diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2017-07-31 10:56:56 -0400 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2017-07-31 13:59:59 -0400 |
commit | 9096def9687739a40df79efe4e9e4d9b19215201 (patch) | |
tree | b2f47817d0899e0de7f04bc40e226e8c729d5860 /src/mongo/db/auth/authz_manager_external_state_local.cpp | |
parent | 6d9d554e24b134e9cadad7e9377c5e4634c3a6af (diff) | |
download | mongo-9096def9687739a40df79efe4e9e4d9b19215201.tar.gz |
SERVER-30434: Process authenticationRestrictions in FCV 3.4
Diffstat (limited to 'src/mongo/db/auth/authz_manager_external_state_local.cpp')
-rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_local.cpp | 23 |
1 files changed, 1 insertions, 22 deletions
diff --git a/src/mongo/db/auth/authz_manager_external_state_local.cpp b/src/mongo/db/auth/authz_manager_external_state_local.cpp index b4a37379529..c391dff44b0 100644 --- a/src/mongo/db/auth/authz_manager_external_state_local.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_local.cpp @@ -31,6 +31,7 @@ #include "mongo/db/auth/authz_manager_external_state_local.h" #include "mongo/base/status.h" +#include "mongo/bson/mutable/algorithm.h" #include "mongo/bson/mutable/document.h" #include "mongo/bson/mutable/element.h" #include "mongo/bson/util/bson_extract.h" @@ -197,21 +198,6 @@ Status AuthzManagerExternalStateLocal::getUserDescription(OperationContext* opCt resolveUserRoles(&resultDoc, directRoles); *result = resultDoc.getObject(); - const auto isNonEmptyArray = [](const BSONObj& doc, StringData element) { - const auto& e = doc[element]; - return !e.eoo() && (e.type() == Array) && !e.Obj().isEmpty(); - }; - - if ((isNonEmptyArray(*result, "authenticationRestrictions") || - isNonEmptyArray(*result, "inheritedAuthenticationRestrictions")) && - serverGlobalParams.featureCompatibility.version.load() < - ServerGlobalParams::FeatureCompatibility::Version::k36) { - // Mongos isn't able to evaluate whether documents are valid under the current - // featureCompatibilityVersion. We must make the decision before it sees them. - return Status(ErrorCodes::UnsupportedFormat, - "'authenticationRestrictions' requires 3.6 feature compatibility version"); - } - return Status::OK(); } @@ -300,13 +286,6 @@ Status AuthzManagerExternalStateLocal::_getUserDocument(OperationContext* opCtx, status = Status(ErrorCodes::UserNotFound, mongoutils::str::stream() << "Could not find user " << userName.getFullName()); - } else if ((*userDoc)["authenticationRestrictions"] && - serverGlobalParams.featureCompatibility.version.load() < - ServerGlobalParams::FeatureCompatibility::Version::k36) { - // Mongos isn't able to evaluate whether documents are valid under the current - // featureCompatibilityVersion. We must make the decision before it sees them. - status = Status(ErrorCodes::UnsupportedFormat, - "'authenticationRestrictions' requires 3.6 feature compatibility version"); } return status; } |