SERVER-40553 Filter unauthorized views in listCollections

author: Sara Golemon <sara.golemon@mongodb.com> 2019-04-09 21:58:43 +0000
committer: Sara Golemon <sara.golemon@mongodb.com> 2019-04-11 14:31:36 +0000
commit: 21c3aa3c2d120cac881044d1fb38834a15246448 (patch)
tree: 6d4868edcad55bc115b407145db50c0a3ae2767a /jstests/auth
parent: 4f31f466b122afb1e116b44e24f955fa0b92e811 (diff)
download: mongo-21c3aa3c2d120cac881044d1fb38834a15246448.tar.gz
1 files changed, 58 insertions, 0 deletions
diff --git a/jstests/auth/list_collections_filter_views.js b/jstests/auth/list_collections_filter_views.js
new file mode 100644
index 00000000000..5667d4dd92c
--- /dev/null
+++ b/jstests/auth/list_collections_filter_views.js
@@ -0,0 +1,58 @@
+// Test listCollections with unauthorized views.
+(function() {
+    "use strict";
+
+    const dbName = "list_collections_filter_views";
+
+    function runTestOnConnection(conn) {
+        const admin = conn.getDB("admin");
+        const db = conn.getDB("test");
+
+        assert.commandWorked(admin.runCommand({createUser: "root", pwd: "root", roles: ["root"]}));
+        assert(admin.auth("root", "root"));
+
+        assert.commandWorked(db.foo.insert({x: 123}));
+        assert.commandWorked(db.createView("bar", "foo", []));
+        assert.commandWorked(db.createView("baz", "foo", []));
+
+        assert.commandWorked(db.runCommand({
+            createRole: "role",
+            roles: [],
+            privileges: [
+                {resource: {db: "test", collection: "foo"}, actions: ["find"]},
+                {resource: {db: "test", collection: "bar"}, actions: ["find"]}
+            ]
+        }));
+
+        assert.commandWorked(
+            db.runCommand({createUser: "user", pwd: "pwd", roles: [{role: "role", db: "test"}]}));
+        admin.logout();
+
+        assert(db.auth("user", "pwd"));
+
+        const res = assert.commandWorked(
+            db.runCommand({listCollections: 1, nameOnly: true, authorizedCollections: true}));
+        assert.eq(2, res.cursor.firstBatch.length, tojson(res.cursor.firstBatch));
+
+        function nameSort(a, b) {
+            return a.name > b.name;
+        }
+        assert.eq(
+            [{"name": "bar", "type": "view"}, {"name": "foo", "type": "collection"}].sort(nameSort),
+            res.cursor.firstBatch.sort(nameSort));
+    }
+
+    const mongod = MongoRunner.runMongod({auth: ''});
+    runTestOnConnection(mongod);
+    MongoRunner.stopMongod(mongod);
+
+    const st = new ShardingTest({
+        shards: 1,
+        mongos: 1,
+        config: 1,
+        other: {keyFile: 'jstests/libs/key1'},
+    });
+    runTestOnConnection(st.s0);
+    st.stop();
+
+}());
author	Sara Golemon <sara.golemon@mongodb.com>	2019-04-09 21:58:43 +0000
committer	Sara Golemon <sara.golemon@mongodb.com>	2019-04-11 14:31:36 +0000
commit	21c3aa3c2d120cac881044d1fb38834a15246448 (patch)
tree	6d4868edcad55bc115b407145db50c0a3ae2767a /jstests/auth
parent	4f31f466b122afb1e116b44e24f955fa0b92e811 (diff)
download	mongo-21c3aa3c2d120cac881044d1fb38834a15246448.tar.gz