SERVER-28334 startSession command

author: Gabriel Russell <gabriel.russell@mongodb.com> 2017-06-22 15:06:55 -0400
committer: Gabriel Russell <gabriel.russell@mongodb.com> 2017-07-17 16:14:36 -0400
commit: ba8f82ff901ce971fadae87b4e45a3432248d434 (patch)
tree: 0cf29b30ff225f9bb8d9ae0dc03c9dedb4665c24 /src/mongo/db/auth/role_graph_builtin_roles.cpp
parent: 34d82ec87524545d67067b42c101fa5911763c29 (diff)
download: mongo-ba8f82ff901ce971fadae87b4e45a3432248d434.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp
index 6273f4505f5..a9ee381c277 100644
--- a/src/mongo/db/auth/role_graph_builtin_roles.cpp
+++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp
@@ -648,6 +648,11 @@ void addInternalRolePrivileges(PrivilegeVector* privileges) {
     RoleGraph::generateUniversalPrivileges(privileges);
 }
 
+void addAnyBuiltinRolePrivileges(PrivilegeVector* privileges) {
+    Privilege::addPrivilegeToPrivilegeVector(
+        privileges, Privilege(ResourcePattern::forClusterResource(), ActionType::startSession));
+}
+
 }  // namespace
 
 bool RoleGraph::addPrivilegesForBuiltinRole(const RoleName& roleName, PrivilegeVector* result) {
@@ -692,6 +697,9 @@ bool RoleGraph::addPrivilegesForBuiltinRole(const RoleName& roleName, PrivilegeV
     } else {
         return false;
     }
+
+    // One of the roles has matched, otherwise we would have returned already.
+    addAnyBuiltinRolePrivileges(result);
     return true;
 }
author	Gabriel Russell <gabriel.russell@mongodb.com>	2017-06-22 15:06:55 -0400
committer	Gabriel Russell <gabriel.russell@mongodb.com>	2017-07-17 16:14:36 -0400
commit	ba8f82ff901ce971fadae87b4e45a3432248d434 (patch)
tree	0cf29b30ff225f9bb8d9ae0dc03c9dedb4665c24 /src/mongo/db/auth/role_graph_builtin_roles.cpp
parent	34d82ec87524545d67067b42c101fa5911763c29 (diff)
download	mongo-ba8f82ff901ce971fadae87b4e45a3432248d434.tar.gz