diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2016-07-11 13:50:21 -0400 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2016-07-29 15:51:21 -0400 |
commit | 9380a1c12a19a061eaafabb5f6b9e87f16a28179 (patch) | |
tree | 9d2dec0ecb977c7555f9d74108da3a4c68586cad /src/mongo/db/auth/authorization_session.cpp | |
parent | 3cca3da0ad890c8272f56e18f8066c472b2a25f4 (diff) | |
download | mongo-9380a1c12a19a061eaafabb5f6b9e87f16a28179.tar.gz |
SERVER-17856: Allow mongod users to currentOp and killOp own operations
Diffstat (limited to 'src/mongo/db/auth/authorization_session.cpp')
-rw-r--r-- | src/mongo/db/auth/authorization_session.cpp | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/mongo/db/auth/authorization_session.cpp b/src/mongo/db/auth/authorization_session.cpp index 890e0625bc5..8981f758fc8 100644 --- a/src/mongo/db/auth/authorization_session.cpp +++ b/src/mongo/db/auth/authorization_session.cpp @@ -624,6 +624,30 @@ void AuthorizationSession::setImpersonatedUserData(std::vector<UserName> usernam _impersonationFlag = true; } +bool AuthorizationSession::isCoauthorizedWithClient(ClientBasic* opClient) { + auto getUserNames = [](AuthorizationSession* authSession) { + if (authSession->isImpersonating()) { + return authSession->getImpersonatedUserNames(); + } else { + return authSession->getAuthenticatedUserNames(); + } + }; + + UserNameIterator it = getUserNames(this); + while (it.more()) { + UserNameIterator opIt = getUserNames(AuthorizationSession::get(opClient)); + while (opIt.more()) { + if (it.get() == opIt.get()) { + return true; + } + opIt.next(); + } + it.next(); + } + + return false; +} + UserNameIterator AuthorizationSession::getImpersonatedUserNames() { return makeUserNameIterator(_impersonatedUserNames.begin(), _impersonatedUserNames.end()); } |