[SERVER-25526] Merge views_authz.js into auth commands library Created: 10/Aug/16 Updated: 19/Nov/16 Resolved: 06/Sep/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Querying, Security |
| Affects Version/s: | None |
| Fix Version/s: | 3.3.14 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Kyle Suarez | Assignee: | Kyle Suarez |
| Resolution: | Done | Votes: | 0 |
| Labels: | read-only-views | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||
| Sprint: | Integration 2016-08-29, Integration 2016-09-19 | ||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Description |
|
The views_authz.js tests should be merged into the auth commands library and the file removed. However, it's currently not possible because jstests/auth/commands_builtin_roles.js runs tests with subsets of the privileges specified in individual testcases, and the views authz special cases require an exact match. We should add an expectAuthzFailExact flag for an individual testcase and update the test runner appropriately. In addition, once |
| Comments |
| Comment by Githook User [ 06/Sep/16 ] |
|
Author: {u'username': u'ksuarz', u'name': u'Kyle Suarez', u'email': u'kyle.suarez@mongodb.com'}Message: Adds test infrastructure to handle special-case behavior for views when a Also fixes |
| Comment by Kyle Suarez [ 25/Aug/16 ] |
|
We should also do a sweep of jstests/views/views_all_commands.js for this ticket and remove any lingering "TODO" comments for security-related commands. For example, we don't have to test grantPrivileges* commands for a privilege on a views resource since that is adequately tested in the auth commands lib. |