[SERVER-24771] Make queries on views return a cursor on that view Created: 23/Jun/16  Updated: 02/Sep/16  Resolved: 26/Aug/16

Status: Closed
Project: Core Server
Component/s: Querying
Affects Version/s: None
Fix Version/s: 3.3.12

Type: Improvement Priority: Major - P3
Reporter: Geert Bosch Assignee: James Wahlin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-24724 Views works with authorization Closed
Backwards Compatibility: Major Change
Sprint: Integration 18 (08/05/16), Integration 2016-08-29, Integration 2016-09-19
Participants:
Linked BF Score: 0

 Description   

Queries on views should not return a cursor on the underlying collection, as that would result in problems with getMore if clients don't use the returned name space. Moreover, this may cause problems with auth or with killCursors.



 Comments   
Comment by Githook User [ 29/Aug/16 ]

Author:

{u'username': u'jameswahlin', u'name': u'James Wahlin', u'email': u'james.wahlin@10gen.com'}

Message: SERVER-24771 Validate requested namespace in mongos listIndexes
Branch: master
https://github.com/mongodb/mongo/commit/eebde33b0019514580ab60bad1c15f4f697e59e2

Comment by Githook User [ 26/Aug/16 ]

Author:

{u'username': u'jameswahlin', u'name': u'James Wahlin', u'email': u'james.wahlin@10gen.com'}

Message: SERVER-24771 Support killCursors & mongos getMore on view namespace
Branch: master
https://github.com/mongodb/mongo/commit/a4a9a9ad29415239091db171e01f45677464f668

Comment by Githook User [ 26/Aug/16 ]

Author:

{u'username': u'jameswahlin', u'name': u'James Wahlin', u'email': u'james.wahlin@10gen.com'}

Message: SERVER-24771 Cluster pipeline command refactor
Branch: master
https://github.com/mongodb/mongo/commit/752dcf912d5e45c8614ed749e20982e69cc89813

Comment by Githook User [ 26/Aug/16 ]

Author:

{u'username': u'jameswahlin', u'name': u'James Wahlin', u'email': u'james.wahlin@10gen.com'}

Message: SERVER-24771 Add missing vector include
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/0f712c6d3804e2c74440d58b3743f4492a6d6ecf

Comment by Githook User [ 22/Aug/16 ]

Author:

{u'username': u'GeertBosch', u'name': u'Geert Bosch', u'email': u'geert@mongodb.com'}

Message: SERVER-24771 Use view namespace in cursors for aggregate/getMore
Branch: master
https://github.com/mongodb/mongo/commit/c14515630a02136b60e49c8e15e7135cf8153497

Comment by Kyle Suarez [ 17/Aug/16 ]

This should do for now:

views_authz.patch

diff --git a/jstests/auth/views_authz.js b/jstests/auth/views_authz.js
index e187dff..4a85158 100644
--- a/jstests/auth/views_authz.js
+++ b/jstests/auth/views_authz.js
@@ -26,6 +26,7 @@
               resource: {db: viewsDBName, collection: "view"},
               actions: ["find", "createCollection", "collMod"]
             },
+            {resource: {db: viewsDBName, collection: "view2"}, actions: ["find"]},
             {resource: {db: viewsDBName, collection: "permitted"}, actions: ["find"]}
         ],
         roles: []
@@ -83,4 +84,18 @@
         viewsDB.runCommand(
             {collMod: "view", viewOn: "permitted", pipeline: [{$facet: {b: [graphLookupStage]}}]}),
         ErrorCodes.Unauthorized);
+
+    // Performing a find on a readable view returns a cursor that allows us to perform a getMore
+    // even if the underlying collection is unreadable.
+    assert.eq(1, adminDB.auth("admin", "admin"));
+    assert.commandWorked(viewsDB.createView("view2", "forbidden", []));
+    for (let i = 0; i < 10; i++) {
+        assert.writeOK(viewsDB.forbidden.insert({x: 1}));
+    }
+    adminDB.logout();
+    assert.commandFailedWithCode(viewsDB.runCommand({find: "forbidden"}), ErrorCodes.Unauthorized);
+    let res = viewsDB.runCommand({find: "view2", batchSize: 1});
+    assert.commandWorked(res);
+    assert.eq(res.cursor.ns, "views_authz.view2");
+    assert.commandWorked(viewsDB.runCommand({getMore: res.cursor.id, collection: "view2"}));
 }());

Ideally, I would like this to go in the auth commands lib, but currently it cannot handle testing an actual cursor. The current expectsFail in that test code is also insufficient because it doesn't allow us to specify a specific error code, so we can't test that it doesn't fail with ErrorCodes.CommandNotSupportedOnView.

In any case, I have SERVER-25526 open, so we can add more work there.

Comment by Geert Bosch [ 17/Aug/16 ]

kyle.suarez, if you already have a test case for this (maybe as part of SERVER-24724), could you put it in this ticket?

Generated at Thu Feb 08 04:07:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.