SERVER-23503 Expand localhost exception to include role creation

author: Spencer Jackson <spencer.jackson@mongodb.com> 2016-04-21 18:49:20 -0400
committer: Spencer Jackson <spencer.jackson@mongodb.com> 2016-04-22 13:52:12 -0400
commit: 3e6a04652806e752c0c004fa72bc95025c3a9d54 (patch)
tree: 8426e72ec63c97cee130a71568ffabfadaaaf4a3 /src/mongo/db/commands
parent: dd7427d7acf2aac9fe7b0caa7e892fe8a856c186 (diff)
download: mongo-3e6a04652806e752c0c004fa72bc95025c3a9d54.tar.gz
1 files changed, 1 insertions, 2 deletions
diff --git a/src/mongo/db/commands/user_management_commands_common.cpp b/src/mongo/db/commands/user_management_commands_common.cpp
index 09445c5aea7..75db995d43b 100644
--- a/src/mongo/db/commands/user_management_commands_common.cpp
+++ b/src/mongo/db/commands/user_management_commands_common.cpp
@@ -204,8 +204,7 @@ Status checkAuthForCreateRoleCommand(ClientBasic* client,
         return status;
     }
 
-    if (!authzSession->isAuthorizedForActionsOnResource(
-            ResourcePattern::forDatabaseName(args.roleName.getDB()), ActionType::createRole)) {
+    if (!authzSession->isAuthorizedToCreateRole(args)) {
         return Status(ErrorCodes::Unauthorized,
                       str::stream()
                           << "Not authorized to create roles on db: " << args.roleName.getDB());
author	Spencer Jackson <spencer.jackson@mongodb.com>	2016-04-21 18:49:20 -0400
committer	Spencer Jackson <spencer.jackson@mongodb.com>	2016-04-22 13:52:12 -0400
commit	3e6a04652806e752c0c004fa72bc95025c3a9d54 (patch)
tree	8426e72ec63c97cee130a71568ffabfadaaaf4a3 /src/mongo/db/commands
parent	dd7427d7acf2aac9fe7b0caa7e892fe8a856c186 (diff)
download	mongo-3e6a04652806e752c0c004fa72bc95025c3a9d54.tar.gz