diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2018-04-09 21:13:08 -0400 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2018-04-13 11:11:32 -0400 |
commit | 0f0caff9af9abc11004853477a34072b5aa8a017 (patch) | |
tree | e99d4ff84dea4463cbee8f9d8bef05256689495e /src/mongo/db/commands/user_management_commands_common.cpp | |
parent | 4f0c2f4047bdafe7a5d952a9671bf436a763c4d5 (diff) | |
download | mongo-0f0caff9af9abc11004853477a34072b5aa8a017.tar.gz |
SERVER-34401: Add support for {forAllDBs: true} to usersInfo
Diffstat (limited to 'src/mongo/db/commands/user_management_commands_common.cpp')
-rw-r--r-- | src/mongo/db/commands/user_management_commands_common.cpp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/mongo/db/commands/user_management_commands_common.cpp b/src/mongo/db/commands/user_management_commands_common.cpp index 97c739479fe..106bfe8c860 100644 --- a/src/mongo/db/commands/user_management_commands_common.cpp +++ b/src/mongo/db/commands/user_management_commands_common.cpp @@ -419,13 +419,20 @@ Status checkAuthForUsersInfoCommand(Client* client, return status; } - if (args.allForDB) { + if (args.target == auth::UsersInfoArgs::Target::kDB) { if (!authzSession->isAuthorizedForActionsOnResource( ResourcePattern::forDatabaseName(dbname), ActionType::viewUser)) { return Status(ErrorCodes::Unauthorized, str::stream() << "Not authorized to view users from the " << dbname << " database"); } + } else if (args.target == auth::UsersInfoArgs::Target::kGlobal) { + if (!authzSession->isAuthorizedForActionsOnResource(ResourcePattern::forClusterResource(), + ActionType::viewUser)) { + return Status(ErrorCodes::Unauthorized, + str::stream() << "Not authorized to view users from all" + << " databases"); + } } else { for (size_t i = 0; i < args.userNames.size(); ++i) { if (authzSession->lookupUser(args.userNames[i])) { |