SERVER-1105 Use ResourcePattern type when identifying the resource component of required privileges.

This patch has two principal components.  First, it changes the interface to Privilege and
AuthorizationSession to use ResourcePattern in place of std::string for identifying resources.
Second, it examines all call sites of the authorization session interface in commands and
other code to ensure that the correct resource requirements are conveyed to the authorization_session.

1 files changed, 6 insertions, 3 deletions

diff --git a/src/mongo/db/commands/merge_chunks_cmd.cpp b/src/mongo/db/commands/merge_chunks_cmd.cpp
index cb04edcbfa8..bddfd14d0c9 100644
--- a/src/mongo/db/commands/merge_chunks_cmd.cpp
+++ b/src/mongo/db/commands/merge_chunks_cmd.cpp
@@ -55,9 +55,12 @@ namespace mongo {
         virtual Status checkAuthForCommand( ClientBasic* client,
                                             const std::string& dbname,
                                             const BSONObj& cmdObj ) {
-            return client->getAuthorizationSession()->checkAuthForPrivilege(
-                Privilege( AuthorizationManager::CLUSTER_RESOURCE_NAME,
-                           ActionType::mergeChunks ) );
+            if (!client->getAuthorizationSession()->isAuthorizedForActionsOnResource(
+                        ResourcePattern::forClusterResource(), ActionType::mergeChunks)) {
+                return Status(ErrorCodes::Unauthorized,
+                              "Not authorized to run mergeChunks command.");
+            }
+            return Status::OK();
         }
 
         virtual bool slaveOk() const { return false; }