diff options
author | Billy Donahue <billy.donahue@mongodb.com> | 2018-04-05 16:53:12 -0400 |
---|---|---|
committer | Billy Donahue <billy.donahue@mongodb.com> | 2018-04-05 17:00:34 -0400 |
commit | 8b5a91133ea5ab272fed72b5d2ca0574899c270b (patch) | |
tree | 5dfd80a40781d1a3d0a9d8fc106795153f69f0b4 /src/mongo/db/commands.h | |
parent | bafdf4c440267d22bbf8052689fbcc4f1d0a123d (diff) | |
download | mongo-8b5a91133ea5ab272fed72b5d2ca0574899c270b.tar.gz |
SERVER-33881 move checkAuthorization to CommandInvocation
Explain commands already have a parsed _innerInvocation so they
can now use that for their auth check.
Diffstat (limited to 'src/mongo/db/commands.h')
-rw-r--r-- | src/mongo/db/commands.h | 33 |
1 files changed, 4 insertions, 29 deletions
diff --git a/src/mongo/db/commands.h b/src/mongo/db/commands.h index 3fa2181b569..b01d366d866 100644 --- a/src/mongo/db/commands.h +++ b/src/mongo/db/commands.h @@ -305,13 +305,6 @@ public: } /** - * Checks if the client associated with the given OperationContext is authorized to run this - * command. - */ - virtual Status checkAuthForRequest(OperationContext* opCtx, - const OpMsgRequest& request) const = 0; - - /** * Redacts "cmdObj" in-place to a form suitable for writing to logs. * * The default implementation does nothing. @@ -378,18 +371,6 @@ public: rpc::ReplyBuilderInterface* replyBuilder, const Command& command); - /** - * Checks to see if the client executing "opCtx" is authorized to run the given command with the - * given parameters on the given named database. - * - * Returns Status::OK() if the command is authorized. Most likely returns - * ErrorCodes::Unauthorized otherwise, but any return other than Status::OK implies not - * authorized. - */ - static Status checkAuthorization(Command* c, - OperationContext* opCtx, - const OpMsgRequest& request); - private: // Counters for how many times this command has been executed and failed Counter64 _commandsExecuted; @@ -499,8 +480,9 @@ public: * the client executing "opCtx" is authorized to run the given command * with the given parameters on the given named database. * Note: nonvirtual. + * The 'request' must outlive this CommandInvocation. */ - void checkAuthorization(OperationContext* opCtx) const; + void checkAuthorization(OperationContext* opCtx, const OpMsgRequest& request) const; protected: ResourcePattern resourcePattern() const; @@ -512,6 +494,8 @@ private: */ virtual void doCheckAuthorization(OperationContext* opCtx) const = 0; + Status _checkAuthorizationImpl(OperationContext* opCtx, const OpMsgRequest& request) const; + const Command* const _definition; }; @@ -627,15 +611,6 @@ private: // The default implementation of addRequiredPrivileges should never be hit. fassertFailed(16940); } - - // - // Methods provided for subclasses if they implement above interface. - // - - /** - * Calls checkAuthForOperation. - */ - Status checkAuthForRequest(OperationContext* opCtx, const OpMsgRequest& request) const final; }; /** |