SERVER-19940 extended auth checking for find and getMore commands to allow use of term only from internal clients.

The term field was added to the find/getMore commands to support replication protocol version 1 and is meant to be used by replica set nodes to communicate metadata to their sync sources.
author: Benety Goh <benety@mongodb.com> 2015-09-02 18:33:27 -0400
committer: Benety Goh <benety@mongodb.com> 2015-09-04 11:21:38 -0400
commit: 769ef392ffef89e61ed0c001250cc52b04e0c8f4 (patch)
tree: f03d772471669165f83847a051908970ba459f72 /jstests/auth
parent: bbab56051a643a51b40fe53e5ecd936b374bf135 (diff)
download: mongo-769ef392ffef89e61ed0c001250cc52b04e0c8f4.tar.gz
1 files changed, 30 insertions, 0 deletions
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js
index fd56559300e..2ce024ade88 100644
--- a/jstests/auth/lib/commands_lib.js
+++ b/jstests/auth/lib/commands_lib.js
@@ -1140,6 +1140,21 @@ var authCommandsLib = {
             ]
         },
         {
+            testname: "findWithTerm",
+            command: {find: "foo", limit: -1, term: NumberLong(1)},
+            testcases: [
+                {
+                    runOnDb: firstDbName,
+                    roles: {__system: 1},
+                    privileges: [
+                        { resource: {db: firstDbName, collection: "foo"}, actions: ["find"] },
+                        { resource: {cluster: true}, actions: ["internal"] }
+                    ],
+                    expectFail: true // because of invalid limit
+                },
+            ]
+        },
+        {
             testname: "findAndModify",
             command: {findAndModify: "x", query: {_id: "abc"}, update: {$inc: {n: 1}}},
             setup: function (db) {
@@ -1331,6 +1346,21 @@ var authCommandsLib = {
             ]
         },
         {
+            testname: "getMoreWithTerm",
+            command: {getMore: NumberLong("1"), collection: "foo", term: NumberLong(1)},
+            testcases: [
+                {
+                    runOnDb: firstDbName,
+                    roles: {__system: 1},
+                    privileges: [
+                        { resource: {db: firstDbName, collection: "foo"}, actions: ["find"] },
+                        { resource: {cluster: true}, actions: ["internal"] }
+                    ],
+                    expectFail: true
+                }
+            ]
+        },
+        {
             testname: "getnonce",
             command: {getnonce: 1},
             testcases: [
author	Benety Goh <benety@mongodb.com>	2015-09-02 18:33:27 -0400
committer	Benety Goh <benety@mongodb.com>	2015-09-04 11:21:38 -0400
commit	769ef392ffef89e61ed0c001250cc52b04e0c8f4 (patch)
tree	f03d772471669165f83847a051908970ba459f72 /jstests/auth
parent	bbab56051a643a51b40fe53e5ecd936b374bf135 (diff)
download	mongo-769ef392ffef89e61ed0c001250cc52b04e0c8f4.tar.gz