diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2019-04-09 21:58:43 +0000 |
---|---|---|
committer | Sara Golemon <sara.golemon@mongodb.com> | 2019-04-11 14:31:36 +0000 |
commit | 21c3aa3c2d120cac881044d1fb38834a15246448 (patch) | |
tree | 6d4868edcad55bc115b407145db50c0a3ae2767a /jstests/auth | |
parent | 4f31f466b122afb1e116b44e24f955fa0b92e811 (diff) | |
download | mongo-21c3aa3c2d120cac881044d1fb38834a15246448.tar.gz |
SERVER-40553 Filter unauthorized views in listCollections
Diffstat (limited to 'jstests/auth')
-rw-r--r-- | jstests/auth/list_collections_filter_views.js | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/jstests/auth/list_collections_filter_views.js b/jstests/auth/list_collections_filter_views.js new file mode 100644 index 00000000000..5667d4dd92c --- /dev/null +++ b/jstests/auth/list_collections_filter_views.js @@ -0,0 +1,58 @@ +// Test listCollections with unauthorized views. +(function() { + "use strict"; + + const dbName = "list_collections_filter_views"; + + function runTestOnConnection(conn) { + const admin = conn.getDB("admin"); + const db = conn.getDB("test"); + + assert.commandWorked(admin.runCommand({createUser: "root", pwd: "root", roles: ["root"]})); + assert(admin.auth("root", "root")); + + assert.commandWorked(db.foo.insert({x: 123})); + assert.commandWorked(db.createView("bar", "foo", [])); + assert.commandWorked(db.createView("baz", "foo", [])); + + assert.commandWorked(db.runCommand({ + createRole: "role", + roles: [], + privileges: [ + {resource: {db: "test", collection: "foo"}, actions: ["find"]}, + {resource: {db: "test", collection: "bar"}, actions: ["find"]} + ] + })); + + assert.commandWorked( + db.runCommand({createUser: "user", pwd: "pwd", roles: [{role: "role", db: "test"}]})); + admin.logout(); + + assert(db.auth("user", "pwd")); + + const res = assert.commandWorked( + db.runCommand({listCollections: 1, nameOnly: true, authorizedCollections: true})); + assert.eq(2, res.cursor.firstBatch.length, tojson(res.cursor.firstBatch)); + + function nameSort(a, b) { + return a.name > b.name; + } + assert.eq( + [{"name": "bar", "type": "view"}, {"name": "foo", "type": "collection"}].sort(nameSort), + res.cursor.firstBatch.sort(nameSort)); + } + + const mongod = MongoRunner.runMongod({auth: ''}); + runTestOnConnection(mongod); + MongoRunner.stopMongod(mongod); + + const st = new ShardingTest({ + shards: 1, + mongos: 1, + config: 1, + other: {keyFile: 'jstests/libs/key1'}, + }); + runTestOnConnection(st.s0); + st.stop(); + +}()); |