SERVER-29371 Check auth for nested $lookup pipelines

1 files changed, 12 insertions, 5 deletions

diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h
index bd300f2d1f7..0161523a79b 100644
--- a/src/mongo/db/auth/authorization_session.h
+++ b/src/mongo/db/auth/authorization_session.h
@@ -313,11 +313,18 @@ private:
     bool _isAuthorizedForPrivilege(const Privilege& privilege);
 
     // Helper for recursively checking for privileges in an aggregation pipeline.
-    void _addPrivilegesForStage(const std::string& db,
-                                const BSONObj& cmdObj,
-                                PrivilegeVector* requiredPrivileges,
-                                BSONObj stageSpec,
-                                bool haveRecursed = false);
+    Status _addPrivilegesForPipeline(const NamespaceString& nss,
+                                     const BSONElement& pipelineElem,
+                                     bool bypassDocumentValidation,
+                                     bool isMongos,
+                                     PrivilegeVector* requiredPrivileges);
+
+    // Helper for recursively checking for privileges in an aggregation stage.
+    Status _addPrivilegesForStage(StringData db,
+                                  BSONObj stageSpec,
+                                  bool bypassDocumentValidation,
+                                  bool isMongos,
+                                  PrivilegeVector* requiredPrivileges);
 
     std::unique_ptr<AuthzSessionExternalState> _externalState;