forked from mongodb/mongo
/
mr_auth.js
77 lines (47 loc) · 2.58 KB
/
mr_auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
// MapReduce should not be able to override an existing result table if the user does not have write permission when --auth enabled. SERVER-3345
port = allocatePorts( 1 )[ 0 ];
baseName = "jstests_mr_auth";
dbName = "test";
out = baseName + "_out";
map = function(){ emit( this.x, this.y );}
red = function( k, vs ){ var s=0; for (var i=0; i<vs.length; i++) s+=vs[i]; return s;}
red2 = function( k, vs ){ return 42;}
// make sure writing is allowed when started without --auth enabled
dbms = startMongod( "--port", port, "--dbpath", "/data/db/" + baseName, "--nohttpinterface", "--bind_ip", "127.0.0.1" );
db = dbms.getDB( dbName );
t = db[ baseName ];
for( var i = 0; i < 1000; i++) t.insert( {_id:i, x:i%10, y:i%100} );
assert.eq( 1000, t.count(), "inserts failed" );
db.system.users.remove( {} );
db.addUser( "write" , "write" );
db.addUser( "read" , "read", true );
db.getSisterDB( "admin" ).addUser( "admin", "admin" );
t.mapReduce( map, red, {out: { inline: 1 }} )
t.mapReduce( map, red, {out: { replace: out }} )
t.mapReduce( map, red, {out: { reduce: out }} )
t.mapReduce( map, red, {out: { merge: out }} )
db[ out ].drop();
stopMongod( port );
// In --auth mode, read-only user should not be able to output to existing collection
dbms = startMongodNoReset( "--auth", "--port", port, "--dbpath", "/data/db/" + baseName, "--nohttpinterface", "--bind_ip", "127.0.0.1" );
db = dbms.getDB( dbName );
t = db[ baseName ];
assert.throws( function() { t.findOne() }, [], "read without login" );
assert.throws( function(){ t.mapReduce( map, red, {out: { inline: 1 }} ) }, [], "m/r without login" );
db.auth( "read", "read" );
t.findOne()
t.mapReduce( map, red, {out: { inline: 1 }} )
t.mapReduce( map, red, {out: { replace: out }} )
docs = db[ out ].find().toArray();
assert.throws( function(){ t.mapReduce( map, red2, {out: { replace: out }} ) }, [], "read-only user shouldn't be able to output m/r to existing collection (created by previous m/r)" );
assert.throws( function(){ t.mapReduce( map, red2, {out: { reduce: out }} ) }, [], "read-only user shouldn't be able to output m/r to existing collection (created by previous m/r)" );
docs2 = db[ out ].find().toArray();
assert.eq (docs, docs2, "output collection updated even though exception was raised");
db.logout();
assert.throws( function(){ t.mapReduce( map, red, {out: { replace: out }} ) }, [], "m/r without login" );
db.auth( "write", "write" )
t.mapReduce( map, red, {out: { inline: 1 }} )
t.mapReduce( map, red, {out: { replace: out }} )
t.mapReduce( map, red, {out: { reduce: out }} )
t.mapReduce( map, red, {out: { merge: out }} )
stopMongod( port );