SERVER-18111 Forbid most user operations against "system.profile"

Forbids user writes to "system.profile".  Notably, this also prevents
"system.profile" from being used as a source or target from
renameCollection.

Creation, drop, and capped conversion of "system.profile" remain
allowed.

(cherry picked from commit 5b80159eeb2332a5e8e79e30de27c2dd72c30a18)

1 files changed, 8 insertions, 3 deletions

diff --git a/src/mongo/db/ops/insert.h b/src/mongo/db/ops/insert.h
index cc3082c2f4b..b449bfb6301 100644
--- a/src/mongo/db/ops/insert.h
+++ b/src/mongo/db/ops/insert.h
@@ -41,12 +41,17 @@ namespace mongo {
 
 
     /**
-     * check if this is a collection _any_ user can write to
-     * does NOT to permission checking, that is elsewhere
-     * for example, can't write to foo.system.bar
+     * Returns Status::OK() if this namespace is valid for user write operations.  If not, returns
+     * an error Status.
      */
     Status userAllowedWriteNS( const StringData& db, const StringData& coll );
     Status userAllowedWriteNS( const StringData& ns );
     Status userAllowedWriteNS( const NamespaceString& ns );
 
+    /**
+     * Returns Status::OK() if the namespace described by (db, coll) is valid for user create
+     * operations.  If not, returns an error Status.
+     */
+    Status userAllowedCreateNS( const StringData& db, const StringData& coll );
+
 }