SERVER-54650: Make recipientSyncData and recipientForgetMigration require runTenantMigration action type

author: Andrew Shuvalov <andrew.shuvalov@mongodb.com> 2021-02-23 17:35:28 +0000
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2021-03-01 16:57:23 +0000
commit: f30e562830d4790afbf86d03a583b9cacc30a382 (patch)
tree: 556b77ffcc31d32d8a1bb2b79ce739687206e01e /src/mongo/db/commands/tenant_migration_recipient_cmds.cpp
parent: fca01d31762e9271cb5e710901b93ec65baee3b7 (diff)
download: mongo-f30e562830d4790afbf86d03a583b9cacc30a382.tar.gz
1 files changed, 17 insertions, 4 deletions
diff --git a/src/mongo/db/commands/tenant_migration_recipient_cmds.cpp b/src/mongo/db/commands/tenant_migration_recipient_cmds.cpp
index d8a917e5c3d..6a26c8c9fec 100644
--- a/src/mongo/db/commands/tenant_migration_recipient_cmds.cpp
+++ b/src/mongo/db/commands/tenant_migration_recipient_cmds.cpp
@@ -28,6 +28,7 @@
  */
 #define MONGO_LOGV2_DEFAULT_COMPONENT ::mongo::logv2::LogComponent::kCommand
 
+#include "mongo/db/auth/authorization_session.h"
 #include "mongo/db/commands.h"
 #include "mongo/db/commands/feature_compatibility_version_parser.h"
 #include "mongo/db/commands/tenant_migration_donor_cmds_gen.h"
@@ -128,9 +129,15 @@ public:
             }
         }
 
-        void doCheckAuthorization(OperationContext* opCtx) const {}
-
     private:
+        void doCheckAuthorization(OperationContext* opCtx) const final {
+            uassert(ErrorCodes::Unauthorized,
+                    "Unauthorized",
+                    AuthorizationSession::get(opCtx->getClient())
+                        ->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
+                                                           ActionType::runTenantMigration));
+        }
+
         bool supportsWriteConcern() const override {
             return false;
         }
@@ -204,9 +211,15 @@ public:
             recipientInstance->getCompletionFuture().get(opCtx);
         }
 
-        void doCheckAuthorization(OperationContext* opCtx) const {}
-
     private:
+        void doCheckAuthorization(OperationContext* opCtx) const final {
+            uassert(ErrorCodes::Unauthorized,
+                    "Unauthorized",
+                    AuthorizationSession::get(opCtx->getClient())
+                        ->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
+                                                           ActionType::runTenantMigration));
+        }
+
         bool supportsWriteConcern() const override {
             return false;
         }
author	Andrew Shuvalov <andrew.shuvalov@mongodb.com>	2021-02-23 17:35:28 +0000
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2021-03-01 16:57:23 +0000
commit	f30e562830d4790afbf86d03a583b9cacc30a382 (patch)
tree	556b77ffcc31d32d8a1bb2b79ce739687206e01e /src/mongo/db/commands/tenant_migration_recipient_cmds.cpp
parent	fca01d31762e9271cb5e710901b93ec65baee3b7 (diff)
download	mongo-f30e562830d4790afbf86d03a583b9cacc30a382.tar.gz