diff options
| author | Sara Golemon <sara.golemon@mongodb.com> | 2022-09-26 14:56:04 -0500 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2022-10-05 15:25:09 +0000 |
| commit | 27d9725cf5272c63b412588a061e1dae0f65e682 (patch) | |
| tree | c14538f5f1c27be8995c325fef49eecaa400d9ee /src/mongo/db/commands/conn_pool_sync.cpp | |
| parent | fed2a61d2bfaaaa5183caa2d67df5b68d27e4080 (diff) | |
| download | mongo-27d9725cf5272c63b412588a061e1dae0f65e682.tar.gz | |
SERVER-70147 Migrate addRequiredPrivileges to checkAuthForOperation
Diffstat (limited to 'src/mongo/db/commands/conn_pool_sync.cpp')
| -rw-r--r-- | src/mongo/db/commands/conn_pool_sync.cpp | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/src/mongo/db/commands/conn_pool_sync.cpp b/src/mongo/db/commands/conn_pool_sync.cpp index 2111ec42931..e83a4ef41d3 100644 --- a/src/mongo/db/commands/conn_pool_sync.cpp +++ b/src/mongo/db/commands/conn_pool_sync.cpp @@ -30,6 +30,7 @@ #include "mongo/platform/basic.h" #include "mongo/client/global_conn_pool.h" +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/commands.h" namespace mongo { @@ -51,12 +52,16 @@ public: return AllowedOnSecondary::kAlways; } - void addRequiredPrivileges(const std::string& dbname, - const BSONObj& cmdObj, - std::vector<Privilege>* out) const override { - ActionSet actions; - actions.addAction(ActionType::connPoolSync); - out->push_back(Privilege(ResourcePattern::forClusterResource(), actions)); + Status checkAuthForOperation(OperationContext* opCtx, + const DatabaseName& dbName, + const BSONObj& cmdObj) const override { + auto* as = AuthorizationSession::get(opCtx->getClient()); + if (!as->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), + ActionType::connPoolSync)) { + return {ErrorCodes::Unauthorized, "unauthorized"}; + } + + return Status::OK(); } bool run(OperationContext* opCtx, |