mirrors/mongodb
mirrors/mongodb
0
0
Fork 0
mirror of https://github.com/mongodb/mongo.git synced 2024-12-01 09:32:32 +01:00
Code Issues Releases Activity

renameCollection should only require auth on source and dest DBs, not admin SERVER-1061

Browse Source 
Still technically an admin command and requires running against admin db
This commit is contained in:
Mathias Stearn 2011-05-25 15:55:20 -04:00
parent 6bfc2d5d5f
commit 52d7736f73
2 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
db/cloner.cpp
View File

@ -613,6 +613,7 @@ namespace mongo {
virtual bool adminOnly() const { virtual bool adminOnly() const {
return true; return true;
} }
virtual bool requiresAuth() { return false; } // do our own auth
virtual bool slaveOk() const { virtual bool slaveOk() const {
return false; return false;
} }
@ -634,7 +635,7 @@ namespace mongo {
bool capped = false; bool capped = false;
long long size = 0; long long size = 0;
{ {
Client::Context ctx( source ); Client::Context ctx( source ); // auths against source
NamespaceDetails *nsd = nsdetails( source.c_str() ); NamespaceDetails *nsd = nsdetails( source.c_str() );
uassert( 10026 , "source namespace does not exist", nsd ); uassert( 10026 , "source namespace does not exist", nsd );
capped = nsd->capped; capped = nsd->capped;
@ -643,7 +644,7 @@ namespace mongo {
size += i.ext()->length; size += i.ext()->length;
} }
Client::Context ctx( target ); Client::Context ctx( target ); //auths against target
if ( nsdetails( target.c_str() ) ) { if ( nsdetails( target.c_str() ) ) {
uassert( 10027 , "target namespace exists", cmdObj["dropTarget"].trueValue() ); uassert( 10027 , "target namespace exists", cmdObj["dropTarget"].trueValue() );

39
jstests/auth/rename.js Normal file
View File

@ -0,0 +1,39 @@
// test renameCollection with auth
port = allocatePorts( 1 )[ 0 ];
baseName = "jstests_rename_auth";
m = startMongod( "--auth", "--port", port, "--dbpath", "/data/db/" + baseName, "--nohttpinterface" );
db1 = m.getDB( baseName )
db2 = m.getDB( baseName + '_other' )
// auth not yet checked since we are on localhost
db1.addUser( "foo", "bar" );
db2.addUser( "bar", "foo" );
printjson(db1.a.count());
db1.a.save({});
assert.eq(db1.a.count(), 1);
//this makes auth required on localhost
m.getDB('admin').addUser('not', 'used');
// can't run same db w/o auth
assert.commandFailed( db1.adminCommand({renameCollection:db1.a.getFullName(), to: db1.b.getFullName()}) );
// can run same db with auth
db1.auth('foo', 'bar')
assert.commandWorked( db1.adminCommand({renameCollection:db1.a.getFullName(), to: db1.b.getFullName()}) );
// can't run diff db w/o auth
assert.commandFailed( db1.adminCommand({renameCollection:db1.b.getFullName(), to: db2.a.getFullName()}) );
// can run diff db with auth
db2.auth('bar', 'foo');
assert.commandWorked( db1.adminCommand({renameCollection:db1.b.getFullName(), to: db2.a.getFullName()}) );
// test post conditions
assert.eq(db1.a.count(), 0);
assert.eq(db1.b.count(), 0);
assert.eq(db2.a.count(), 1);