mirror of
https://github.com/mongodb/mongo.git
synced 2024-11-28 16:24:56 +01:00
112 lines
3.1 KiB
JavaScript
112 lines
3.1 KiB
JavaScript
// Verify that a user with read and write access to database "test" cannot access database "test2"
|
|
// via a mapper, reducer or finalizer.
|
|
|
|
//
|
|
// User document declarations. All users in this test are added to the admin database.
|
|
//
|
|
|
|
var adminUser = {
|
|
user: "admin",
|
|
pwd: "a",
|
|
roles: [ "readWriteAnyDatabase",
|
|
"dbAdminAnyDatabase",
|
|
"userAdminAnyDatabase",
|
|
"clusterAdmin" ]
|
|
}
|
|
|
|
var test1User = {
|
|
user: "test",
|
|
pwd: "a",
|
|
roles: [{role: 'readWrite', db: 'test1', hasRole: true, canDelegate: false}]
|
|
};
|
|
|
|
function assertRemove(collection, pattern) {
|
|
assert.writeOK(collection.remove(pattern));
|
|
}
|
|
|
|
function assertInsert(collection, obj) {
|
|
assert.writeOK(collection.insert(obj));
|
|
}
|
|
|
|
var cluster = new ShardingTest("authwhere", 1, 0, 1,
|
|
{ extraOptions: { keyFile: "jstests/libs/key1" } });
|
|
|
|
// Set up the test data.
|
|
(function() {
|
|
var adminDB = cluster.getDB('admin');
|
|
var test1DB = adminDB.getSiblingDB('test1');
|
|
var test2DB = adminDB.getSiblingDB('test2');
|
|
var ex;
|
|
try {
|
|
adminDB.createUser(adminUser)
|
|
assert(adminDB.auth(adminUser.user, adminUser.pwd));
|
|
|
|
adminDB.dropUser(test1User.user);
|
|
adminDB.createUser(test1User);
|
|
|
|
assertInsert(test1DB.foo, { a: 1 });
|
|
assertInsert(test1DB.foo, { a: 2 });
|
|
assertInsert(test1DB.foo, { a: 3 });
|
|
assertInsert(test1DB.foo, { a: 4 });
|
|
assertInsert(test2DB.foo, { x: 1 });
|
|
}
|
|
finally {
|
|
adminDB.logout();
|
|
}
|
|
}());
|
|
|
|
assert.throws(function() {
|
|
var adminDB = cluster.getDB('admin');
|
|
var test1DB;
|
|
var test2DB;
|
|
assert(adminDB.auth(test1User.user, test1User.pwd));
|
|
try {
|
|
test1DB = adminDB.getSiblingDB("test1");
|
|
test2DB = adminDB.getSiblingDB("test2");
|
|
|
|
// Sanity check. test1User can count (read) test1, but not test2.
|
|
assert.eq(test1DB.foo.count(), 4);
|
|
assert.throws(test2DB.foo.count);
|
|
|
|
test1DB.foo.mapReduce(
|
|
function () {
|
|
emit(0, this.a);
|
|
var t2 = new Mongo().getDB("test2");
|
|
t2.ad.insert(this);
|
|
},
|
|
function (k, vs) {
|
|
var t2 = new Mongo().getDB("test2");
|
|
t2.reductio.insert(this);
|
|
|
|
return Array.sum(vs);
|
|
},
|
|
{ out: "bar",
|
|
finalize: function (k, v) {
|
|
for (k in this) {
|
|
if (this.hasOwnProperty(k))
|
|
print(k + "=" + v);
|
|
}
|
|
var t2 = new Mongo().getDB("test2");
|
|
t2.absurdum.insert({ key: k, value: v });
|
|
}
|
|
});
|
|
}
|
|
finally {
|
|
adminDB.logout();
|
|
}
|
|
});
|
|
|
|
(function() {
|
|
var adminDB = cluster.getDB('admin');
|
|
assert(adminDB.auth(adminUser.user, adminUser.pwd));
|
|
try {
|
|
var test2DB = cluster.getDB('test2');
|
|
assert.eq(test2DB.reductio.count(), 0, "reductio");
|
|
assert.eq(test2DB.ad.count(), 0, "ad");
|
|
assert.eq(test2DB.absurdum.count(), 0, "absurdum");
|
|
}
|
|
finally {
|
|
adminDB.logout();
|
|
}
|
|
}());
|