mirror
/
mongo
mirror of https://github.com/mongodb/mongo
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mongo/jstests/auth/autocomplete_auth.js

49 lines
1.7 KiB
JavaScript
Raw Permalink Blame History

/**
* Tests that when a user who lacks the listCollections privilege types 'db.<tab>' in the shell,
* autocompletion shows the collections on which she has permissions.
*
* @tags: [
* assumes_superuser_permissions,
* assumes_write_concern_unchanged,
* creates_and_authenticates_user,
* requires_auth,
* requires_non_retryable_commands,
* ]
*/
// Get shell's global scope.
const self = this;
const testName = jsTest.name();
const conn = MongoRunner.runMongod({auth: ""});
const admin = conn.getDB("admin");
admin.createUser({user: "admin", pwd: "pass", roles: jsTest.adminUserRoles});
assert(admin.auth("admin", "pass"));
admin.getSiblingDB(testName).createRole({
role: "coachTicket",
privileges: [{resource: {db: testName, collection: "coachClass"}, actions: ["find"]}],
roles: [],
});
admin.getSiblingDB(testName).createUser({user: "coachPassenger", pwd: "password", roles: ["coachTicket"]});
const testDB = conn.getDB(testName);
testDB.coachClass.insertOne({});
testDB.businessClass.insertOne({});
// Must use 'db' to test autocompletion.
self.db = new Mongo(conn.host).getDB(testName);
assert(db.auth("coachPassenger", "password"));
const authzErrorCode = 13;
assert.commandFailedWithCode(db.runCommand({listCollections: 1}), authzErrorCode);
assert.commandWorked(db.runCommand({find: "coachClass"}));
assert.commandFailedWithCode(db.runCommand({find: "businessClass"}), authzErrorCode);
shellAutocomplete("db.");
assert(__autocomplete__.includes("db.coachClass"), `Completions should include 'coachClass': ${__autocomplete__}`);
assert(
!__autocomplete__.includes("db.businessClass"),
`Completions should NOT include 'businessClass': ${__autocomplete__}`,
);
MongoRunner.stopMongod(conn);
Reference in New Issue View Git Blame Copy Permalink