SERVER-1105 Use ResourcePattern type when identifying the resource component of required privileges.

This patch has two principal components.  First, it changes the interface to Privilege and
AuthorizationSession to use ResourcePattern in place of std::string for identifying resources.
Second, it examines all call sites of the authorization session interface in commands and
other code to ensure that the correct resource requirements are conveyed to the authorization_session.

1 files changed, 6 insertions, 3 deletions

diff --git a/src/mongo/db/commands/cleanup_orphaned_cmd.cpp b/src/mongo/db/commands/cleanup_orphaned_cmd.cpp
index 05ad3680ffc..ced249d508b 100644
--- a/src/mongo/db/commands/cleanup_orphaned_cmd.cpp
+++ b/src/mongo/db/commands/cleanup_orphaned_cmd.cpp
@@ -159,9 +159,12 @@ namespace mongo {
         virtual Status checkAuthForCommand( ClientBasic* client,
                                             const std::string& dbname,
                                             const BSONObj& cmdObj ) {
-            return client->getAuthorizationSession()->checkAuthForPrivilege(
-                Privilege( AuthorizationManager::CLUSTER_RESOURCE_NAME,
-                           ActionType::cleanupOrphaned ) );
+            if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+                        ResourcePattern::forClusterResource(), ActionType::cleanupOrphaned)) {
+                return Status(ErrorCodes::Unauthorized,
+                              "Not authorized for cleanupOrphaned command.");
+            }
+            return Status::OK();
         }
 
         virtual LockType locktype() const { return NONE; }