diff options
author | Andy Schwerin <schwerin@10gen.com> | 2013-07-03 14:56:21 -0400 |
---|---|---|
committer | Andy Schwerin <schwerin@10gen.com> | 2013-07-10 13:26:13 -0400 |
commit | d430713c403fa6b065337cf7e480ed70940631ab (patch) | |
tree | 9ab7ffad94b732bfdf0589b4ccfd882990183ebe /src/mongo/db/commands.h | |
parent | 290750178aee02a006f730205068fc8cffcb7031 (diff) | |
download | mongo-d430713c403fa6b065337cf7e480ed70940631ab.tar.gz |
SERVER-1891 Consolidate command authorization checking logic.
Diffstat (limited to 'src/mongo/db/commands.h')
-rw-r--r-- | src/mongo/db/commands.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/mongo/db/commands.h b/src/mongo/db/commands.h index 5f52aa97de7..edaa185e867 100644 --- a/src/mongo/db/commands.h +++ b/src/mongo/db/commands.h @@ -197,9 +197,29 @@ namespace mongo { // Helper for setting errmsg and ok field in command result object. static void appendCommandStatus(BSONObjBuilder& result, bool ok, const std::string& errmsg); + static void appendCommandStatus(BSONObjBuilder& result, const Status& status); // Set by command line. Controls whether or not testing-only commands should be available. static int testCommandsEnabled; + + private: + /** + * Checks to see if the client is authorized to run the given command with the given + * parameters on the given named database. + * + * fromRepl is true if this command is running as part of oplog application, which for + * historic reasons has slightly different authorization semantics. TODO(schwerin): Check + * to see if this oddity can now be eliminated. + * + * Returns Status::OK() if the command is authorized. Most likely returns + * ErrorCodes::Unauthorized otherwise, but any return other than Status::OK implies not + * authorized. + */ + static Status _checkAuthorization(Command* c, + ClientBasic* client, + const std::string& dbname, + const BSONObj& cmdObj, + bool fromRepl); }; bool _runCommands(const char *ns, BSONObj& jsobj, BufBuilder &b, BSONObjBuilder& anObjBuilder, bool fromRepl, int queryOptions); |