summaryrefslogtreecommitdiff
path: root/jstests/sharding/authmr.js
blob: e3c80f3ad5502bd81ae04d4fc29e258bf5b9ba2f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

// Verify that a user with read and write access to database "test" cannot access database "test2"
// via a mapper, reducer or finalizer.

(function() {

//
// User document declarations.  All users in this test are added to the admin database.
//

var adminUser = {
    user: "admin",
    pwd: "a",
    roles: ["readWriteAnyDatabase", "dbAdminAnyDatabase", "userAdminAnyDatabase", "clusterAdmin"]
};

var test1User = {
    user: "test",
    pwd: "a",
    roles: [{role: 'readWrite', db: 'test1', hasRole: true, canDelegate: false}]
};

function assertRemove(collection, pattern) {
    assert.commandWorked(collection.remove(pattern));
}

function assertInsert(collection, obj) {
    assert.commandWorked(collection.insert(obj));
}

var cluster =
    new ShardingTest({name: "authmr", shards: 1, mongos: 1, other: {keyFile: "jstests/libs/key1"}});

// Set up the test data.
(function() {
var adminDB = cluster.getDB('admin');
var test1DB = adminDB.getSiblingDB('test1');
var test2DB = adminDB.getSiblingDB('test2');
var ex;
try {
    adminDB.createUser(adminUser);
    assert(adminDB.auth(adminUser.user, adminUser.pwd));

    adminDB.dropUser(test1User.user);
    adminDB.createUser(test1User);

    assertInsert(test1DB.foo, {a: 1});
    assertInsert(test1DB.foo, {a: 2});
    assertInsert(test1DB.foo, {a: 3});
    assertInsert(test1DB.foo, {a: 4});
    assertInsert(test2DB.foo, {x: 1});
} finally {
    adminDB.logout();
}
}());

assert.throws(function() {
    var adminDB = cluster.getDB('admin');
    var test1DB;
    var test2DB;
    assert(adminDB.auth(test1User.user, test1User.pwd));
    try {
        test1DB = adminDB.getSiblingDB("test1");
        test2DB = adminDB.getSiblingDB("test2");

        // Sanity check.  test1User can count (read) test1, but not test2.
        assert.eq(test1DB.foo.count(), 4);
        assert.throws(test2DB.foo.count);

        test1DB.foo.mapReduce(
            function() {
                emit(0, this.a);
                var t2 = new Mongo().getDB("test2");
                t2.ad.insert(this);
            },
            function(k, vs) {
                var t2 = new Mongo().getDB("test2");
                t2.reductio.insert(this);

                return Array.sum(vs);
            },
            {
                out: "bar",
                finalize: function(k, v) {
                    for (k in this) {
                        if (this.hasOwnProperty(k))
                            print(k + "=" + v);
                    }
                    var t2 = new Mongo().getDB("test2");
                    t2.absurdum.insert({key: k, value: v});
                }
            });
    } finally {
        adminDB.logout();
    }
});

(function() {
var adminDB = cluster.getDB('admin');
assert(adminDB.auth(adminUser.user, adminUser.pwd));
try {
    var test2DB = cluster.getDB('test2');
    assert.eq(test2DB.reductio.count(), 0, "reductio");
    assert.eq(test2DB.ad.count(), 0, "ad");
    assert.eq(test2DB.absurdum.count(), 0, "absurdum");
} finally {
    adminDB.logout();
}
}());

cluster.stop();
})();
View Lorry Controller Status