summaryrefslogtreecommitdiff
path: root/src/mongo/db/commands/user_management_commands_common.cpp
diff options
context:
space:
mode:
authorSpencer Jackson <spencer.jackson@mongodb.com>2018-04-09 21:13:08 -0400
committerSpencer Jackson <spencer.jackson@mongodb.com>2018-04-13 11:11:32 -0400
commit0f0caff9af9abc11004853477a34072b5aa8a017 (patch)
treee99d4ff84dea4463cbee8f9d8bef05256689495e /src/mongo/db/commands/user_management_commands_common.cpp
parent4f0c2f4047bdafe7a5d952a9671bf436a763c4d5 (diff)
downloadmongo-0f0caff9af9abc11004853477a34072b5aa8a017.tar.gz
SERVER-34401: Add support for {forAllDBs: true} to usersInfo
Diffstat (limited to 'src/mongo/db/commands/user_management_commands_common.cpp')
-rw-r--r--src/mongo/db/commands/user_management_commands_common.cpp9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/mongo/db/commands/user_management_commands_common.cpp b/src/mongo/db/commands/user_management_commands_common.cpp
index 97c739479fe..106bfe8c860 100644
--- a/src/mongo/db/commands/user_management_commands_common.cpp
+++ b/src/mongo/db/commands/user_management_commands_common.cpp
@@ -419,13 +419,20 @@ Status checkAuthForUsersInfoCommand(Client* client,
return status;
}
- if (args.allForDB) {
+ if (args.target == auth::UsersInfoArgs::Target::kDB) {
if (!authzSession->isAuthorizedForActionsOnResource(
ResourcePattern::forDatabaseName(dbname), ActionType::viewUser)) {
return Status(ErrorCodes::Unauthorized,
str::stream() << "Not authorized to view users from the " << dbname
<< " database");
}
+ } else if (args.target == auth::UsersInfoArgs::Target::kGlobal) {
+ if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(),
+ ActionType::viewUser)) {
+ return Status(ErrorCodes::Unauthorized,
+ str::stream() << "Not authorized to view users from all"
+ << " databases");
+ }
} else {
for (size_t i = 0; i < args.userNames.size(); ++i) {
if (authzSession->lookupUser(args.userNames[i])) {
View Lorry Controller Status