diff options
Diffstat (limited to 'src/mongo/db/auth/authorization_session_test.cpp')
| -rw-r--r-- | src/mongo/db/auth/authorization_session_test.cpp | 244 |
1 files changed, 125 insertions, 119 deletions
diff --git a/src/mongo/db/auth/authorization_session_test.cpp b/src/mongo/db/auth/authorization_session_test.cpp index 078ba1cfe01..75874d76c92 100644 --- a/src/mongo/db/auth/authorization_session_test.cpp +++ b/src/mongo/db/auth/authorization_session_test.cpp @@ -36,6 +36,7 @@ #include "mongo/db/auth/authorization_session.h" #include "mongo/db/jsobj.h" #include "mongo/db/namespace_string.h" +#include "mongo/db/operation_context_noop.h" #include "mongo/unittest/unittest.h" #include "mongo/util/map_util.h" @@ -53,7 +54,8 @@ namespace { void setFindsShouldFail(bool enable) { _findsShouldFail = enable; } - virtual Status findOne(const NamespaceString& collectionName, + virtual Status findOne(OperationContext* txn, + const NamespaceString& collectionName, const BSONObj& query, BSONObj* result) { if (_findsShouldFail && @@ -62,7 +64,7 @@ namespace { return Status(ErrorCodes::UnknownError, "findOne on admin.system.users set to fail in mock."); } - return AuthzManagerExternalStateMock::findOne(collectionName, query, result); + return AuthzManagerExternalStateMock::findOne(txn, collectionName, query, result); } private: @@ -84,6 +86,9 @@ namespace { authzSession.reset(new AuthorizationSession(sessionState)); authzManager->setAuthEnabled(true); } + + protected: + OperationContextNoop _txn; }; const ResourcePattern testDBResource(ResourcePattern::forDatabaseName("test")); @@ -119,17 +124,17 @@ namespace { TEST_F(AuthorizationSessionTest, AddUserAndCheckAuthorization) { // Check that disabling auth checks works ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); sessionState->setReturnValueForShouldIgnoreAuthChecks(true); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); sessionState->setReturnValueForShouldIgnoreAuthChecks(false); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); // Check that you can't authorize a user that doesn't exist. ASSERT_EQUALS(ErrorCodes::UserNotFound, - authzSession->addAndAuthorizeUser(UserName("spencer", "test"))); + authzSession->addAndAuthorizeUser(&_txn, UserName("spencer", "test"))); // Add a user with readWrite and dbAdmin on the test DB ASSERT_OK(managerState->insertPrivilegeDocument("admin", @@ -141,14 +146,14 @@ namespace { BSON("role" << "dbAdmin" << "db" << "test"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("spencer", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("spencer", "test"))); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testDBResource, ActionType::dbStats)); + &_txn, testDBResource, ActionType::dbStats)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::insert)); + &_txn, otherFooCollResource, ActionType::insert)); // Add an admin user with readWriteAnyDatabase ASSERT_OK(managerState->insertPrivilegeDocument("admin", @@ -158,36 +163,37 @@ namespace { "roles" << BSON_ARRAY(BSON("role" << "readWriteAnyDatabase" << "db" << "admin"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("admin", "admin"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("admin", "admin"))); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( + &_txn, ResourcePattern::forExactNamespace( NamespaceString("anydb.somecollection")), ActionType::insert)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - otherDBResource, ActionType::insert)); + &_txn, otherDBResource, ActionType::insert)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::insert)); + &_txn, otherFooCollResource, ActionType::insert)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::collMod)); + &_txn, otherFooCollResource, ActionType::collMod)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); authzSession->logoutDatabase("test"); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::insert)); + &_txn, otherFooCollResource, ActionType::insert)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::collMod)); + &_txn, testFooCollResource, ActionType::collMod)); authzSession->logoutDatabase("admin"); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::insert)); + &_txn, otherFooCollResource, ActionType::insert)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::collMod)); + &_txn, testFooCollResource, ActionType::collMod)); } TEST_F(AuthorizationSessionTest, DuplicateRolesOK) { @@ -203,14 +209,14 @@ namespace { BSON("role" << "readWrite" << "db" << "test"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("spencer", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("spencer", "test"))); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testDBResource, ActionType::dbStats)); + &_txn, testDBResource, ActionType::dbStats)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::insert)); + &_txn, otherFooCollResource, ActionType::insert)); } TEST_F(AuthorizationSessionTest, SystemCollectionsAccessControl) { @@ -247,83 +253,83 @@ namespace { "db" << "admin"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("rwany", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("rwany", "test"))); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testUsersCollResource, ActionType::insert)); + &_txn, testUsersCollResource, ActionType::insert)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testUsersCollResource, ActionType::find)); + &_txn, testUsersCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherUsersCollResource, ActionType::insert)); + &_txn, otherUsersCollResource, ActionType::insert)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherUsersCollResource, ActionType::find)); + &_txn, otherUsersCollResource, ActionType::find)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testIndexesCollResource, ActionType::find)); + &_txn, testIndexesCollResource, ActionType::find)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testProfileCollResource, ActionType::find)); + &_txn, testProfileCollResource, ActionType::find)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - otherIndexesCollResource, ActionType::find)); + &_txn, otherIndexesCollResource, ActionType::find)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - otherProfileCollResource, ActionType::find)); + &_txn, otherProfileCollResource, ActionType::find)); // Logging in as useradminany@test implicitly logs out rwany@test. - ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("useradminany", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("useradminany", "test"))); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testUsersCollResource, ActionType::insert)); + &_txn, testUsersCollResource, ActionType::insert)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testUsersCollResource, ActionType::find)); + &_txn, testUsersCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherUsersCollResource, ActionType::insert)); + &_txn, otherUsersCollResource, ActionType::insert)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - otherUsersCollResource, ActionType::find)); + &_txn, otherUsersCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testIndexesCollResource, ActionType::find)); + &_txn, testIndexesCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testProfileCollResource, ActionType::find)); + &_txn, testProfileCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherIndexesCollResource, ActionType::find)); + &_txn, otherIndexesCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherProfileCollResource, ActionType::find)); + &_txn, otherProfileCollResource, ActionType::find)); // Logging in as rw@test implicitly logs out useradminany@test. - ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("rw", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("rw", "test"))); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testUsersCollResource, ActionType::insert)); + &_txn, testUsersCollResource, ActionType::insert)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testUsersCollResource, ActionType::find)); + &_txn, testUsersCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherUsersCollResource, ActionType::insert)); + &_txn, otherUsersCollResource, ActionType::insert)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherUsersCollResource, ActionType::find)); + &_txn, otherUsersCollResource, ActionType::find)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testIndexesCollResource, ActionType::find)); + &_txn, testIndexesCollResource, ActionType::find)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testProfileCollResource, ActionType::find)); + &_txn, testProfileCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherIndexesCollResource, ActionType::find)); + &_txn, otherIndexesCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherProfileCollResource, ActionType::find)); + &_txn, otherProfileCollResource, ActionType::find)); // Logging in as useradmin@test implicitly logs out rw@test. - ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("useradmin", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("useradmin", "test"))); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testUsersCollResource, ActionType::insert)); + &_txn, testUsersCollResource, ActionType::insert)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testUsersCollResource, ActionType::find)); + &_txn, testUsersCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherUsersCollResource, ActionType::insert)); + &_txn, otherUsersCollResource, ActionType::insert)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherUsersCollResource, ActionType::find)); + &_txn, otherUsersCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testIndexesCollResource, ActionType::find)); + &_txn, testIndexesCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testProfileCollResource, ActionType::find)); + &_txn, testProfileCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherIndexesCollResource, ActionType::find)); + &_txn, otherIndexesCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - otherProfileCollResource, ActionType::find)); + &_txn, otherProfileCollResource, ActionType::find)); } TEST_F(AuthorizationSessionTest, InvalidateUser) { @@ -335,12 +341,12 @@ namespace { "roles" << BSON_ARRAY(BSON("role" << "readWrite" << "db" << "test"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("spencer", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("spencer", "test"))); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::find)); + &_txn, testFooCollResource, ActionType::find)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); User* user = authzSession->lookupUser(UserName("spencer", "test")); ASSERT(user->isValid()); @@ -362,11 +368,11 @@ namespace { // Make sure that invalidating the user causes the session to reload its privileges. authzManager->invalidateUserByName(user->getName()); - authzSession->startRequest(); // Refreshes cached data for invalid users + authzSession->startRequest(&_txn); // Refreshes cached data for invalid users ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::find)); + &_txn, testFooCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); user = authzSession->lookupUser(UserName("spencer", "test")); ASSERT(user->isValid()); @@ -379,11 +385,11 @@ namespace { &ignored); // Make sure that invalidating the user causes the session to reload its privileges. authzManager->invalidateUserByName(user->getName()); - authzSession->startRequest(); // Refreshes cached data for invalid users + authzSession->startRequest(&_txn); // Refreshes cached data for invalid users ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::find)); + &_txn, testFooCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); ASSERT_FALSE(authzSession->lookupUser(UserName("spencer", "test"))); } @@ -396,12 +402,12 @@ namespace { "roles" << BSON_ARRAY(BSON("role" << "readWrite" << "db" << "test"))), BSONObj())); - ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("spencer", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("spencer", "test"))); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::find)); + &_txn, testFooCollResource, ActionType::find)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); User* user = authzSession->lookupUser(UserName("spencer", "test")); ASSERT(user->isValid()); @@ -426,20 +432,20 @@ namespace { // document lookup to fail, the authz session should continue to use its known out-of-date // privilege data. authzManager->invalidateUserByName(user->getName()); - authzSession->startRequest(); // Refreshes cached data for invalid users + authzSession->startRequest(&_txn); // Refreshes cached data for invalid users ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::find)); + &_txn, testFooCollResource, ActionType::find)); ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); // Once we configure document lookup to succeed again, authorization checks should // observe the new values. managerState->setFindsShouldFail(false); - authzSession->startRequest(); // Refreshes cached data for invalid users + authzSession->startRequest(&_txn); // Refreshes cached data for invalid users ASSERT_TRUE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::find)); + &_txn, testFooCollResource, ActionType::find)); ASSERT_FALSE(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); } @@ -465,92 +471,92 @@ namespace { ASSERT_OK(authzManager->initialize()); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::find)); + &_txn, testFooCollResource, ActionType::find)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::collMod)); + &_txn, testFooCollResource, ActionType::collMod)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::find)); + &_txn, otherFooCollResource, ActionType::find)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::insert)); + &_txn, otherFooCollResource, ActionType::insert)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::collMod)); + &_txn, otherFooCollResource, ActionType::collMod)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - thirdFooCollResource, ActionType::find)); + &_txn, thirdFooCollResource, ActionType::find)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - thirdFooCollResource, ActionType::insert)); + &_txn, thirdFooCollResource, ActionType::insert)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - thirdFooCollResource, ActionType::collMod)); + &_txn, thirdFooCollResource, ActionType::collMod)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - adminFooCollResource, ActionType::find)); + &_txn, adminFooCollResource, ActionType::find)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - adminFooCollResource, ActionType::insert)); + &_txn, adminFooCollResource, ActionType::insert)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - adminFooCollResource, ActionType::collMod)); + &_txn, adminFooCollResource, ActionType::collMod)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), ActionType::shutdown)); + &_txn, ResourcePattern::forClusterResource(), ActionType::shutdown)); - ASSERT_OK(authzSession->addAndAuthorizeUser(UserName("andy", "test"))); + ASSERT_OK(authzSession->addAndAuthorizeUser(&_txn, UserName("andy", "test"))); User* user = authzSession->lookupUser(UserName("andy", "test")); ASSERT(UserName("andy", "test") == user->getName()); ASSERT(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::find)); + &_txn, testFooCollResource, ActionType::find)); ASSERT(authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::collMod)); + &_txn, testFooCollResource, ActionType::collMod)); ASSERT(authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::find)); + &_txn, otherFooCollResource, ActionType::find)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::insert)); + &_txn, otherFooCollResource, ActionType::insert)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::collMod)); + &_txn, otherFooCollResource, ActionType::collMod)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - thirdFooCollResource, ActionType::find)); + &_txn, thirdFooCollResource, ActionType::find)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - thirdFooCollResource, ActionType::insert)); + &_txn, thirdFooCollResource, ActionType::insert)); ASSERT(authzSession->isAuthorizedForActionsOnResource( - thirdFooCollResource, ActionType::collMod)); + &_txn, thirdFooCollResource, ActionType::collMod)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - adminFooCollResource, ActionType::find)); + &_txn, adminFooCollResource, ActionType::find)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - adminFooCollResource, ActionType::insert)); + &_txn, adminFooCollResource, ActionType::insert)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - adminFooCollResource, ActionType::collMod)); + &_txn, adminFooCollResource, ActionType::collMod)); ASSERT(authzSession->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), ActionType::shutdown)); + &_txn, ResourcePattern::forClusterResource(), ActionType::shutdown)); authzSession->logoutDatabase("test"); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::find)); + &_txn, testFooCollResource, ActionType::find)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::insert)); + &_txn, testFooCollResource, ActionType::insert)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - testFooCollResource, ActionType::collMod)); + &_txn, testFooCollResource, ActionType::collMod)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::find)); + &_txn, otherFooCollResource, ActionType::find)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::insert)); + &_txn, otherFooCollResource, ActionType::insert)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - otherFooCollResource, ActionType::collMod)); + &_txn, otherFooCollResource, ActionType::collMod)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - thirdFooCollResource, ActionType::find)); + &_txn, thirdFooCollResource, ActionType::find)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - thirdFooCollResource, ActionType::insert)); + &_txn, thirdFooCollResource, ActionType::insert)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - thirdFooCollResource, ActionType::collMod)); + &_txn, thirdFooCollResource, ActionType::collMod)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - adminFooCollResource, ActionType::find)); + &_txn, adminFooCollResource, ActionType::find)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - adminFooCollResource, ActionType::insert)); + &_txn, adminFooCollResource, ActionType::insert)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - adminFooCollResource, ActionType::collMod)); + &_txn, adminFooCollResource, ActionType::collMod)); ASSERT(!authzSession->isAuthorizedForActionsOnResource( - ResourcePattern::forClusterResource(), ActionType::shutdown)); + &_txn, ResourcePattern::forClusterResource(), ActionType::shutdown)); } } // namespace |