diff options
author | James Wahlin <james@mongodb.com> | 2017-06-21 14:50:18 -0400 |
---|---|---|
committer | James Wahlin <james@mongodb.com> | 2017-06-30 11:20:35 -0400 |
commit | 9fb03a72fb42fa8c2880369889efbf46b85a9f08 (patch) | |
tree | 308aa27d22a3c85a134c37240ace94c3b15c053f /src/mongo/db/auth/authorization_session.h | |
parent | c4da343784a1b8b19b1b5bbbfd38899550120792 (diff) | |
download | mongo-9fb03a72fb42fa8c2880369889efbf46b85a9f08.tar.gz |
SERVER-29371 Check auth for nested $lookup pipelines
Diffstat (limited to 'src/mongo/db/auth/authorization_session.h')
-rw-r--r-- | src/mongo/db/auth/authorization_session.h | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h index bd300f2d1f7..0161523a79b 100644 --- a/src/mongo/db/auth/authorization_session.h +++ b/src/mongo/db/auth/authorization_session.h @@ -313,11 +313,18 @@ private: bool _isAuthorizedForPrivilege(const Privilege& privilege); // Helper for recursively checking for privileges in an aggregation pipeline. - void _addPrivilegesForStage(const std::string& db, - const BSONObj& cmdObj, - PrivilegeVector* requiredPrivileges, - BSONObj stageSpec, - bool haveRecursed = false); + Status _addPrivilegesForPipeline(const NamespaceString& nss, + const BSONElement& pipelineElem, + bool bypassDocumentValidation, + bool isMongos, + PrivilegeVector* requiredPrivileges); + + // Helper for recursively checking for privileges in an aggregation stage. + Status _addPrivilegesForStage(StringData db, + BSONObj stageSpec, + bool bypassDocumentValidation, + bool isMongos, + PrivilegeVector* requiredPrivileges); std::unique_ptr<AuthzSessionExternalState> _externalState; |