzErrorCode = 13; + assert.commandFailedWithCode(db.runCommand({listCollections: 1}), authzErrorCode); + assert.commandWorked(db.runCommand({find: 'coachClass'})); + assert.commandFailedWithCode(db.runCommand({find: 'businessClass'}), authzErrorCode); + shellAutocomplete('db.'); + assert(__autocomplete__.includes('db.coachClass'), + `Completions should include 'coachClass': ${__autocomplete__}`); + assert(!__autocomplete__.includes('db.businessClass'), + `Completions should NOT include 'businessClass': ${__autocomplete__}`); +})(); |