diff options
author | Andrew Shuvalov <andrew.shuvalov@mongodb.com> | 2021-02-23 17:35:28 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-03-01 16:57:23 +0000 |
commit | f30e562830d4790afbf86d03a583b9cacc30a382 (patch) | |
tree | 556b77ffcc31d32d8a1bb2b79ce739687206e01e /src/mongo/db/commands/tenant_migration_recipient_cmds.cpp | |
parent | fca01d31762e9271cb5e710901b93ec65baee3b7 (diff) | |
download | mongo-f30e562830d4790afbf86d03a583b9cacc30a382.tar.gz |
SERVER-54650: Make recipientSyncData and recipientForgetMigration require runTenantMigration action type
Diffstat (limited to 'src/mongo/db/commands/tenant_migration_recipient_cmds.cpp')
-rw-r--r-- | src/mongo/db/commands/tenant_migration_recipient_cmds.cpp | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/src/mongo/db/commands/tenant_migration_recipient_cmds.cpp b/src/mongo/db/commands/tenant_migration_recipient_cmds.cpp index d8a917e5c3d..6a26c8c9fec 100644 --- a/src/mongo/db/commands/tenant_migration_recipient_cmds.cpp +++ b/src/mongo/db/commands/tenant_migration_recipient_cmds.cpp @@ -28,6 +28,7 @@ */ #define MONGO_LOGV2_DEFAULT_COMPONENT ::mongo::logv2::LogComponent::kCommand +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/commands.h" #include "mongo/db/commands/feature_compatibility_version_parser.h" #include "mongo/db/commands/tenant_migration_donor_cmds_gen.h" @@ -128,9 +129,15 @@ public: } } - void doCheckAuthorization(OperationContext* opCtx) const {} - private: + void doCheckAuthorization(OperationContext* opCtx) const final { + uassert(ErrorCodes::Unauthorized, + "Unauthorized", + AuthorizationSession::get(opCtx->getClient()) + ->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), + ActionType::runTenantMigration)); + } + bool supportsWriteConcern() const override { return false; } @@ -204,9 +211,15 @@ public: recipientInstance->getCompletionFuture().get(opCtx); } - void doCheckAuthorization(OperationContext* opCtx) const {} - private: + void doCheckAuthorization(OperationContext* opCtx) const final { + uassert(ErrorCodes::Unauthorized, + "Unauthorized", + AuthorizationSession::get(opCtx->getClient()) + ->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), + ActionType::runTenantMigration)); + } + bool supportsWriteConcern() const override { return false; } |