[SERVER-67596] [CQF] findAndModify/update with $where clause fails with authorization error Created: 28/Jun/22  Updated: 29/Oct/23  Resolved: 22/Sep/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 6.2.0-rc0

Type: Task Priority: Major - P3
Reporter: Nicholas Zolnierz Assignee: Hana Pearlman
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-62407 Translate find command directly to AB... Closed
Backwards Compatibility: Fully Compatible
Sprint: QO 2022-10-03
Participants:

 Description   

This bug is specific to the new optimizer Bonsai. For a test like this one, the server asserts with the following errmsg:

"Authorization Session contains more authorization checks then permitted by contract.",

After a brief investigation, the callstack looks like we're building the WhereMatchExpression which holds a JsFunction. The JsFunction loads the stored functions which reads from the system.js collection (find command) and eventually causes the assertion. It could be that the existing translation through aggregate is causing issues with auth and translating directly from the find command would fix this.



 Comments   
Comment by Githook User [ 21/Sep/22 ]

Author:

{'name': 'Hana Pearlman', 'email': 'hana.pearlman@mongodb.com', 'username': 'HanaPearlman'}

Message: SERVER-67596 SERVER-67637: Enable cqf tests fixed by find command and $project translation changes
Branch: master
https://github.com/mongodb/mongo/commit/9f6b3e3a2e25e05f46ed782ab65858e2b8b4b709

Comment by Hana Pearlman [ 26/Aug/22 ]

This is fixed by SERVER-62407, still need to remove the tests from the cqf_passthrough blocklist 

Generated at Thu Feb 08 06:08:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.